{"id":4677,"date":"2026-03-01T13:38:52","date_gmt":"2026-03-01T13:38:52","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2026\/03\/01\/ai-accelerates-attacker-breakout-time-to-just-four-minutes\/"},"modified":"2026-03-01T13:38:52","modified_gmt":"2026-03-01T13:38:52","slug":"ai-accelerates-attacker-breakout-time-to-just-four-minutes","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2026\/03\/01\/ai-accelerates-attacker-breakout-time-to-just-four-minutes\/","title":{"rendered":"AI Accelerates Attacker Breakout Time to Just Four Minutes"},"content":{"rendered":"<div>\n<p><img decoding=\"async\" src=\"https:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/ea721ff9-8ba4-4d88-b386-57e9e1606077.jpg?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Phil Muncaster\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>AI is helping threat actors to accelerate attacks, but it can also empower incident responders to quickly contain threats, ReliaQuest has claimed in a new report.<\/p>\n<p>The firm&#8217;s\u00a0<em>Annual Cyber-Threat Report 2026 <\/em>is based on an analysis of customer incidents.<\/p>\n<p>It found that breakout time last year took on average just 34 minutes;\u00a029% quicker than in 2024. The fastest ever recorded time taken from access to lateral movement was just four minutes \u2013 85% faster than the year before.<\/p>\n<p>The fastest recorded exfiltration time was just six minutes; down from 4 hours 29 minutes in 2024.<\/p>\n<p>ReliaQuest said these stats can be explained by the growing use of automation and AI, with 80% of ransomware groups using one or both in their attacks last year.<\/p>\n<p>AI is also being used prior to attacks, the report claimed. It can help threat actors with reconnaissance by automating the analysis of social media profiles, corporate websites\u00a0and public data sources in order to identify high-value targets and draft convincing social engineering scripts.<\/p>\n<p><em>Read more on AI-driven threats: Automation and Vulnerability Exploitation Drive Mass Ransomware Breaches.<\/em><\/p>\n<p>Elsewhere, the report revealed that a quarter of attacks used social engineering for initial access last year, with ClickFix responsible for delivering most (59%) of the top malware families.<\/p>\n<p>The social engineering technique is also the reason why drive-by-compromise is now the top initial access technique, just ahead of phishing.<\/p>\n<h2><strong>Common Security Failures<\/strong><\/h2>\n<p>ReliaQuest also revealed why many incident responders are struggling to match the speed and sophistication of modern threat groups. The most common security control failures it found in 2025 were:<\/p>\n<ul>\n<li>Insufficient\u202f logging\u202fwhich allows attacks to go undetected<\/li>\n<li>Unmanaged devices\u202fwithout security controls like endpoint protection or monitoring agents<\/li>\n<li>Insecure VPNs lacking MFA or device-based certificates, which allow attackers to exploit stolen credentials<\/li>\n<li>External exposure\u202fvia vulnerabilities in internet-facing devices<\/li>\n<li>Helpdesk procedural flaws\u202fwhich make organizations easy targets for social engineering attacks<\/li>\n<li>Poor password policy and controls such as weak, reused, or poorly rotated passwords, and gaps in MFA and local admin password management, enabling quick privileged access and lateral movement<\/li>\n<li>Overprivileged and misconfigured cloud accounts, enabling access to these environments<\/li>\n<\/ul>\n<h2><strong>Fighting AI with AI<\/strong><\/h2>\n<p>Mike McPherson, SVP of GreyMatter Operations at\u00a0ReliaQuest, said AI and automation have \u201cchanged the game\u201d in cybersecurity \u2013 for attackers and defenders.<\/p>\n<p>\u201cThankfully defenders can outperform adversaries with agentic AI and achieve an average containment time of four minutes. This speed is essential to rival the breakout times observed this year \u2013 a race that manual response, at 16 hours on average without automation, cannot win,\u201d he continued.<\/p>\n<p>\u201cAgentic AI enables organizations to move to predictive security \u2013 by analyzing vast datasets of rich threat intelligence, agents can adapt this intel to a customer\u2019s unique environment and close gaps before a threat actor may attack.\u201d<\/p>\n<p>ReliaQuest urged network defenders to ensure all devices and access paths are visible to their security operations (SecOps) teams \u2013 especially edge devices. It added that they must continuously manage risk across the external attack surface by maintaining a current inventory of assets and remediating any new exposures.<\/p>\n<p>Finally, CISOs should strengthen identity controls, with high-assurance verification for helpdesk resets and identity changes, minimal standing privileges, and phishing-resistant privileged access.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>AI is helping threat actors to accelerate attacks, but it can also empower incident responders to quickly contain threats, ReliaQuest has claimed in a new report. The firm&#8217;s\u00a0Annual Cyber-Threat Report 2026 is based on an analysis of customer incidents. It found that breakout time last year took on average just 34 minutes;\u00a029% quicker than in<\/p>\n","protected":false},"author":2,"featured_media":4678,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4677","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4677-0f018427-1810-489a-b643-a2ba305312cb.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4677-0f018427-1810-489a-b643-a2ba305312cb-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4677-0f018427-1810-489a-b643-a2ba305312cb.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4677-0f018427-1810-489a-b643-a2ba305312cb.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4677-0f018427-1810-489a-b643-a2ba305312cb.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4677-0f018427-1810-489a-b643-a2ba305312cb.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4677-0f018427-1810-489a-b643-a2ba305312cb.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4677-0f018427-1810-489a-b643-a2ba305312cb.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4677-0f018427-1810-489a-b643-a2ba305312cb.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4677-0f018427-1810-489a-b643-a2ba305312cb.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4677-0f018427-1810-489a-b643-a2ba305312cb-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=4677"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4677\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/4678"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=4677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=4677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=4677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}