The threat landscape is undergoing a profound transformation. At CrowdStrike’s Fal.Con 2025 event in Las Vegas, Adam Meyers, who heads counter-adversary operations, provided a rare window into how the world’s most capable adversaries are adapting their tactics. His insights underscore a sobering reality in that artificial intelligence has become both a weapon and a defense shield, underscoring the asymmetry between attackers and defenders.
As Meyers put it:
“The attacker has the advantage. The defender has to be right 100% of the time. The attacker only needs to get lucky once. And when they’re able to do that at the speed and scale that AI allows, it becomes really problematic for defenders.”
In this special Breaking Analysis, we key on our conversation with Myers to review the current threat landscape with a scan of the Big 4 threat actors. Specifically, the data indicates that the **Big Four—China, North Korea, Russia, and Iran—** are leveraging AI in distinctive ways that reflect their geopolitical ambitions, economic pressures, and operational cultures.
China: Scale, Sophistication, and State Ambition
China remains the most formidable cyber adversary, and CrowdStrike’s telemetry highlights just how aggressively Beijing is scaling. According to Myers we’re seeing:
- A 150% increase in intrusion activity over the past year, spanning all verticals and geographies.
- In key sectors such as manufacturing, financial services, and media, activity surged by 200–300%.
- Cloud environments are now a priority, with 136% growth in cloud intrusions overall and 40% tied to China.
The tactics are tightly linked to national strategy. As Myers put it:
“China is tying all of this to their geopolitical ambition. They want to be the regional leader… they use offensive capabilities to break in and low-bid deals, then bring Huawei, ZTE, Alibaba and others to build dependency.”
Perhaps most concerning, CrowdStrike testing of Chinese AI models like DeepSeek-R1 and Qwen-32B revealed that compliance with CCP ideology is essentially embedded in the code. Queries that conflict with party objectives were 50% more likely to produce vulnerable code, or no answer at all. This makes the Chinese AI stack both a security risk and a geopolitical instrument.
North Korea: AI-Powered Cyber Labor Force
North Korea’s long-standing playbook of cyber-enabled sanctions evasion has been enhanced by AI.
- Operatives use AI to build fake LinkedIn profiles and generate resumes that pass recruiter scrutiny.
- AI-assisted tools help during interviews, providing real-time responses.
- Once inside companies, Pyongyang’s agents use coding assistants to compress hours of work into minutes, allowing them to hold hundreds of jobs simultaneously.
The proceeds feed directly into the nuclear weapons program, turning stolen intellectual property and outsourced development into hard currency.
Meyers warned:
“Every step of the way now they’re using AI… to get jobs, to do the coding, to scale. And it’s only getting worse.”
Iran: Exploit Factories in the Making
Despite the recent attack by the US on nuclear facilities in Iran, the country’s threat actors, while historically less sophisticated, are rapidly weaponizing AI for speed and scale.
- AI is now used for phishing campaigns, crafting lures with greater credibility.
- Tehran’s ambitions extend beyond influence ops according to Myers. Iranian researchers are openly pursuing AI that can automatically discover and weaponize vulnerabilities.
- Within the next 6–9 months, Meyers believes we may see an “explosion of exploits” as AI agents are orchestrated into automated exploit factories.
This would democratize zero-day production, shifting Iran’s posture from opportunistic attacks to industrialized exploitation.
Russia: Focused on Ukraine and Opportunistic in the Baltics
Russia’s cyber operations remain tightly bound to its geopolitical theater.
- Core focus areas include Ukraine, the Baltics, Poland, Georgia, and Moldova.
- The upcoming Moldovan election was highlighted by Myers as a likely flashpoint, where Moscow will intensify disinformation and destabilization campaigns to sway outcomes toward Russian alignment.
While consumed by the war in Ukraine, Russia’s doctrine of hybrid warfare – combining cyber, propaganda, and kinetic means – remains intact and adaptive.
Out-Innovating the Adversary
Meyers emphasized that while defenders are constrained by regulation, compliance, and civil liberties, adversaries operate without such guardrails. This asymmetry is accentuated by AI. Yet, he remains cautiously optimistic, citing success at the endpoint which pushed threat actors to find other vulnerabilities around identity, the cloud and at the edges:
“We can out-innovate the attackers… The more we harden identity, cloud, and the edges, the more pressure we put back on them.”
Our view is that defenders must:
- Leverage AI at scale to close the gap in speed and response;
- Secure AI models and data centers against espionage, given the staggering cost of training frontier systems;
- Tighten public-private cooperation, recognizing that adversaries exploit the openness of democratic societies as much as technical vulnerabilities.
We are encouraged that the current administration appears to be more collaborative with industry versus what we saw as non-constructive “finger wagging” by previous administrations vis a vis cybersecurity postures. In our view, the Big Four remain a central threat actors shaping the future of cyber conflict. Each is now augmenting traditional operations with AI, turning what was once a human-scale problem into one of algorithmic scale. The message from Fal.Con 2025 is the battleground is constantly shifting, and the race is on to innovate faster than the adversary.
