This post is also available in:
עברית (Hebrew)
Artificial intelligence is widely expected to reshape cybersecurity, with concerns that cybercriminals could use advanced AI tools to automate attacks, generate malware, or scale fraud operations more efficiently. But a large-scale new study suggests that, so far, AI adoption inside underground cybercrime communities has been more limited than many feared.
Researchers analyzing more than 100 million posts from cybercrime forums found that most malicious actors are still struggling to use AI in ways that significantly improve their operations. The analysis focused on discussions that emerged after the release of mainstream generative AI tools and examined how cybercriminal communities experimented with these technologies over time.
According to TechXplore, AI tools have been most effective in narrower tasks rather than sophisticated offensive operations. In particular, criminals appear to be using AI to help disguise patterns that cybersecurity systems typically detect, as well as to automate social media bots involved in fraud and harassment campaigns. However, the study found little evidence that AI has dramatically lowered the technical barrier to carrying out advanced cyberattacks.
One reason is that effective use of AI-assisted coding and automation tools still requires substantial technical knowledge. AI coding assistants may improve efficiency for experienced actors, but they are not replacing expertise. Researchers concluded that current AI usage represents more of an incremental evolution in cybercrime rather than a major operational shift.
The study also highlighted the role of safety restrictions built into mainstream AI systems. Existing safeguards appear to be limiting some forms of abuse, although researchers observed attempts by users to manipulate or bypass these controls.
Interestingly, the researchers argue that the more immediate cybersecurity risk may not come directly from criminals adopting AI, but from organizations deploying poorly secured AI systems themselves. Autonomous or “agentic” AI tools capable of making decisions and executing tasks independently could create new vulnerabilities if not designed and protected properly. Similarly, software produced rapidly with AI-generated code may introduce security weaknesses if insufficiently reviewed.
From a defense and cybersecurity perspective, the findings suggest that concerns around AI-enabled threats should focus not only on malicious actors, but also on how quickly legitimate industries are integrating AI into operational systems.
While cybercriminal experimentation with AI is clearly underway, the research indicates that widespread disruption from AI-powered cybercrime has not yet materialized at the scale many anticipated.
The research was published here.
