A trove of documents from I-Soon, a private contractor that competed for Chinese government contracts, shows that its hackers compromised more than a dozen governments, according to cybersecurity firms SentinelLabs and Malwarebytes – Copyright AFP/File Daniel LEAL
AI cybercrime involves the use of artificial intelligence and machine learning by threat actors to automate, scale, and personalize malicious activities, such as deepfake scams, automated phishing, and AI-driven malware.
In the past couple of years, AI has transformed the digital threat landscape by dramatically lowering the technical barrier to entry and the cost of mounting highly effective cyberattacks.
The main tactics
The main modes of cybercrime are:
- Deepfake Scams & Social Engineering: Cybercriminals use generative AI to clone voices (e.g., mimicking a family member in distress or a CEO authorizing a wire transfer) and create highly realistic deepfake videos or images for extortion and romance scams.
- Automated Phishing: Large Language Models (LLMs) allow attackers to generate flawless, hyper-personalized phishing emails in multiple languages, bypassing the poor grammar or awkward phrasing historically used to spot scams.
- Malware & Exploit Development: Attackers utilize AI-assisted tools to discover software vulnerabilities and write adaptable malware that alters its code to evade traditional cybersecurity detection systems.
Using the dark web
Advanced AI tools are being commercialized on the dark web through subscription models akin to legitimate Software-as-a-Service (SaaS) platforms. Cybercriminals can now rent specialized AI crimeware packages for as little as the price of a streaming service subscription, making sophisticated attacks highly accessible to low-skill actors.
Because cybercriminals utilize AI to attack at machine speed, organizations are forced to fight fire with fire.
Cybersecurity firms utilize automated AI defensive platforms to monitor networks, identify anomalies, and pre-emptively block malicious domains or phishing campaigns before they ever launch.
New insights
To assess the current threat wave, the company Flashpoint has released its latest AI Threat Report. The report examines how threat actors are increasingly integrating AI into real-world cybercrime activity. Not as a future concept, but as a tool already supporting operations across the threat landscape.
The main trends that businesses need to be aware of, are:
- AI use is becoming more operationalized: Threat actors are moving beyond curiosity and experimentation toward practical use cases that improve speed, scale, and efficiency.
- Social engineering remains a key focus area: AI is helping attackers create more convincing phishing lures, impersonation campaigns, and multilingual content designed to increase success rates.
- AI-enabled fraud activity continues to evolve: Criminal communities are discussing and sharing methods to leverage AI tools for scams, identity deception, and other financially motivated campaigns.
- Underground communities are adapting quickly: Threat forums continue to discuss workarounds, jailbreaking techniques, and ways to bypass safety restrictions in mainstream AI platforms.
- Defenders face a shifting challenge: While many AI-powered attacks still rely on existing tactics, the technology is lowering barriers and accelerating malicious activity.
The report indicates where AI-related activity is most focused. For April, 2026, this remained concentrated on a small number of platforms, though the distribution shifted noticeably compared to March.
Telegram accounted for the majority of observed activity, with 1,395,075 posts tied to AI services and discussions. Reddit, GitHub Gist, Pastebin, Discord, and smaller forums accounted for significantly lower volumes.
Click Here For The Original Source.
