AI Is Reshaping Online Crime

Uploaded on 2025-08-26 in TECHNOLOGY-Key Areas-Artificial Intelligence, GOVERNMENT-Law Enforcement, FREE TO VIEW

Hackers, criminals and spies are rapidly adopting Artificial Intelligence (AI) and there is considerable evidence emerging of a substantial acceleration in AI-enabled crime. This includes evidence of the use of AI tools for financial crime, phishing, distributed denial of service (DDoS), child sexual abuse material (CSAM) and romance scams.

In all these areas, criminal use of AI is already augmenting revenue generation and exacerbating financial and personal harms. Scammers and social engineers, the people in hacking operations who pretend to be someone else, or who write convincing phishing emails have been using LLMs to appear convincing. 

In particular, Russian hackers are adding a new angle on the massive amounts of phishing emails sent to Ukrainians. In one such exploit. hackers are now including an attachment containing an (AI) program and if it is installed, it automatically searches the victims’ computers for sensitive files that can be exfiltrated to the sender. This campaign, which was first uncovered by the government of Ukraine, is the first known instance of Russian intelligence being caught building malicious code with large language models (LLMs), the type of AI chatbots that have become ubiquitous in the corporate world.

Many hackers of seemingly every stripe, cyber criminals, spies, researchers and corporate defenders alike, have started including AI tools in their work.

LLMs, like ChatGPT, are still error-prone. But AI hackers have become remarkably adept at processing language instructions and at translating plain language into computer code, or identifying and summarising documents. The technology has so far not revolutionised hacking by turning complete novices into experts and so far it has not allowed would-be cyber terrorists to shut down the electric grid. But it’s making skilled hackers better and faster. Cyber security firms and researchers are using AI now, too, feeding into an escalating cat-and-mouse game between offensive hackers who find and exploit software flaws and the defenders who try to fix them first.

The shift is only starting to catch up with hype that has permeated the cybersecurity and AI industries for years, especially since ChatGPT was introduced to the public in 2022. Those tools haven’t always proved effective, and some cyber security researchers have complained about would-be hackers using fake vulnerability findings using AI.  

Hackers and cyber security professionals have not settled whether AI will ultimately help attackers or defenders more. But at the moment, defence appears to be winning.

That trend may not hold as the technology evolves, however. One reason is that there is so far no free-to-use automatic hacking tool, or penetration tester, that incorporates AI. Such tools are already widely available online, nominally as programs that test for flaws in practices used by criminal hackers.

This is a key motivating factor behind recommendation to establish a new AI Crime Taskforce within the British  National Crime Agency'sl Cyber Crime Unit to coordinate the national response to AI-enabled crime. 

The collation of data from across law enforcement to monitor and log criminal groups’ use of AI, and the mapping of bottlenecks in criminal adoption of AI tools to raise barriers to adoption, would be crucial to developing law enforcement’s capability to respond to an evolving AI threat landscape. 

NBC News     |    CETAS    |     Cert-UA     |    Logpoint  |    Ars Technica    |    DHS  |  NCA

Image: Ideogram

You Might Also Read: 

Predictive Maintenance In The Age Of AI & Cybersecurity Challenges:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« BlackSuit Ransom Gang Taken Down
Sprawling Non-Human Identities Are the Next Big Cyber Risk »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Tendo Solutions

Tendo Solutions

Tendo Solutions provides intelligence, security, forensics and risk solutions to clients across different sectors and jurisdictions.

Hotlava Systems

Hotlava Systems

HotLava network adapters enable today's powerful servers and workstations to deliver more productivity by reducing congestion at the network interface.

National Security Agency (NSA) - USA

National Security Agency (NSA) - USA

NSA is a US intel agency responsible for the protection of government communications and information systems against penetration and network warfare.

KOBIL

KOBIL

KOBIL is a pioneer in the fields of smart card, one-time password, authentication and cryptography.

Infosec (T)

Infosec (T)

Infosec (T) Limited is an independent Tanzania based consultancy specializing in IT governance, information security and IT audit.

Nextcloud

Nextcloud

Nextcloud offers offers solutions to the combined need of security and ubiquitous access to data and collaboration technology.

UPX Technologies

UPX Technologies

UPX Technologies is one of the largest digital security centers in Brazil providing full protection for data, networks and content.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

ShardSecure

ShardSecure

ShardSecure Microshard technology eliminates data sensitivity, providing security, privacy and compliance beyond encryption.

Gray Analytics

Gray Analytics

Gray Analytics is a Cybersecurity Risk Management company providing best-practice services across a broad spectrum of cyber scenarios for both government and commercial customers.

Secure Diversity

Secure Diversity

Secure Diversity is an innovative non-profit organization with leaders that think out of the box to create strategies & solutions to increase diversity in the cybersecurity industry.

Abertay cyberQuarter

Abertay cyberQuarter

The Abertay cyberQuarter is a cybersecurity research and development centre housed within Abertay University.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.

Upwind Security

Upwind Security

Upwind delivers comprehensive cloud security, precisely when and where it’s most critical.

CyberGuardPro

CyberGuardPro

CyberGuardPro is a premier cybersecurity firm that prioritizes safeguarding businesses and individuals from the evolving landscape of digital threats.

iOT365

iOT365

iOT365 is the first-of-its-kind SAAS platform dedicated exclusively to Operational Technology (OT) security.