CrowdStrike 2025 Threat Hunting Report – Part 3: Countering the Adversary with Generative AI

GenerativeAI is rapidly changing the dynamics of the cyber battlefield. In this year’s CrowdStrike Threat Hunting Report, OverWatch analysts highlight both how adversaries are exploiting Gen AI and how defenders can harness it to stay ahead of evolving threats.

Adversaries and Generative AI

CrowdStrike threat hunters observed adversaries leveraging Gen AI across multiple phases of the attack lifecycle, including:

Reconnaissance – Automating collection and analysis of target data

Phishing – Crafting highly convincing lures in multiple languages

Exploitation – Streamlining vulnerability research and exploit generation

Obfuscation – Using AI to rewrite payloads and evade detection

Social Engineering – Generating scripts for vishing and spear-phishing at scale

Notably, groups like FAMOUS CHOLLIMA used Gen AI to infiltrate over 320 companies by automating fraudulent hiring campaigns — a 220% YoY increase in insider activity.

Defensive Countermeasures with GenAI

Gen AI is a force multiplier for defenders when applied responsibly:

Augmented Threat Hunting – AI-assisted pattern recognition across billions of telemetry events

Identity Protection – Generative modeling to predict credential misuse and abnormal access behavior

Faster Incident Response – Summarizing large volumes of forensic data into actionable insights

Deception & Simulation – Creating realistic adversary simulations to train detection and response teams

CrowdStrike stresses, however, that defenders must maintain human-in-the-loop oversight—ensuring AI outputs are validated and contextualized by experienced hunters.

Generative AI has become a double-edged sword in cybersecurity. On one hand, we see adversaries using it to accelerate phishing, identity abuse, and insider campaigns at unprecedented scale. On the other, defenders now have an opportunity to use GenAI as a force multiplier in detection, threat hunting, and incident response. The key will be balancing automation with human expertise. What stands out to me is how AI is not confined to a single domain— it’s reshaping phishing, endpoint exploitation, cloud intrusions, and insider activity all at once.

Author: Sebastian Burgemejster