Cybercriminals are now exploiting the AI tools companies have deployed. CrowdStrike's 2026 Global Threat Report reveals that prompt injection attacks targeted over 90 organizations in 2025. Adversaries are using large language models to steal credentials and cryptocurrency assets.

The report shows AI-enabled attacks surged 89% year-over-year. The average time for an attacker to move through a compromised network, known as breakout time, dropped to just 29 minutes. The fastest observed incident took only 27 seconds.

Prompt injection ranked as the top threat on the OWASP Top 10 for LLM Applications in 2025. CrowdStrike now tracks over 180 related techniques. In response, the company launched its Falcon AIDR tool in December 2025 to detect and mitigate these attacks.

The threat is real for the crypto industry. In one incident, an AI-controlled cryptocurrency wallet lost approximately $175,000 after attackers used a Morse-code-encoded prompt to bypass safety filters and steal funds.

The rapid breakout time fundamentally changes security for digital asset holders. It challenges the assumption that human teams have time to respond. The key question for investors is whether the platforms holding their assets have AI-specific defenses against prompt injection.