AI-enabled cyber attacks rose 47 percent globally in 2025. The total global cost of AI-driven cybercrime exceeded $193 billion. The average cost per AI-related breach reached $5.72 million, a 13 percent increase year-on-year. The arms race between AI-powered attack and AI-powered defence is now the defining dynamic of cybersecurity in 2026.
68 percent of cyber threat analysts report that AI-generated phishing attempts are harder to detect in 2025 than in any previous year. Deepfakes account for 11 percent of global fraudulent activity. Malicious packages on public repositories increased 75 percent. Cloud intrusions increased 35 percent. The threat landscape has changed faster in the last 24 months than in the preceding decade.
AI-Powered Phishing: Personalised at Scale
Traditional phishing worked through volume: send millions of generic emails and rely on a small percentage of people making errors. AI has changed this to precision: send thousands of highly personalised emails that are individually convincing, incorporating specific details about the target scraped from LinkedIn, company websites, social media, and previous breach data.
AI phishing tools analyse target organisations, identify key individuals and their communication patterns, generate emails that match the writing style of known contacts, and deploy at scale across thousands of targets simultaneously. The 1,000 percent surge in phishing attacks from 2022 to 2024 is largely attributable to this automation of what was previously a labour-intensive, skilled activity.
WormGPT and FraudGPT: Dedicated criminal LLMs specifically trained to assist with phishing email generation, malware development, and social engineering scripts without the safety guardrails of commercial models. Available on dark web forums as a subscription service from approximately $100 per month.
Spear phishing at scale: Individual executives now receive phishing emails that reference their actual recent travel, mention their real colleague names, and arrive in their inbox at times correlated to their typical communication patterns. This level of personalisation previously required significant research time per target. AI produces it in seconds across thousands of targets.
Deepfake Attacks: Voice, Video, and Identity
Deepfake technology moved from novelty to operational criminal tool in 2025. Deepfake attacks include real-time voice clones of executives issuing payment instructions, manipulated Zoom calls with synthetic faces and voices, and pre-recorded emergency videos that appear authentic.
Gartner projects 30 percent of enterprises will consider identity verification unreliable in isolation by 2026 because of deepfake attacks on face biometrics. A 62 percent share of cybersecurity leaders surveyed by Gartner in September 2025 had already experienced a deepfake attack in the past 12 months. A Hong Kong finance company lost $25 million to a deepfake video call impersonating senior executives ordering a wire transfer in early 2024.
Voice cloning: The FBI warns that voice cloning from a few seconds of publicly available audio is now trivial. Criminals clone CFO voices to authorise payments, parent voices to scam adult children, and executive voices to instruct employees. The recommendation is building family and organisation pass-phrases that cannot be replicated from public audio.
Synthetic identity fraud: AI grafts a generated headshot onto an invented identity with genuine stolen credentials, creating hybrid personas that pass automated verification at banks and financial platforms. Once approved, synthetic identities are used across multiple accounts simultaneously.
AI-Powered Malware: Adaptive and Polymorphic
Traditional malware uses static signatures that antivirus software learns to detect. AI-powered malware adapts in real time to evade detection, watching how security tools respond and modifying its code to bypass them. A Cornell University research team demonstrated attack frameworks that beat most commercial antivirus software. These capabilities, once available only to sophisticated nation-state actors, are now accessible through fraud-as-a-service platforms.
Ransomware operations use AI to identify high-value targets within compromised networks, determine optimal encryption timing relative to backup schedules, and craft personalised ransom demands based on the victim’s financial profile. The operational sophistication gap between skilled criminal groups and entry-level attackers has collapsed.
Automated Vulnerability Discovery
AI tools scan target organisations for software vulnerabilities, misconfigurations, and exposed credentials at speeds that human penetration testers cannot match. The reconnaissance phase of an attack, which previously required days of manual work, is now automated to hours. Attackers identify exploitable entry points before organisations are aware of them.
Defences That Work Against AI Attacks
Out-of-band verification for financial instructions: Any request involving payment, credential sharing, or unusual access that arrives through email, voice call, or video should be verified through a separate, pre-established communication channel. This single practice prevents most business email compromise and deepfake payment fraud.
AI-powered detection: Fighting AI with AI. Google’s on-device AI scans for malicious sites in real time. Email security tools trained on AI-generated phishing pattern differences (not grammatical errors, but structural and contextual patterns) detect AI phishing at higher rates than traditional signature-based detection.
Multi-factor authentication beyond SMS: Voice cloning and SIM swapping defeat SMS-based MFA. Hardware security keys (FIDO2/WebAuthn) and authenticator apps are not vulnerable to remote voice or deepfake attacks because the authentication requires physical device possession.
Employee training for AI-era threats: Training that focuses on generic phishing warning signs (poor grammar, urgency, suspicious links) is outdated. 2026 training must address AI-specific attack patterns: personalised emails that are grammatically perfect, calls from seemingly familiar voices, video calls showing known faces.
How are hackers using AI to attack organisations in 2026?
Primary attack methods: AI-generated personalised phishing at scale, deepfake audio and video for social engineering and payment fraud, polymorphic malware that adapts to evade detection, and automated vulnerability scanning. AI has lowered the skill requirement and increased the volume and personalisation of attacks across all these categories.
What are AI phishing attacks and how are they different?
AI phishing attacks use language models to generate personalised emails incorporating specific details about the target scraped from public and breach data. Unlike traditional phishing, they are grammatically perfect, contextually relevant, and arrive at optimal times. 68 percent of security analysts report AI-generated phishing is harder to detect than any previous generation.
How much does AI cybercrime cost globally?
The total global cost of AI-driven cybercrime exceeded $193 billion in 2025. The average cost per AI-related breach reached $5.72 million, a 13 percent increase year-on-year. The $16.6 billion in total US cybercrime losses in 2024 included $2.77 billion in business email compromise across 21,442 incidents.
What are deepfake attacks and how do criminals use them?
Deepfake attacks use synthetic audio and video to impersonate trusted individuals. Criminal uses include real-time voice cloning to authorise fraudulent payments, manipulated video calls appearing to show executives, and synthetic identity fraud combining AI-generated faces with stolen credentials. Gartner found 62 percent of cybersecurity leaders had already experienced a deepfake attack.
What defences work against AI-powered cyberattacks?
Out-of-band verification for any financial or access instruction (verify through a separate pre-established channel). AI-powered email and web security that detects AI-generated phishing patterns. Hardware security keys rather than SMS MFA for critical accounts. Employee training specifically addressing AI-era threat patterns rather than outdated grammar-based warning signs.
What is polymorphic malware and how does AI change it?
Polymorphic malware changes its code to evade antivirus detection. AI-powered polymorphic malware adapts in real time based on how security tools are responding, modifying its signatures faster than signature-based detection can update. Cornell researchers demonstrated AI attack frameworks that defeated most commercial antivirus software.
The Attacker Skill Floor Has Collapsed
The most significant change AI has made to the threat landscape is not that it makes sophisticated attackers more effective. It is that it makes low-skill attackers capable of executing attacks that previously required significant expertise. Fraud-as-a-service platforms with AI capabilities democratise attack sophistication in the same way cloud computing democratised enterprise-scale infrastructure. Security programmes built around the assumption of a limited number of sophisticated attackers need to rethink their models.