Report an incident

Get 24/7 incident response assistance from our global team

x
Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Weaponized AI: Inside The Criminal Ecosystem Fueling The Fifth Wave of Cybercrime
← Research Hub

Weaponized AI: Inside The Criminal Ecosystem Fueling The Fifth Wave of Cybercrime

AI is no longer an emerging risk; it is now operational infrastructure for cybercrime.

Cybercrime has entered a new phase. What began as manual, opportunistic attacks in the 1990s has evolved through organized malware, Cybercrime-as-a-Service, and ecosystem-level supply chain attacks. Today, a fifth wave is underway – one defined by the weaponisation of artificial intelligence.

In this wave, AI is not simply enhancing existing tactics. It is industrialising crime, turning once human-driven skills – persuasion, impersonation, malware development – into scalable, on-demand services across the underground economy.

Group-IB’s Weaponised AI research reveals how this shift is unfolding in real time.

What’s driving the fifth wave of cybercrime?

Based on original investigations conducted by Group-IB’s global analyst teams, the report exposes how AI is being actively adopted and monetised by threat actors worldwide:

Dark LLMs, purpose-built for criminal use, sold on underground markets with no ethical constraintsDark LLMs, purpose-built for criminal use, sold on underground markets with no ethical constraints

Deepfake-as-a-Service and synthetic identity kits enabling impersonation at scaleDeepfake-as-a-Service and synthetic identity kits enabling impersonation at scale

Automated phishing, social engineering, and malware tooling designed to lower the barrier to entry for cybercrimeAutomated phishing, social engineering, and malware tooling designed to lower the barrier to entry for cybercrime

AI-enabled fraud and identity attacks that evade traditional detection and attributionAI-enabled fraud and identity attacks that evade traditional detection and attribution

Group-IB’s monitoring of dark web forums shows a sharp surge in AI -related criminal activity over the past five years, with AI now embedded across the cybercrime value chain rather than used as an occasional tool.

 

Through infiltration of underground forums, marketplaces, and dedicated leak sites, Group-IB analysts uncovered a maturing criminal ecosystem that increasingly mirrors legitimate SaaS businesses – complete with subscription models, customer support, and rapid iteration.

Advanced protection against AI-driven cyber threats

Group-IB delivers comprehensive protection against modern cybercrime through an intelligence-led security ecosystem built on deep adversary insight and real-world investigations.

By combining global threat intelligence with local analyst expertise, Group-IB helps organisations detect, prevent, and respond to AI-enabled cyber threats across fraud, identity, and infrastructure – before they can scale.

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

The Voice of Fraud: Deepfake Vishing and the New Age of Social Engineering
New
White Paper
The Voice of Fraud: Deepfake Vishing and the New Age of Social Engineering
Group-IB’s Fraud Protection team examines the rise of deepfake vishing attacks and caller ID spoofing,...
Learn more
Сyberseсurity Ultimate Assessment Guide: Part 2. Human-Centric Assessements
White Paper
Сyberseсurity Ultimate Assessment Guide: Part 2. Human-Centric Assessements
Assess and strengthen your team's cybersecurity readiness with Group-IB's expert guide
Learn more
Cybersecurity Ultimate Assessment Guide: Part 1. Assessment Compass
White Paper
Cybersecurity Ultimate Assessment Guide: Part 1. Assessment Compass
Navigate the complexities of modern assessments with Group-IB’s expert-designed guide.
Learn more
Three years of change: Digital risks in the Middle East and Africa
White Paper
Three years of change: Digital risks in the Middle East and Africa
Learn about key trends in digital risks over the past three years, the latest techniques...
Learn moreDownload report
Adversary Hunting Code: Uncover and eliminate unknown cyber threats with Group-IB
White Paper
Adversary Hunting Code: Uncover and eliminate unknown cyber threats with Group-IB
Threats often lurk in the shadows, undetected, until they escalate into full-blown crises. The key...
Learn moreDownload eGuide
CYBERSECURITY X AI: Building capabilities to defend assets and defeat attackers
White Paper
CYBERSECURITY X AI: Building capabilities to defend assets and defeat attackers
There’s no denying it: Artificial intelligence has emboldened and empowered cyber criminals, helping them attack...
Learn moreDownload eGuide
Ransomware readiness: From quick wins to long-term strategies
White Paper
Ransomware readiness: From quick wins to long-term strategies
Check all the key ransomware readiness boxes and shield your infrastructure with Group-IB's industry-proven framework.
Learn moreDownload whitepaper
The Reconnaissance Handbook: Map and mitigate intrusion pathways into your network
White Paper
The Reconnaissance Handbook: Map and mitigate intrusion pathways into your network
As adversaries use reconnaissance to plot their attacks against you, discover how you can leverage...
Learn moreDownload whitepaper
The Art of SOC
White Paper
The Art of SOC
Ultimate guide to establishing and evolving intelligence-driven security operations with Group-IB SOC Framework
Learn more