Is artificial intelligence truly revolutionizing the cyber threat landscape, or is the constant hype surrounding it overshadowing more significant, real-world dangers? According to the findings of Picus Labs’ Red Report 2025, which analyzed over one million malware samples, there has been no substantial increase in AI-driven attacks to date. While adversaries are certainly continuing to innovate, and AI will inevitably play a more significant role in the future, the latest data suggests that well-established tactics, techniques, and procedures (TTPs) remain the dominant force in the field.
The hype surrounding artificial intelligence has been dominating media headlines; however, the real-world data presents a more nuanced picture of the thriving malware threats and the reasons behind them. Here’s an overview of the most critical findings and trends shaping the most deployed adversarial campaigns this year, as well as the steps cybersecurity teams need to take to respond to them.
The AI Hype: Separating Fact from Fiction
While headlines proclaim AI as the new secret weapon for cybercriminals, the statistics tell a different story. In fact, after analyzing the data, Picus Labs found no significant surge in AI-based tactics in 2024. Adversaries have started leveraging AI to gain efficiency, such as crafting more credible phishing emails or creating and debugging malicious code, but they have not yet tapped into AI’s transformative power in the majority of their attacks. The data from the Red Report 2025 reveals that focusing on established TTPs can still thwart most attacks.
“Security teams should prioritize identifying and addressing critical gaps in their defenses rather than fixating on the potential influence of AI.” — Picus Red Report 2025
Credential Theft: A Growing Concern
Attackers are increasingly targeting password stores, browser-stored credentials, and cached logins, utilizing stolen keys to escalate privileges and spread within networks. This threefold increase underscores the urgent need for robust credential management and proactive threat detection.
Modern infostealer malware orchestrates complex, multi-stage attacks that blend stealth, automation, and persistence. By cloaking malicious operations in legitimate processes and hiding nefarious data uploads in everyday network traffic, bad actors can exfiltrate data without detection. This is equivalent to a perfectly choreographed digital burglary, where the criminals lurk silently, awaiting the next misstep or vulnerability.
MITRE ATT&CK Techniques: The Usual Suspects
Despite the extensive MITRE ATT&CK framework, most adversaries rely on a core set of TTPs. Among the Top 10 ATT&CK techniques provided in the Red Report, the following exfiltration and stealth techniques remain the most used:
The combined effect is that legitimate-seeming processes use legitimate tools to collect and transmit data over widely used network channels. These techniques can be challenging to detect using signature-based methods alone. However, behavioral analysis, particularly when multiple techniques are used to monitor and correlate data, makes it easier to spot anomalies. Security teams need to focus on identifying malicious activity that appears indistinguishable from normal network traffic.
Back to Basics: A Better Defense
Today’s threats often involve multiple attack stages to infiltrate, persist, and exfiltrate. By the time one step is identified, attackers may have already moved on to the next. While the threat landscape is undoubtedly sophisticated, the findings in the Red Report 2025 reveal a more straightforward truth: most current malicious activity revolves around a small set of attack techniques. By focusing on modern cybersecurity fundamentals, such as rigorous credential protection, advanced threat detection, and continuous security validation, organizations can confidently ignore the AI hype and focus on confronting the real threats targeting them today.
Cutting Through the Hype: Strengthening Your Defenses
While the headlines are fixated on AI, Picus Security, the pioneer of Breach and Attack Simulation (BAS) since 2013, is focused on the methods and techniques attackers are actually using: tried-and-true TTPs. The Picus Security Validation Platform continuously assesses and fortifies organizations’ defenses, emphasizing fundamentals like credential protection and rapid threat detection.
Ready to see the difference for yourself? Download the Picus Red Report 2025 or visit picussecurity.com to learn how to tune out the hype and keep real threats at bay.
Note: This article was written by Dr. Suleyman Ozarslan, co-founder of Picus Security and VP of Picus Labs, where simulating cyber threats and strengthening organizations’ defenses are what we do every day.
