ReliaQuest, the leader in agentic AI security operations, released its 2026 Annual Threat Report, which shows threat actors utilizing AI and automation tools can now achieve lateral movement within an organization in as little as 4 minutes – 85% faster than last year. On average this process takes just 34 minutes, 29% quicker than the 48 minutes recorded in 2024. But leveraging AI and automation, organizations can contain threats within 4 minutes versus up to 16 hours with manual efforts.
Also Read: CIO Influence Interview With Jake Mosey, Chief Product Officer at Recast
Criminals are also able to exfiltrate data much quicker. The quickest attack in 2025 took just 6 minutes versus over 4 hours in 2024. Again, automation and AI are critical, with ReliaQuest finding 80% of ransomware groups it analyzed using either or both in their attacks. The fastest attacks are now fully automated, with attackers using scripts and legitimate tools to rapidly exfiltrate data at machine speed.
Attackers are also leveraging AI to accelerate the reconnaissance phase, automating the analysis of social media profiles, corporate websites, and public data sources to quickly identify high-value targets and draft convincing social engineering scripts, reducing days of manual research into hours or minutes.
‘BoaLoader’ malware reflects the first major convergence of AI-assisted development, social engineering, and traditional cybercrime. Despite only emerging in the latter part of the year, it was a factor in nearly 20% of all incidents observed by ReliaQuest in the calendar year. This rapidly growing threat effectively renders traditional trust models obsolete and uses Large Language Models (LLM) to produce clean, structured, and ‘legitimate looking’ JavaScript which can masquerade as functional software—such as ‘PDF Editors’ or ‘Recipe Listers’ to build long-term user trust and enable it to persist on a network for months. Once executed, it then compromises email gateways, sandboxes, and some endpoint detections.
“AI and automation have changed the game in cybersecurity, allowing threat actors to move faster than any human alone can combat,” said Mike McPherson, Senior Vice President of GreyMatter Operations at ReliaQuest. “Thankfully defenders can outperform adversaries with Agentic AI and achieve an average containment time of four minutes. This speed is essential to rival the breakout times observed this year—a race that manual response, at up to 16 hours on average without automation, cannot win. Agentic AI enables organizations to move to predictive security – by analyzing vast datasets of rich threat intelligence, agents can adapt this intel to a customer’s unique environment and close gaps before a threat actor may attack.”
Catch more CIO Insights: Why CIOs are becoming chief risk orchestrators?
[To share your insights with us, please write to psen@itechseries.com ]
