Artificial intelligence is changing online crime less like a sudden takeover and more like a productivity upgrade for attackers. The strongest evidence in the source points to a practical shift: scams, phishing campaigns, deepfake impersonations and malware experiments are becoming easier to build, cheaper to run and harder for ordinary people to evaluate quickly.
The most dramatic warnings focus on autonomous malware. But several researchers argue that the more urgent danger is already visible in everyday fraud: AI-generated messages, synthetic voices, fake video calls and tools that help criminals move faster.
Why PromptLock caught researchers' attention
In late August last year, Anton Cherepanov found a file on VirusTotal that looked routine at first. His malware-detection measures flagged it, and he and Peter Strýček spent the next few hours studying the sample.
What they found was ransomware that used large language models across an attack. According to the source, the software could generate customized code in real time, map a computer to find sensitive data, copy or encrypt files, and create ransom notes based on file contents. It could also behave differently each time it ran, which would make detection harder.
Cherepanov and Strýček called the discovery PromptLock and described it as the first example of AI-powered ransomware. The case drew widespread global media attention.
Then the story became more complicated. The day after their blog post appeared, researchers from New York University said the malware was their research project, not a live criminal attack. Their goal was to show that each stage of a ransomware campaign could be automated, and they said they had demonstrated that possibility.
That made PromptLock less alarming as an incident, but still important as a signal. It showed a path that real attackers could try to follow.
The clearest harm is already in scams
The source makes a strong distinction between speculative AI-orchestrated cyberattacks and scams that are already being amplified by AI. Attackers began using generative AI tools almost immediately after ChatGPT appeared at the end of 2022, first for spam and then for more targeted schemes.
A Microsoft report said that in the year leading up to April 2025, the company had blocked $4 billion worth of scams and fraudulent transactions, with “many likely aided by AI content.” Researchers at Columbia University, the University of Chicago, and Barracuda Networks analyzed nearly 500,000 malicious messages and estimated that at least half of spam email is now generated using LLMs.
Those researchers also found AI use in more focused email attacks. By April 2025, at least 14% of those targeted attacks were generated using LLMs, compared with 7.6% in April 2024.
The risk is not limited to text. Generative AI has made images, video and audio easier and cheaper to fake. The source describes a high-profile case reported in 2024 in which a worker at the British engineering firm Arup was tricked into transferring $25 million after joining a video call with digital versions of the company’s chief financial officer and other employees.
Henry Ajder, a generative AI expert, put the incentive plainly: “If there’s money to be made and people continue to be fooled by it, they’ll continue to do it.”
Malware is moving, but experts disagree on the threat
Security researchers do not all see the same level of danger in AI-powered malware. Lorenzo Cavallaro, a professor of computer science at University College London, said the likelihood that cyberattacks become more common and more effective over time is not remote but “a sheer reality.”
Others argue that the idea of AI superhackers is overstated. Marcus Hutchins, principal threat researcher at Expel, said, “For some reason, everyone is just focused on this malware idea of, like, AI superhackers, which is just absurd.”
Google’s Threat Analysis Group has seen potential bad actors use AI in ways that resemble ordinary developer use: debugging code, automating pieces of work and writing phishing emails. Billy Leonard said that by 2025, some had moved on to using AI to help create new malware and release it into the wild.
Google also observed a China-linked actor trying to use Gemini to identify vulnerabilities on a compromised system. Gemini initially refused, but the attacker persuaded it by framing the request as part of a capture-the-flag competition. Google has since adjusted Gemini to deny those kinds of requests.
Open-source models are another concern. Ashley Jess, a former tactical specialist at the US Department of Justice and now a senior intelligence analyst at Intel 471, said bad actors are likely to adopt them because they can remove safeguards and tailor them. The NYU team used two open-source models from OpenAI in PromptLock and said they did not need jailbreaking techniques to get the model to do what they wanted.
Automation is not the same as autonomy
In November, Google released a report saying bad actors were using AI tools, including Gemini, to dynamically alter malware behavior. The report described “a new operational phase of AI abuse.” But cybersecurity writer Kevin Beaumont noted on social media that the five malware families discussed, including PromptLock, were easily detected and did not cause harm.
Anthropic also announced in November that it had disrupted a large-scale cyberattack, described as the first reported case carried out without “substantial human intervention.” The company said a Chinese state-sponsored group used Claude Code to automate up to 90% of a “highly sophisticated espionage campaign.”
That report, too, came with limits. A human operator selected targets. Of 30 attempts, only a “handful” succeeded. Claude also hallucinated, fabricated data and “frequently” overstated results, meaning attackers would have needed to verify its output.
Gary McGraw, cofounder of the Berryville Institute of Machine Learning in Virginia, argued that existing controls in a reasonably secure organization would stop those attacks. He said some automation involved prefabricated tools and added that “that stuff’s been automated for 20 years.”
Anthropic’s Jacob Klein saw a different signal. “Tying this many steps of an intrusion campaign together through [AI] agentic orchestration is unprecedented,” he said in a statement. “It turns what has always been a labor-intensive process into something far more scalable.”
What organizations and users should take seriously
The practical lesson is not that AI can already run every cyberattack on its own. The evidence in the source is more grounded: AI helps attackers write, test, translate, personalize and scale their work.
That matters because online crime does not need to be technically brilliant to succeed. A convincing phishing email, a realistic fake voice, or a video call that appears to include trusted colleagues can create enough pressure for a victim to act.
For organizations, the source points to a future in which the pace of attacks may increase even when the underlying techniques are familiar. For individuals, the immediate danger is more direct: messages, calls and media that look personal or authentic may be cheaper for criminals to produce than ever before.
The debate over fully autonomous hacking will continue. But the current reality is already serious: AI is making the ordinary machinery of online fraud faster, more flexible and more scalable.