The cyberattack lifecycle has been supercharged by generative AI. It is faster, more effective, and more dangerous than ever before. Large Language Models (LLMs) are being leveraged for malicious purposes, aiding in recon, crafting highly convincing phishing campaigns, generating proof-of-concept (PoC) exploits, and even assisting in malware development. As these capabilities continue to grow in sophistication, AI will reshape the threat landscape, posing significant challenges for cybersecurity professionals.
The following blog explores several ways AI is already being used to shape cybercrime and cybersecurity. It delves into the methods empowered by LLM capabilities with key use cases. The future of AI-based and powered attacks isn’t a far-flung possibility, it’s here now—and it’s incredibly dangerous.
AI-Driven Reconnaissance
Building an understanding of an organization and identifying key targets within it has been significantly accelerated through the use of AI. Advanced Persistent Threat (APT) groups from China, Iran, North Korea, and Russia have reportedly used AI to automate this process, allowing them to achieve the following:
- Identify and prioritize high-value targets via analysis of organizational hierarchies, business disclosures, and employee social media
- Conduct large-scale scanning of networks and systems for potential traffic changes and vulnerabilities
- Optimize attack strategies based on collected intelligence, such as C-Suite travel and communication patterns, allowing for targeted attacks at opportune times, sometimes aided by advanced phishing and vishing techniques
Google’s Threat Intelligence Group reported that APT42, an Iran-backed group, were the heaviest users of Gemini, using it to perform recon on defense experts and organizations and craft advanced phishing campaigns. They combined their usage with other open-source tools and tactics to breach key targets in both the public and private sectors, demonstrating the effectiveness of early-stage LLM usage.
AI-Powered Phishing and Social Engineering Attacks
In conjunction with advanced recon techniques, attackers are using AI to enhance phishing and social engineering tactics. In recent months, APTs—particularly those from North Korea, China, and Iran—have been observed deploying AI-generated phishing campaigns with increased sophistication. Notable AI-enhanced social engineering tactics include the following:
- Automated Spear-Phishing: Using data gathered by AI during the recon phase, attackers leveraged AI to generate massive amounts of highly personalized phishing emails that are both contextually relevant and persuasive, increasing the likelihood of successful intrusions. This method has been used extensively by Iran against both American and Israeli targets.
- Deepfake Scams: Attackers employ AI-generated deepfake audio and video to impersonate trusted individuals. These deepfakes deceive targets into taking malicious actions, such as transferring funds or divulging sensitive information. In the Arup Group attack, for example, AI-generated voice and images were used to fraudulently extract $25 million dollars from the multinational design and engineering company.
With AI continuously improving the realism of phishing lures and impersonations (and utilizing more powerful research methods), legacy cybersecurity detection tools are struggling to keep up. The fidelity of the fakes and the information used to produce them has even fooled trained professionals.
AI Vulnerability Discovery and Exploitation
Beyond reconnaissance and phishing, AI tools are also being deployed to discover technical vulnerabilities and quickly exploit them. Attackers are using AI to achieve the following:
- Identify and exploit security weaknesses in software and networks, including reverse-engineering patches
- Discover potential zero-day exploits, proven conceptually by Google’s ‘Big Sleep’ agent
- Generate code that can exploit weaknesses and vulnerabilities faster than defenders can respond
Google’s proof that AI agents could discover potential zero-day vulnerabilities is a chilling sign of what’s to come. The acceleration of zero-day attacks powered by AI discovery and exploitation tools will likely put defenders on the back foot, especially if they are not given tech solutions that can preemptively prevent attacks or respond at speed to breaches.
AI-Assisted Malware Development
Although AI-generated malware is not highly advanced yet, attackers have found ways to jailbreak mainstream LLMs (such as OpenAI’s models or Gemini) to aid in malware development. Simultaneously, a stable of malicious LLMs specifically tailored for criminal activities, including WormGPT, WolfGPT, EscapeGPT, FraudGPT, and GhostGPT, are also being developed, removing the safeguards put in place in the mainstream models. Threat actors currently use AI chatbots to:
- Generate and troubleshoot malicious code; GhostGPT is particularly adept and costs only $50. It is marketed to hackers and lacks any of the ethical blocks that mainstream models have, enabling quick vulnerability discovery and exploitation.
- Localizing malware to bypass regional security measures. A Russian APT group used Gemini to morph existing malicious code to skirt known security measures, rather than developing entirely new malware.
The speed with which AI has advanced means that AI-generated malware will become extremely complex very quickly. With the increasing availability of advanced “open” AI chatbots like DeepSeek, attackers are able to refine their malware toolsets, making them more adaptive and evasive.
The Next Phase: AI-Generated Polymorphic Malware
One of the most alarming possibilities is the potential for AI to generate polymorphic malware. This type of malware continuously mutates its code, making traditional signature-based detection methods ineffective. As AI enhances malware’s ability to autonomously modify its structure and evade security defenses, security teams must adopt more advanced behavioral analysis techniques to counter this growing threat.
The Looming Future: AI-Powered Autonomous Malware
Soon, attackers will move beyond ‘simple’ AI-generated malware and begin developing AI-powered autonomous malware, enabling smarter, far more devastating attacks. Unlike traditional malware, AI-powered malware will be smarter, performing functions autonomously to bypass security. If it reaches the level that experts fear, it will be able to:
- Adapt its behavior in real time to evade detection and bypass legacy protection mechanisms across the data estate
- Alter its attack techniques based on an environment’s defenses, making incident response significantly more challenging
- Leverage reinforcement learning to optimize attack strategies, continuously improving effectiveness against evolving security measures
This step beyond polymorphic malware could lead to an unprecedented surge in sophisticated cyberattacks, specifically designed to overwhelm existing defense systems and react to attempts to stop it.
The Impact on Attribution and Threat Intelligence
As AI-generated attacks grow in complexity, attribution will become increasingly difficult. AI can mimic the attack patterns, tools, and techniques of other threat actors, effectively masking the true origin of an attack. This obfuscation has already been used by Russian and Iranian APT groups to achieve the following:
- Complicate forensic investigations and confuse national defense planning and response
- Hinder intelligence-sharing efforts, especially amongst groups relying on multi-member input, such as Five Eyes
- Reduce the effectiveness of traditional attribution methodologies
Each of these complicates the already stressful role of security teams and researchers, ratcheting up the pressure on defenders while slowing down national response to legitimate threats.
The nature of stolen data reveals insightful details about the plans of an adversary; the industries they’re targeting, patterns of attack, and what they are focused on disrupting. However, if the adversary can’t be reliably identified, defenders are left trying to strategize for multiple scenarios, complicating response and planning efforts.
Preparing for the AI-Driven Threat Landscape
To stay ahead of these emerging threats, organizations must adopt what Gartner has recently dubbed preemptive cybersecurity solutions–technologies designed to prevent cyberattacks before they achieve their objectives. Key steps to reaching a preemptive cybersecurity posture include:
- Investing in AI-driven cybersecurity solutions that can detect and mitigate AI-generated threats. Attackers are using AI that is too advanced to be stopped by legacy tools or human response alone. Keeping organizations operational and breach free requires defensive solutions that can outpace offensive AI.
- Implementing a deep learning-based security approach: Deep learning provides the most advanced defense against AI-driven threats by enabling real-time anomaly detection and automated threat analysis using the most advanced version of AI. Unlike traditional security models, deep learning solutions can:
- Identify and classify sophisticated attack patterns
- Adapt to emerging cyber threats without reliance on static rules
- Analyze large-scale datasets to detect zero-day exploits and AI-powered malware
Purpose-built zero-day data security measures are the necessary foundation of preemptive cybersecurity, empowering defenders to prevent attacks with solutions built from the ground up to combat the growing threat of AI attacks. By focusing on proactive defense mechanisms that neutralize threats before they can exploit vulnerabilities, security teams gain the upper hand and push back against ever-more aggressive attackers.
A Final Prediction:
By 2026, AI-powered malware and automated vulnerability discovery will become standard tools in cybercriminal arsenals. AI will enable attackers to conduct real-time, autonomous exploit development and deployment, significantly reducing the time between vulnerability discovery and exploitation. They will be able to perform these attacks at scale and speed using virtual ‘ai-factories’ equipped with agentic AI and other technologies, increasing the need for a zero-day response that can keep up.
As AI-driven threats evolve, organizations that rely on traditional security methods will find themselves unable to cope with the speed and scale of modern cyberattacks. The adoption of AI-driven threat detection, deep learning-based behavioral analysis, and zero-day data security solutions is critical to mitigating these emerging threats. Organizations that fail to invest in these technologies will face an increasingly hostile and overwhelming cyber landscape.
Conclusion
The future of cybersecurity will be defined by the ongoing battle between AI-powered attacks and AI-driven defenses, making it imperative for organizations to continually refine their strategies to stay ahead of the curve.
Traditional security measures are no longer sufficient in an AI-driven threat environment. Organizations must adopt a preemptive cybersecurity approach and leverage real-time deep learning-driven techniques to prevent and explain threats before they can cause harm. Security professionals need solutions that ensure even novel, previously unknown attack vectors can be identified and mitigated before exploitation occurs. This proactive defense strategy is essential to countering AI-generated threats and maintaining cybersecurity resilience.
Experience preemptive cybersecurity in your own environment. Request your free scan now.
