Is AI actually reshaping the cyber menace panorama, or is the fixed drumbeat of hype drowning out precise, extra tangible, real-world risks? In accordance with Picus Labs’ Pink Report 2025 which analyzed over a million malware samples, there’s been no vital surge, thus far, in AI-driven assaults. Sure, adversaries are positively persevering with to innovate, and whereas AI will definitely begin taking part in a bigger and bigger function, the most recent information suggests {that a} set of well-known techniques, methods, and procedures (TTPs) are nonetheless dominating the sector.
The hype round synthetic intelligence has definitely been dominating media headlines; but the real-world information paints a much more nuanced image of which malware threats are thriving, and why. This is a glimpse on the most important findings and developments shaping the yr’s most deployed adversarial campaigns and what steps cybersecurity groups have to take to answer them.
Why the AI Hype is Falling Brief…at Least For Now
Whereas headlines are trumpeting AI because the one-size-fits-all new secret weapon for cybercriminals, the statistics—once more, thus far—are telling a really completely different story. In actual fact, after poring over the info, Picus Labs discovered no significant upswing in AI-based techniques in 2024. Sure, adversaries have began incorporating AI for effectivity positive factors, corresponding to crafting extra credible phishing emails or creating/ debugging malicious code, however they have not but tapped AI’s transformational energy within the overwhelming majority of their assaults thus far. In actual fact, the info from the Pink Report 2025 reveals that you could nonetheless thwart the vast majority of assaults by specializing in tried-and-true TTPs.
“Safety groups ought to prioritize figuring out and addressing important gaps of their defenses, moderately than fixating on the potential affect of AI.” — Picus Pink Report 2025
Credential Theft Spikes Extra Than 3X (8% → 25%)
Attackers are more and more concentrating on password shops, browser-stored credentials, and cached logins, leveraging stolen keys to escalate privileges and unfold inside networks. This threefold bounce underscores the pressing want for ongoing and strong credential administration mixed with proactive menace detection.
Fashionable infostealer malware orchestrates multi-stage model heists mixing stealth, automation, and persistence. With respectable processes cloaking malicious operations and precise day-to-day community visitors hiding nefarious information uploads, unhealthy actors can exfiltrate information proper below your security group’s proverbial nostril, no Hollywood-style “smash-and-grab” wanted. Consider it because the digital equal of a wonderfully choreographed housebreaking. Solely the criminals do not peel out in a getaway automotive; they lurk silently, awaiting your subsequent misstep or opening.
93% of Malware Makes use of at Least One Prime 10 MITRE ATT&CK Method
Regardless of the expansive MITRE ATT&CK® framework, most adversaries stick with a core set of TTPs. Among the many Prime 10 ATT&CK methods offered within the Pink Report, the next exfiltration and stealth methods stay essentially the most used:
The mixed impact? Reputable-seeming processes use respectable instruments to gather and transmit information over extensively used community channels. Not surprisingly, these methods might be tough to detect via signature-based strategies alone. Nevertheless, utilizing behavioral evaluation, notably when a number of methods are used to observe and correlate information collectively, makes it far simpler to identify anomalies. Safety groups have to concentrate on on the lookout for malicious exercise that seems just about indistinguishable from regular community visitors.
Again to Fundamentals for a Higher Protection
At present’s threats typically chain collectively quite a few assault levels to infiltrate, persist, and exfiltrate. By the point one step is recognized, attackers could have already got moved on to the subsequent. So, whereas the menace panorama is undeniably subtle, the silver lining uncovered within the Pink Report 2025 is moderately easy: most present malicious exercise truly revolves round a small set of assault methods. By doubling down on trendy cyber security fundamentals, corresponding to rigorous credential safety, superior menace detection, and steady security validation, organizations can confidently ignore the tsunami of AI hype for now and focus as an alternative on confronting the threats which are truly concentrating on them at present.

Able to Reduce By way of the AI Hype and Strengthen Your Defenses?
Whereas the headlines are fixated on AI, Picus Safety, the pioneer of Breach and Attack Simulation (BAS) since 2013, is intently centered on the strategies and methods attackers are literally utilizing: tried-and-true TTPs. The Picus Safety Validation Platform constantly assesses and fortifies organizations’ defenses, emphasizing fundamentals like credential safety and speedy menace detection.
Able to see the distinction for your self? Obtain the Picus Pink Report 2025 or go to picussecurity.com to learn to tune out the hype and hold actual threats at bay.
Be aware: This text was written by Dr. Suleyman Ozarslan, co-founder of Picus Safety and VP of Picus Labs, the place simulating cyber threats and strengthening organizations’ defenses are what we do each day.