Is AI actually reshaping the cyber risk landscape, or is the constant drumbeat of hype drowning out real, more substantial, real-world dangers? According to Picus Labs ‘ which analyzed over one million malware tests, there’s been no major surge, thus far, in AI-driven problems. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a larger and larger role, the latest data suggests that a set of well-known tactics, techniques, and procedures ( TTPs ) are still dominating the field.
Although artificial intelligence has been the subject of a lot of media attention lately, real-world information provides a much more complex view of which malware risks are thriving and why. What are the most crucial findings and trends in shaping the week’s most successful adversarial campaigns and what steps must safety teams take to prepare for them?
Why, at least for the moment, the AI enthusiasm is failing?
While stories are trumpeting AI as the one-size-fits-all new secret weapon for scammers, the figures —again, but far—are telling a very different story. In fact, Picus Labs discovered no significant increase in AI-based approaches in 2024 after poring over the data. Indeed, opponents have started using AI for efficiency benefits, such as writing more trustworthy phishing emails or writing/debugging malicious code, but they haven’t yet used AI’s transformative energy in the vast majority of their assaults. In reality, the Red Report 2025 data demonstrates that you can also block the majority of assaults by focusing on proven TTPs.
Instead of focusing on the potential impact of AI, safety team really emphasize identifying and closing critical gaps in their threats. — Picus Red Report 2025
Credential Theft Spikes More Than 3X ( 8 % → 25 % )
Attackers are increasingly targeting password shops, browser-stored qualifications, and cached passwords, leveraging stolen secrets to intensify privileges and spread within systems. This triple jump highlights the urgent need for strategic threat detection and continued, robust credential management.
Modern infostealer malware orchestrates multi-stage type heists blending cunning, technology, and persistence. With reasonable processes cloaking harmful operations and real day-to-day network traffic hiding wicked data uploads, bad actors may exfiltrate data right under your security team’s legendary nose, no Hollywood-style” smash-and-grab” needed. Consider it to be the modern relative of a masterfully staged crime. Just the criminals don’t fruit out in a getaway vehicle, they lurk softly, awaiting your future misstep or opening.
93 % of Malware Uses at Least One Top 10 MITRE ATT&, CK Technique
Despite the wide MITRE ATT&, CK® construction, most opponents stick to a core set of TTPs. The following eavesdropping and cunning techniques continue to be the most popular among the Top 10 ATT& and CK techniques listed in the Red Report:
The combined influence? Legitimate-seeming processes collect and transmit data over commonly used network channels using genuine tools. Not surprisingly, these techniques can be difficult to find through signature-based methods only. However, using cognitive analysis, especially when several techniques are used to screen and correlate data up, makes it much easier to spot anomalies. Security teams must concentrate on identifying harmful activity that is essentially indistinguishable from regular network traffic.
Back to Basics for a Better Defense
Today’s threats generally chain collectively numerous assault stages to penetrate, persist, and exfiltrate. By the time one action is identified, attackers may already have moved on to the next. So, while the threat landscape is certainly superior, the silver lining uncovered in the Red Report 2025 is quite simple: most present malicious activity actually revolves around a small set of attack techniques. Organizations can rest assuredly ignore the tsunami of AI hype for now and instead concentrate on confronting the threats that are actually threatening them right now by doubling down on contemporary cyber security fundamentals like rigorous credential protection, advanced threat detection, and continuous security validation.
Ready to Break Free of AI Fear and Strengthen Your Defenses?
While the headlines are fixated on AI, Picus Security, the pioneer of Breach and Attack Simulation ( BAS ) since 2013, is intently focused on the methods and techniques attackers are actually using: tried-and-true TTPs. The Picus Security Validation Platform continuously evaluates and strengthens organizations ‘ defenses, focusing on fundamental issues like credential protection and rapid threat detection.
Ready to see the difference for yourself? or visit picussecurity .com to learn how to defuse the hype and repel real threats.
Note: , co-founder of Picus Security and vice president of Picus Labs, wrote this article. We practice simulation and strengthening organizations ‘ defenses every day.