Is AI actually reshaping the cyber risk landscape, or is the constant drumbeat of hype drowning out real, more substantial, real-world dangers? According to Picus Labs ‘ which analyzed over one million malware tests, there’s been no major surge, thus far, in AI-driven problems. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a larger and larger role, the latest data suggests that a set of well-known tactics, techniques, and procedures ( TTPs ) are still dominating the field.
Although artificial intelligence has been the subject of a lot of media attention lately, the real-world information provides a much more complex view of which malware threats are flourishing and why. What are the most crucial observations and changes in cybersecurity groups ‘ response to the most successful adversarial campaigns this year, as well as what steps must they take to prepare for them.
Why is the Artificial enthusiasm falling behind, at least for the moment?
While stories are trumpeting AI as the one-size-fits-all new secret weapon for scammers, the figures —again, but far—are telling a very different story. In fact, Picus Labs discovered no significant increase in AI-based techniques in 2024 after looking through the information. Well, adversaries have started using AI for productivity gains, such as writing more trustworthy phishing emails or writing/debugging malicious code, but they haven’t yet used its transformative power in the vast majority of their assaults. In truth, the Red Report 2025 data demonstrates that using tried-and-true TTPs may also block the majority of assaults.
Instead of focusing on the potential impact of AI, surveillance teams really emphasize identifying and closing critical gaps in their threats. — Picus Red Report 2025
Credential Theft Spikes More Than 3X ( 8 % → 25 % )
Attackers are increasingly targeting login shops, browser-stored qualifications, and cached passwords, leveraging stolen secrets to intensify privileges and spread within systems. This twofold increase emphasizes the urgent need for continuous, robust credential management as well as proactive threat detection.
Modern infostealer malware orchestrates multi-stage type heists blending cunning, technology, and persistence. With reasonable processes cloaking harmful operations and real day-to-day network traffic hiding wicked data uploads, bad actors may exfiltrate data right under your security team’s legendary nose, no Hollywood-style” smash-and-grab” needed. Consider it to be the modern relative of a masterfully staged crime. Just the criminals don’t fruit out in a getaway vehicle, they lurk softly, awaiting your future misstep or opening.
93 % of Malware Uses at Least One Top 10 MITRE ATT&, CK Technique
Despite the wide MITRE ATT&, CK® construction, most opponents stick to a core set of TTPs. The following eavesdropping and stealth techniques, which were included in the Top 10 ATT& and CK techniques, continue to be most popular:
The combined impact? Legitimate-seeming processes collect and transmit data over commonly used network channels using genuine tools. Not surprisingly, these techniques can be difficult to detect through signature-based methods only. However, using behavioural analysis, especially when several techniques are used to screen and correlate data along, makes it much easier to spot anomalies. Security teams should concentrate on identifying harmful activity that is essentially unrelated to regular network traffic.
Back to Basics for a Better Defense
Today’s threats generally chain collectively numerous assault stages to penetrate, persist, and exfiltrate. By the time one action is identified, adversaries may already have moved on to the next. So, while the threat landscape is certainly superior, the silver lining uncovered in the Red Report 2025 is quite simple: most current malicious activity actually revolves around a small set of attack techniques. Organizations can rest assured that they can ignore the tsunami of AI hype for now and instead concentrate on the threats that are actually threatening them right now by doubling down on contemporary cyber security fundamentals like rigorous credential protection, advanced threat detection, and continuous security validation.
Ready to Improve Your Defenses and Breakthrough the AI Hype?
While the headlines are fixated on AI, Picus Security, the pioneer of Breach and Attack Simulation ( BAS ) since 2013, is intently focused on the methods and techniques attackers are actually using: tried-and-true TTPs. The Picus Security Validation Platform continuously evaluates and strengthens organizations ‘ defenses, focusing on fundamental issues like rapid threat detection and credential protection.
Ready to see the difference for yourself? To learn how to defuse the hype and repel real threats, visit picussecurity .com or download the Picus Red Report 2025.
Note: , co-founder of Picus Security and vice president of Picus Labs, wrote this article. We practice simulation and strengthening organizations ‘ defenses every day.