Top 10 Ways Hackers Use AI for Cyber Attacks

Artificial intelligence is reshaping every industry, including cybercrime. But unlike most professionals watching AI with caution, threat actors are welcoming it with open arms. Threat actors now use generative AI to write flawless phishing lures, clone voices, build self-mutating malware, and run full intrusion chains with barely any human involvement.

They don’t need to breach a firewall, write a zero-day exploit, or bribe an insider. They need a generative model, some patience, and a target. AI has collapsed the cost, skill, and time required to execute attacks, and this is the new asymmetry we have to be prepared for.

1. Hyper-Personalized Phishing Written at Machine Speed

AI rapidly analyzes personal data, writing styles, and behavioral patterns to generate highly convincing phishing messages tailored to individual victims at scale

Generative AI lets attackers produce error-free, context-aware phishing emails at scale. The old “bad grammar” is gone. LLMs can scrape LinkedIn profiles, mirror internal writing styles, and generate lures in dozens of languages within seconds. Business Email Compromise (BEC) campaigns have become nearly impossible to distinguish from legitimate correspondence.

The real-world damage is already piling up. In February 2024, European discount retailer Pepco Grouplost roughly €15.5 million in its Hungarian operation after attackers used AI-polished emails to impersonate internal staff and redirect supplier payments.

2. Deepfake Video Calls That Empty Corporate Accounts

Attackers use AI-generated video and voice impersonation to mimic executives during live calls, convincing employees to approve fraudulent wire transfers

Real-time face-and-voice deepfakes now let attackers impersonate executives on video calls. A finance employee joins what looks like a routine meeting, sees familiar faces, hears familiar voices, and follows instructions that drain millions.

One of the most striking cases came out of Hong Kong. In January 2024, a finance worker at British engineering firm Arup wired HK$200 million (roughly $25.6 million) across 15 transactions after joining a Teams call where every participant, including the apparent CFO,was a live deepfake. The money was never recovered. Ferrari and WPP faced similar attempts that same year but caught the deception at the verification stage.

3. Voice Cloning That Talks Past MFA and Family Defenses

Synthetic voice models replicate trusted individuals, allowing attackers to bypass identity checks, scam family members, and manipulate authentication workflows

With as little as three seconds of source audio from a podcast, voicemail, or social media clip, attackers can clone a target’s voice. The cloned voice is then weaponized for vishing calls: virtual kidnapping scams targeting families, helpdesk impersonation inside corporations, and bypass of voice-biometric multi-factor authentication.

Threat actors are already targeting high-value targets at the highest levels of government. In May 2025, the FBI issued a public alert disclosing an active campaign in which attackers usedAI-cloned voice messages to impersonate senior U.S. federal and state officials, building rapport before pivoting to credential theft on personal accounts. The FBI’s 2024 Internet Crime Report logged over 22,000 AI-related complaints and approximately $893 million in losses, with voice cloning as a leading vector. Platforms like PlugValley have taken this a step further by offering AI-powered vishing as a service, letting even low-skill attackers run convincing voice-phishing calls on demand.

4. Dark Web LLMs Purpose-Built for Crime

Criminal groups are building and selling uncensored AI models designed specifically for phishing, malware development, fraud, and operational automation

The underground market for these tools is growing fast and becoming more accessible.

Dark Web forums and Telegram channels now sell “evil GPTs” as monthly subscriptions. Most are not new foundation models. They arejailbroken wrappers around legitimate LLMs with the safety layer stripped out. They lower the skill barrier to drafting phishing pages, keyloggers, and ransomware notes on demand.

In February 2026, a BreachForums actor leaked the alleged full database of a WormGPT-branded service, exposing over 19,000 subscribers along with their emails and payment records.

5. Polymorphic Malware That Rewrites Itself Mid-Execution

AI-assisted malware can modify its own code while running and generate new variants

AI-native malware can now query a language model at runtime to generate or mutate the commands it executes. The binary itself contains almost no malicious logic. Signature-based and static-analysis defenses miss it because the actual payload does not exist until the moment of execution.

In July 2025, Ukraine’s CERT-UA attributed a malware family called LAMEHUG to Russia’s GRU-linked APT28. The Python-based malware sent encoded prompts to a Hugging Face inference API connected to an open-weight model and executed whatever shell commands the LLM returned, handling reconnaissance, document hunting, and exfiltration.

6. Agentic AI That Runs Entire Intrusions with Minimal Human Input

Autonomous AI agents can handle reconnaissance, exploitation, privilege escalation, and lateral movement with limited operator involvement

Threat actors are now wiring autonomous coding agents into end-to-end attack chains. The AI handles reconnaissance, exploit generation, credential harvesting, lateral movement, and exfiltration at machine speed. Humans approve only at a few strategic checkpoints.

In November 2025, a major AI vendor disclosed that a Chinese state-sponsored group it tracks as GTG-1002 had weaponized an AI coding agent with open-source offensive tools against organizations across tech, finance, chemical manufacturing, and government. The AI reportedly executed 80 to 90 percent of tactical operations autonomously, with humans intervening at only key decisions.

7. AI-Accelerated Password Cracking and Credential Abuse

AI improves password prediction, credential stuffing, and account takeover by identifying weak credentials faster than traditional brute-force methods

Two forces are converging: GAN-based crackers like PassGAN that learn the statistical patterns of leaked password sets, and the same GPU clusters built for LLM training that demolish hash rates. Together, they collapse the effective lifetime of passwords.

While they were not safe anyway, the numbers from recent benchmarks paint a grim picture for short and simple passwords. A 2025password-cracking benchmark using a 12x RTX 5090 rig found consumer-GPU crack times dropped roughly 20% compared to last year (even though the researchers said it was not directly comparable to the previous year’s result), while AI-grade hardware delivered speedups many orders of magnitude beyond consumer setups.

8. AI-Powered Reconnaissance, OSINT, and Nation-State Tradecraft

AI processes massive volumes of open-source intelligence to map relationships, identify targets, and accelerate sophisticated espionage operations

Nation-state actors from Russia, China, Iran, and North Korea now use commercial LLMs as productivity tools across the kill chain: target research, vulnerability triage, phishing-lure translation, scripting assistance, and AV-evasion brainstorming. No novel capabilities have emerged yet, but the acceleration is real, especially for less-skilled operators.

Ajoint disclosure by Microsoft and OpenAI identified and disrupted five state actors abusing LLMs. A separate January 2025 report on Gemini misuse found that Iranian government-backed actors accounted for the largest Gemini use linked to APT actors.

9. AI-Generated Disinformation at Industrial Scale

AI enables the mass production of fake articles, videos, audio clips, and social content that can be rapidly distributed across multiple platforms

Generative AI has dropped the marginal cost of disinformation to near zero. State-aligned operations now mass-produce articles, fake personas, and deepfake media in dozens of languages, while AI-generated “local news” sites launder false claims into search results.

When fabricated content is cheap and distribution is instant, the information environment degrades fast. A political consultant used voice-cloning technology to impersonate President Biden in a robocall reaching roughly 5,000 New Hampshire primary voters, urging them not to vote, and OpenAI’s threat report disclosed it haddisrupted over 20 covert influence operations that year, spanning Russian, Chinese, and Iranian campaigns.

10. Prompt Injection and Adversarial Attacks Against AI Systems

Attackers manipulate AI models through malicious prompts or crafted inputs to bypass safeguards, extract sensitive data, or trigger unintended actions

Prompt injection sits at thetop of OWASP’s LLM risk list because large language models cannot reliably separate trusted instructions from untrusted data in the same context window. Attackers hide instructions inside emails, calendar invites, or web pages that enterprise AI assistants later ingest, hijacking them to leak data or take unauthorized actions.

Enterprises race to deploy AI assistants, but at the same time, every integration point becomes a potential attack surface. In June 2025, EchoLeak (CVE-2025-32711), the first documented zero-click prompt injection in a production LLM system surfaced, targeting Microsoft 365 Copilot. A specially crafted email, once pulled into Copilot’s context through RAG retrieval, instructed the assistant to embed sensitive Outlook and SharePoint contents into an outbound image link, achieving data exfiltration with zero user interaction.

Conclusi̇on

The ten threat categories above share one common thread: AI compresses the time, cost, and skill required to launch attacks that once demanded way more resources. Phishing campaigns that took days now take minutes. Intrusions that required a full red team now run on an autonomous agent. Malware that once had a fixed signature now rewrites itself with every execution.

For defenders, the path forward involves the same technology working in the opposite direction: AI-driven detection, behavioral analytics, and continuous validation of identity at every layer. The arms race is here, and standing still is the only guaranteed way to lose.

This is where agentic threat intelligence comes in. If attackers are using AI to move faster, scale wider, and adapt in real time, defenders need intelligence that does the same. Agentic threat intelligence systems monitor, correlate, and act on threat data autonomously, matching the speed of AI-driven attacks with AI-driven defense. The gap between detection and response is where damage happens, and closing that gap is no longer optional.