Introduction

AI is making familiar cyber attacks cheaper to build, faster to scale, easier to tailor, and harder to spot. Across the incidents and dark-web discussions in this report, threat actors used AI to improve what already works: phishing, social engineering, malicious code, identity fraud, and early post-compromise activity. The tradecraft is familiar, but the pace isn’t.

We’ve tracked that shift for the past two years. In our 2024 AI-Powered Cybercrime report, we saw early signs of cybercriminal AI use, which consisted mostly of phishing email polish, basic LLM-generated scripts, and the emergence of malicious GPTs like “WormGPT” (now defunct) and “FraudGPT” on the dark web. By mid-2025, the picture had expanded to deepfake services, AI-assisted scripts, and a growing underground market for AI-enabled tools. Over the past year, the core uses have stayed largely the same, but AI has moved closer into the heart of the offensive workflow.

In the incidents we reviewed, AI appeared in two main roles. First, it was embedded in the attack workflow: clues pointed to attackers using it to it generate phishing pages, build web shells and credential harvesters, pad code to frustrate static analysis, and improve the fluency of social-engineering content. Second, AI was the lure itself. Attackers used demand for AI tools and trust in AI brands to get users to install malicious extensions, run commands, or follow fake setup steps that looked routine enough to pass initial scrutiny.

We saw that pattern cut across sectors and actor type, from “ShinyHunters”-linked social engineering and “ClickFix”-driven malware delivery to DPRK IT-worker fraud. The goal varied—extortion, access, fraud, or espionage support—but AI consistently enabled these operators to achieve more, faster, with less effort.

AI hasn’t yet fundamentally changed cyber intrusion tradecraft. For most threat actors, it’s cheaper and more practical to plug AI into proven attack chains than to build bespoke AI-first capabilities. The dark-web discussions in this report reflect that reality. Actors are treating AI as operational infrastructure, in other words, something to buy, tune, and slot into existing workflows, but they’re also looking to balance efficacy with reliability and cost.

In our review of these cases, AI use doesn’t appear as one clear clue. More often, it shows up through smaller fingerprints, such as code structure, comment style, page construction, infrastructure cadence, or tightly repeated post-compromise behavior, that only become meaningful in context. For defenders, the key thing is to focus less on finding a single “AI tell” and more on getting the fundamentals right. That means strong visibility across identity, endpoint, cloud, email, web, and external infrastructure, plus detection and response that can connect weak signals and move faster than human workflows allow.

Security teams must strengthen the fundamentals of defense-in-depth and fight AI with AI.

The sections that follow break down:

• Six ways AI shows up in real incidents
• What threat actors are saying about it on the dark web
• Five categories of fingerprint that can suggest AI use (vocabulary, structural, formatting, code, contextual)
• A look ahead to what we think will come next, including a move toward agentic workflows, nation-state catch-up beyond the DPRK, as well as enterprise AI blowing out the attack surface from both sides