

























AI is making cyber-attacks cheaper, faster to scale, easier to customize and harder to spot, but it’s not fundamentally changing the tradecraft of intrusions, a new ReliaQuest report has revealed.
The threat intelligence specialist has been tracking the progress of the technology on the cybercrime underground over the past two years.
In 2024, AI was mainly used for “polishing” phishing emails, generating basic scripts, and in malicious tools like FraudGPT. By mid-2025, that picture had expanded to include “deepfake services, AI-assisted scripts, and a growing underground market for AI-enabled tools,” it said.
Today, AI has moved “closer into the heart of the offensive workflow,” according to ReliaQuest.
Read more on AI threats: AI Accelerates Attacker Breakout Time to Just Four Minutes
In the incidents ReliaQuest reviewed, AI appeared in two main roles.
“First, it was embedded in the attack workflow: clues pointed to attackers using it to it generate phishing pages, build web shells and credential harvesters, pad code to frustrate static analysis, and improve the fluency of social-engineering content,” the report noted.
“Second, AI was the lure itself. Attackers used demand for AI tools and trust in AI brands to get users to install malicious extensions, run commands, or follow fake setup steps that looked routine enough to pass initial scrutiny.”
It’s being used by all types of threat actor, from ShinyHunters to North Korean hackers, with goals as varied as extortion, initial access, fraud and espionage. The central theme is that it “consistently enabled these operators to achieve more, faster, with less effort,” the report explained.
AI is treated as operational infrastructure – something to buy, tune and slot into existing workflows – and as such the focus for threat actors is on balancing efficiency with reliability and cost, ReliaQuest said.
The report revealed six key ways AI is used in intrusions today:
“Security teams don’t need a new strategy built around AI as a category," the report explained. "But AI does change the pace of attacks, so they do need strong fundamentals, defense-in-depth, and AI and automation wherever operationally possible to match the new pace."
With that in mind, CISOs should consider actioning the following:
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。