Reports Highlight AI Misuse in Cybercrime

- Cybercriminals utilize deepfake technology, a form of synthetic media generated by AI, to impersonate executives in video calls and authorize fraudulent financial transactions. In fact, 75% of deepfake attacks have involved impersonations of CEOs or other C-suite executives. - Generative AI tools are being used to create highly personalized "spear phishing" emails that are grammatically perfect and mimic specific writing styles, making them significantly harder to detect than traditional phishing scams. This tactic was used in a 2023 attack on the gaming company Activision, where AI-generated SMS messages were used to access the employee database. - AI is enhancing ransomware by automating the process of finding and exploiting system vulnerabilities, allowing attacks to be executed at a much greater speed and scale. A proof-of-concept AI ransomware tool, dubbed PromptLock, has already been developed that can autonomously decide whether to steal, encrypt, or destroy a victim's data. - Attackers are creating malicious versions of large language models (LLMs), sometimes referred to as Malicious GPTs, specifically to generate malware and create other fraudulent content for cyberattacks. - The cost of AI-powered cybercrime is significant, with the average data breach now costing companies $4.45 million. One report indicates that 40% of all phishing emails targeting businesses are now generated by AI. - In response to these threats, the European Union has passed the AI Act, the first comprehensive legal framework on artificial intelligence. It establishes risk-based rules for AI developers and deployers, with regulations for high-risk systems scheduled to take effect starting in August 2026. - The cybersecurity industry is increasingly using "defensive AI" to counter these threats. These systems can analyze vast amounts of data in real-time to detect anomalies, automate threat responses, and identify sophisticated attacks that might otherwise go unnoticed.