Threat Actors Achieve Lateral Movement in as Little as 4 Minutes – ReliaQuest Reports: ‘The Only Way to Fight AI Is With AI’

TAMPA, Fla.--(BUSINESS WIRE)--ReliaQuest, the leader in agentic AI security operations, today released its 2026 Annual Threat Report, which shows threat actors utilizing AI and automation tools can now achieve lateral movement within an organization in as little as 4 minutes – 85% faster than last year. On average this process takes just 34 minutes, 29% quicker than the 48 minutes recorded in 2024. But leveraging AI and automation, organizations can contain threats within 4 minutes versus up to 16 hours with manual efforts.

Criminals are also able to exfiltrate data much quicker. The quickest attack in 2025 took just 6 minutes versus over 4 hours in 2024. Again, automation and AI are critical, with ReliaQuest finding 80% of ransomware groups it analyzed using either or both in their attacks. The fastest attacks are now fully automated, with attackers using scripts and legitimate tools to rapidly exfiltrate data at machine speed.

Attackers are also leveraging AI to accelerate the reconnaissance phase, automating the analysis of social media profiles, corporate websites, and public data sources to quickly identify high-value targets and draft convincing social engineering scripts, reducing days of manual research into hours or minutes.

‘BoaLoader’ malware reflects the first major convergence of AI-assisted development, social engineering, and traditional cybercrime. Despite only emerging in the latter part of the year, it was a factor in nearly 20% of all incidents observed by ReliaQuest in the calendar year. This rapidly growing threat effectively renders traditional trust models obsolete and uses Large Language Models (LLM) to produce clean, structured, and ‘legitimate looking’ JavaScript which can masquerade as functional software—such as ‘PDF Editors’ or ‘Recipe Listers’ to build long-term user trust and enable it to persist on a network for months. Once executed, it then compromises email gateways, sandboxes, and some endpoint detections.

“AI and automation have changed the game in cybersecurity, allowing threat actors to move faster than any human alone can combat,” said Mike McPherson, Senior Vice President of GreyMatter Operations at ReliaQuest. “Thankfully defenders can outperform adversaries with Agentic AI and achieve an average containment time of four minutes. This speed is essential to rival the breakout times observed this year—a race that manual response, at up to 16 hours on average without automation, cannot win. Agentic AI enables organizations to move to predictive security – by analyzing vast datasets of rich threat intelligence, agents can adapt this intel to a customer’s unique environment and close gaps before a threat actor may attack.”

Learn more at: https://reliaquest.com/campaigns/annual-threat-report-2026/executive-summary-2025-vs-2024-at-a-glance

About ReliaQuest

ReliaQuest exists to Make Security Possible. Our Agentic AI security operations platform, GreyMatter, allows security teams to detect threats at the source, contain, investigate and respond in less than 5 minutes – eliminating Tier 1 and Tier 2 security operations work. GreyMatter uses our Universal Translator, detection-at-source, and Agentic AI to seamlessly connect telemetry from across cloud, multi-cloud and on-premises technologies.

ReliaQuest is the only cybersecurity technology company that delivers outcomes specific to each organization's unique architecture, technology and business needs.

With over 1,000 customers and 1,200 teammates across six global operating centers, ReliaQuest Makes Security Possible for the most trusted enterprise brands in the world. Learn more at www.reliaquest.com.