Separating Fact from Fiction: Here’s How AI is Transforming Cybercrime

In today's fast-changing cybersecurity landscape, "artificial intelligence" is the buzz phrase that dominates industry conversations, boardroom discussions, and media headlines. Some proclaim that AI is a silver bullet for cybersecurity, while others believe it's poised to slowly destroy our digital society as we know it.

When it comes to emerging technologies, these hype cycles-and the bold claims that accompany them-often don't fully align with reality. While threat actors are certainly incorporating AI into their attack toolboxes, the sensational, doomsday scenarios that are frequently discussed remain largely theoretical.

Instead of more fear, uncertainty, and doubt, defenders need a clear assessment of how AI is shifting the cybercrime ecosystem today, and how it is poised to change in the future.

Last week at RSA Conference (RSAC) 2025 in San Francisco, I participated in a panel discussion aimed at addressing this exact topic. I was pleased to take the stage alongside experts from UC Berkeley's Center for Long-term Cybersecurity (CLTC), the Berkeley Risk and Security Lab (BRSL), and Singapore Nanyang Technological University to discuss AI-enabled cybercrime in depth.

The session combined practice, policy, and academic perspectives to help defenders separate fact from fiction relating to AI-enabled cybercrime, drawing upon insights from ongoing research efforts like CLTC's AI-Enabled Cybercrime: Exploring Risks, Building Awareness, and Guiding Policy Responses, as well as threat intelligence and analysis from FortiGuard Labs.

AI's Current Role in Cybercrime

While it's easy to assume that cybercriminals are using AI to create novel attack methodologies, the reality is that threat actors are primarily using AI to enhance the efficiency and scale of existing techniques like social engineering and malware deployment. The technology is also lowering the barrier to entry for cybercriminals, enabling both novice and skilled threat actors to execute successful (and lucrative) attacks.

"AI isn't reinventing cyber threats (for now)-it's turbocharging them," said Dr. Gil Baram, non-resident research scholar at UC Berkeley's Center for Long-term Cybersecurity. "Our main finding [from recent research is] that we don't see new threats coming out of AI. It's the same threats, but in a different scale, a different scope, much more precise, much more accurate."

As Helena Huang, associate research fellow at S. Rajaratnam School of International Studies in Singapore noted, it's the democratization of AI that is primarily driving these shifts in attacker capabilities. Much of what once required deep coding expertise is now easily accessible through AI. Attackers are relying on AI as an "easy button," using the technology to automate labor-intensive tasks (think scaling reconnaissance efforts and optimizing credential-stuffing attacks), create highly personalized and contextually relevant social engineering communications, and optimize existing malicious code to evade detection.

During the panel discussion, I shared some of our observations from FortiGuard Labs about what specific tools attackers are using-like FraudGPT and WormGPT-to aid their operations. We also pointed to the rapid growth of AI-as-a-Service models in the cybercriminal underground. Much like ransomware-as-a-service models that became common in the past decade, today's criminals can purchase AI-enhanced services that provide reconnaissance tools, deepfake generation, or social engineering kits targeted at specific industries or languages. For example, AI translation tools have made phishing emails far more convincing by eliminating language errors.

As a panel, we also offered insights into how the cybercrime economy has changed structurally. A decade ago, most cybercriminal groups managed the entire attack process themselves. Today, they operate like businesses with diversified roles. Specialized units handle development, testing, access brokering, and monetization separately. Initial access brokers sell compromised systems to buyers. Others focus solely on social engineering or deepfake generation.

The more serious long-term concern is the speed with which these actors share successful methods and tools. Techniques developed by one state actor are often adopted by others in a matter of weeks.

Future Developments and the Impact on Cybersecurity Defenders

As security professionals chart their defensive strategies, it's vital that we anticipate how AI will reshape cybercriminal tactics in the coming years. Equally important is recognizing the fundamental pivots and likely challenges that this evolution presents for the entire industry.

Throughout the session, we talked about AI's potential impact on vulnerability discovery, the creation of novel attack vectors, and the growing use of autonomous agents. The potential for future AI advancements to significantly accelerate the discovery of zero-day vulnerabilities is a serious concern, and one that defenders must be prepared to address.

Beyond using AI to mine for fresh vulnerabilities, cybercriminals could easily use AI to develop new attack vectors. Even though this isn't occurring today, it's a concept that will inevitably become reality. For example, attackers might exploit vulnerabilities within AI systems themselves or execute sophisticated data poisoning attacks targeting the machine learning models organizations use.

Finally, while a group of autonomous agent swarms conducting entire cyberattacks doesn't seem plausible today, it's crucial that the cybersecurity community monitors the ways in which threat actors are incrementally adopting automation to support their attacks.

Evolving Our Collective Defense Strategies

As we anticipate how attackers might leverage AI in the future, it's clear that countering more advanced AI-driven threats requires an evolution in defense. As one panelist commented, "AI-driven attacks aren't unstoppable. Defenders are adapting just as quickly."

Fortunately, defenders are beginning to respond in kind. IT teams are using frameworks like MITRE ATT&CK to map attack chains and are deploying AI for predictive modeling and anomaly detection. The panel also noted, however, that criminal enterprises retain an agility that defenders-often constrained by bureaucracy or siloed responsibilities-must work harder to match.

The cyber defense evolution includes placing a greater emphasis on AI-powered threat hunting, hyper-automated incident response capabilities, and potentially rethinking security architectures, for starters.

Beyond making strategic and tactical adjustments to our defenses, conversations like these-as well as the public-private collaborations that power them-are critical to our collective success. As I communicated in the panel discussion, international cooperation is no longer optional, it's the only path to effective defense.

These discussions must inform policy changes as well, requiring the proactive development of new frameworks as well as standardized, globally accepted norms about AI use and misuse.

AI will continue to impact every aspect of cybersecurity. No single entity, regardless of its resources or expertise, can successfully navigate this shift alone. At Fortinet, we're excited to continue contributing to CLTC's AI-enabled cybercrime effort and other similar initiatives, supporting defenders across industries and borders as we navigate the changing threat landscape and work together to outpace adversaries.

Success will depend not just on technology, but on cooperation, flexibility, and continuous adaptation.

As our panel concluded, one of our parting messages was to share that while the arms race continues, so does our progress.