Full Report
Malicious actors are making more use of AI in attacks, even as governments look to boost AI investments
Analysis Summary
# Main Topic
Malicious actors are leveraging Artificial Intelligence (AI) tools to enhance cyber-attacks concurrently with governmental efforts to boost domestic and international AI investments. This creates a dual-use technological reality where both defenders and attackers are innovating rapidly in the AI space.
## Key Points
- Criminal groups are actively using AI-based tools to develop new malware and identify system vulnerabilities.
- Threat actors are specifically targeting AI deployments, actively searching for weak spots within these new systems.
- Government investments in AI (e.g., the UK's £14bn commitment, the US's $500bn plan for Stargate AI) are occurring in parallel with criminal adoption.
- Hacking groups view AI tools as an opportunity to create a dedicated criminal market (an "AI market").
## Threat Actors
- **General Threat Actors:** Criminal groups and malicious actors broadly.
- **Attribution:** Not specifically attributed to state-sponsored groups, but rather criminals leveraging accessible commercial/underground AI tools.
## TTPs
- **Malware Development:** Utilizing AI tools to fine-tune and develop sophisticated malware.
- **Vulnerability Discovery:** Employing AI for reconnaissance and identifying exploitable weaknesses in targets.
- **Exploiting AI:** Actively searching for and attempting to exploit weaknesses in deployed AI systems.
## Affected Systems
- **AI Deployments:** Any systems, enterprise or public-sector, utilizing AI technologies are at risk of targeted exploitation.
- **General Infrastructure:** AI is used to improve traditional attack vectors like malware creation.
## Mitigations
- **Defense Focus:** Recognizing that threat actors are investing in and innovating with AI tools requires defenders to prioritize securing AI implementations.
- **Vulnerability Scanning:** Increased scrutiny must be placed on finding weak spots within existing and developing AI infrastructure.
- **Monitoring Criminal AI Tools:** Tracking the emergence of criminal AI tools like WormGPT, EvilGPT, and FraudGPT is essential for situational awareness.
- **Policy Context:** Governments pushing AI investment must contextualize this growth against emerging threats.
## Conclusion
The proliferation of AI presents a critical dual challenge: while governments invest heavily for economic benefit, threat actors are rapidly adopting the same technologies to scale and refine their attacks. Organizations must immediately prioritize securing their AI stacks and assume that adversaries are using machine learning to enhance their discovery and payload delivery mechanisms. Staying aware of the specialized criminal AI tool ecosystem is now a mandatory component of current threat intelligence.