As organisations globally embrace artificial intelligence (AI) to strengthen cybersecurity, adversaries are equally quick to exploit these technologies to launch increasingly sophisticated cyber-attacks. The powerful capabilities of AI have become accessible to both security teams and cybercriminals alike, transforming the threat landscape. Understanding how attackers utilise AI is critical for organisations aiming to stay ahead and protect their digital assets effectively.
AI-Enhanced Phishing and Social Engineering
One of the most immediate and concerning uses of AI by cybercriminals is in automating and enhancing social engineering attacks, particularly phishing. Traditional phishing methods rely heavily on attackers manually crafting deceptive messages; AI drastically reduces this effort. Advanced large language models (LLMs) such as ChatGPT allow cybercriminals to rapidly generate highly personalised phishing emails, significantly improving their likelihood of success.
Phishing attacks now actively leverage generative AI, enabling attackers to produce convincing messages that are virtually indistinguishable from legitimate communication. This sophistication makes it challenging even for well-trained users to detect fraudulent emails, dramatically raising the risk of credential theft and subsequent data breaches.
Moreover, AI-driven social engineering goes beyond emails. Attackers utilise generative AI to impersonate trusted entities convincingly in social engineering attacks, fooling users into disclosing sensitive information or providing access credentials. This evolution of social engineering using AI magnifies the threat to organisations, as attacks become increasingly convincing and harder to detect.
Deepfakes and Misinformation
The malicious use of AI extends beyond textual attacks into multimedia manipulation, notably deepfakes. Deepfake technologies leverage AI-driven algorithms to create realistic but fabricated audio and visual content, posing severe threats to digital authenticity. Such content can be weaponised to create false narratives, manipulate public opinion, damage reputations, or even incite panic within markets and public sectors.
Cyber adversaries can exploit deepfake technologies to impersonate executives or public figures convincingly, facilitating high-stakes fraud or misinformation campaigns. For example, AI-generated voice deepfakes have already been used in sophisticated fraud attempts, tricking organisations into making unauthorised financial transactions by impersonating CEOs in real-time voice calls.
Autonomous Malware and AI-Enhanced Cyber Attacks
AI-driven malware is another emerging threat, characterised by its ability to autonomously adapt, evade traditional security defences, and propagate rapidly. AI-powered malware can automatically identify and exploit vulnerabilities in a system, significantly reducing the time attackers spend planning and executing attacks. These self-learning malware strains adapt dynamically to evade detection from traditional signature-based and static defences, requiring defenders to continuously update their detection and response capabilities.
Moreover, the rise of AI-powered botnets marks a significant advancement in distributed denial-of-service (DDoS) attacks. AI enhances these botnets, allowing them to dynamically respond to countermeasures, alter their behaviour in real-time, and optimise their attacks to overwhelm targeted systems effectively.
Autonomous Ransomware
AI-enhanced ransomware poses another serious risk. Leveraging AI, cybercriminals create ransomware capable of autonomously identifying high-value targets and encrypting data faster and more effectively than conventional malware. AI-driven ransomware may adapt encryption techniques and exploit vulnerabilities intelligently, significantly complicating incident response and recovery.
These AI-driven ransomware variants also amplify extortion effectiveness by personalising ransom demands and increasing psychological pressure through precisely crafted, context-aware threats. This further exacerbates the financial and operational damage inflicted on targeted organisations, highlighting the urgent need for organisations to integrate robust and adaptive defensive AI solutions.
Weaponised AI Tools and Platforms
The rise of malicious AI platforms such as WormGPT and FraudGPT—tools explicitly designed for cybercriminal activity and often available on dark web marketplaces—illustrates the commodification of AI-driven cyber threats. Unlike conventional LLMs like ChatGPT, these tools lack ethical constraints and safety checks, allowing attackers to freely generate harmful content like phishing templates, malware code, and scripts designed specifically for fraudulent schemes like Business Email Compromise (BEC).
Preparing Your Defences Against AI-Driven Threats
To effectively combat AI-enabled threats, organisations must adopt proactive and intelligent cybersecurity solutions, embracing AI-driven defensive tools capable of real-time threat detection and adaptive response. Embracing solutions such as Fortinet’s FortiAI, Darktrace, IBM’s QRadar Advisor, and other AI-powered platforms provides the critical capability to detect, respond, and even predict malicious AI-driven activities in real time.
Organisations must recognise that cybersecurity is no longer just about defence against known attacks but involves a continuous, proactive approach to managing an evolving threat landscape increasingly defined by AI capabilities.