Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In January 2025, China-based AI startup DeepSeek (深度求索) released DeepSeek-R1, a high-quality large language model (LLM) that allegedly cost much less to develop and operate than Western competitors’ alternatives. CrowdStrike Counter Adversary Operations conducted independent tests on DeepSeek-R1 and confirmed that in many cases, it could provide coding output of quality comparable to other market-leading LLMs of the time.

Cross-domain attacks exemplify adversaries’ drive for speed and stealth. In these attacks, threat actors navigate multiple domains such as endpoint, cloud, and identity systems to maximize their reach and impact. Their goal is to exploit the weaknesses in organizations’ fast-growing and complex environments.

Anthropic's Threat Intelligence team recently uncovered and disrupted a sophisticated nation-state operation that weaponized Claude’s agentic capabilities and the Model Context Protocol (MCP) to orchestrate automated cyberattacks simultaneously against multiple targets worldwide. This AI-powered attack automated reconnaissance, vulnerability exploitation, lateral movement, and more across multiple victim environments at unprecedented scale and speed.

AI has collapsed the vulnerability exploit lifecycle. Adversaries now discover, weaponize, and exploit exposures across hybrid environments in minutes — chaining together misconfigurations, unpatched systems, and stolen credentials to gain rapid access and move laterally across environments. For defenders, the speed of the adversary changes everything.

CrowdStrike has been named the Overall Leader in the 2025 KuppingerCole Leadership Compass for Identity Threat Detection and Response (ITDR), positioned furthest to the right. This validates our ongoing mission to secure every identity — human, non-human, and AI agent. We are recognized as a Leader across all key categories: Product, Innovation, Market, and Overall Ranking.

Most exposure reporting is still slow, error-prone, and disconnected from reality. Analysts spend hours collecting and formatting data using different tools that produce conflicting priorities. Reports are bloated with raw CVE lists that lack context and rarely connect to business impact. They are often delayed, arriving after the adversaries have moved. While teams struggle with outdated reports, adversaries are seeking new ways to gain initial access.