Cybersecurity has entered a new phase where speed outpaces human response, trust is weaponised, and artificial intelligence amplifies both offence and defence. According to insights from CrowdStrike’s Global Threat Report and partner briefing, 2026 truly is the Year of the Evasive Adversary.
We’re breaking down what these evolving threats mean for Australian organisations and the ways you can reduce your risk, improve visibility, and respond faster in an environment where traditional controls alone are no longer enough.
AI is an Accelerator, not a Game‑Changer
AI hasn’t changed what adversaries want but it has changed how quickly and cheaply they can operate. Attackers now use AI to scale social engineering, generate phishing content in multiple languages, create realistic fake personas, and automate reconnaissance and malware development.
The biggest impact is seen in social engineering. Deepfake audio, video, and AI-generated websites are making phishing, vishing, and disinformation campaigns more convincing and harder to detect.
AI has been leveraged to enhance propaganda and disinformation campaigns targeting elections across multiple countries. While the exact impact of these campaigns is difficult to quantify, there is no doubt that if untreated this could have detrimental implications on global affairs. The World Economic Forum even listed mis- and dis-information among the top global risks of the next 10 years.
When AI Becomes a Risk to Defenders
AI has already introduced new risks inside organisations too. AI agents often have broad access to data, systems, and workflows, meaning they can act like insider threats if compromised or misconfigured. Worse, many AI tools lack mature logging and monitoring to know what data is being shared and when.
Attackers are exploiting this gap:
- Compromising AI workflows to attach ransomware
- Using legitimate LLMs to generate malicious commands
- Exploiting prompt injection to bypass safeguards and leak sensitive data
In this new reality, even words themselves can be weaponised. Prompt injection is converting the apps organisations trust into data exfiltration channels that operate at machine speed.
Faster Than Humanly Possible
Breakout times (the window between initial compromise and lateral movement) have collapsed from 48 minutes to just 29 minutes on average. In one extreme case, attackers moved in 27 seconds. No human security team can respond at that pace. Only automation and machine-driven detection can keep up.
But speed isn’t the only challenge.
Edge Devices and Zero‑Days are an Open Front Door
Today’s adversaries are deliberately avoiding endpoints because EDR works too well. Instead, they operate where visibility is weakest, targeting unmanaged devices and edge infrastructure.
VPNs, firewalls, and internet‑facing gateways are prime targets. They are under‑monitored, inconsistently logged, and typically sit outside traditional EDR coverage. Adversaries are weaponising new vulnerabilities within days, sometimes hours. Applications we implement, such as CrowdStrike Falcon® Exposure Management (FEM), can help identify these devices. FEM provides comprehensive, visibility of entire attack surfaces, including commonly overlooked edge and IoT/OT devices to eliminate shadow IT.
On unmanaged devices, threat actors frequently spin-up virtual environments which allow them to remain undetected. Sophisticated China-nexus cyberespionage group, Warp Panda, managed to maintain persistent access for 22 months after compromising VMware targeting US-based entities. As CrowdStrike put it, this isn’t smash‑and‑grab crime, it’s long‑term espionage.
Identity Is the Primary Battleground
Once attackers gain access, many rely on “living off the land” techniques, using trusted system tools to hide their Most modern attacks now begin with legitimate credentials. Hybrid identity abuse allows adversaries to pivot seamlessly between on‑premises and cloud environments while blending into normal user behaviour.
SaaS platforms are especially attractive. Gaining access to Microsoft 365, Entra ID, or SSO systems often unlocks vast amounts of data and downstream applications with minimal detection. Once in, attackers move laterally to siphon or encrypt data while gathering intelligence to support highly targeted phishing and follow‑on attacks.
A single supply chain compromise can have widespread impact. In 2025, attackers stole US$1.4 billion by compromising a trusted crypto wallet interface. One of the largest digital heists in history stemmed from abusing a trusted third-party path to trick approvals and redirect funds.
The New Age of AI‑Enabled Cybercrime
Today’s threat landscape is defined by the convergence of speed, trust, and AI. Adversaries no longer rely on malware or brute force attacks, instead, they exploit legitimate identities, trusted platforms, cloud relationships, AI systems, and software dependencies to move invisibly through environments.
AI enables them to scale these attacks at unprecedented speed and precision, turning everyday tools, workflows, and even language itself into vectors for compromise. In this new age of cybercrime, what organisations trust most has become what attackers exploit first.
What Organisations Must Do Now
To counter the evasive adversary, organisations need a cross‑domain security strategy:
- Secure AI systems with proper monitoring, detection, and governance
- Protect all identities: human, non‑human, and AI
- Close visibility gaps across cloud, SaaS, edge, and unmanaged devices
- Prioritise edge device patching and exposure management
- Understand adversaries, their motivations, methods, and tradecraft
In a world where attacks unfold in seconds and trust is routinely exploited, security must be unified, automated, and intelligence‑driven.
Because the adversary isn’t slowing down and neither can we.
Need Help Navigating These New Threats?
As attack surfaces expand and detection windows shrink, many organisations are turning to always‑on security visibility and response. Computer One’s 24/7 managed SIEM and SOC services help organisations monitor across identities, cloud, SaaS, and edge environments, detect threats earlier, and respond faster.
If you’d like support strengthening your security posture against the evasive adversary, reach out to Computer One.
