AI on the Offence, AI on the Defence: How Generative Tools Are Supercharging Cybercrime

Artificial intelligence has been heralded as the next great productivity boom. For cybercriminals it is already paying dividends. CrowdStrike’s latest threat-hunting report paints a stark picture of nation-state and organised-crime groups that have folded generative AI into every stage of the attack cycle, from reconnaissance to execution. The same technology that promises to streamline data analysis and automate customer service is helping hackers scale operations at breathtaking speed, while simultaneously widening the bullseye on the very AI systems businesses are rushing to adopt.

The automation arms race

Traditional hacking relied on painstaking manual labour. Human attackers had to investigate targets, craft believable phishing emails, and trawl vulnerability databases for weaknesses they could exploit. Generative AI collapses those tasks into minutes. Large language models digest CVE write-ups and help adversaries rank vulnerabilities by potential payoff. Image generators spin up convincing profile pictures for fake LinkedIn personas. Chatbots crank out personalised spear-phishing emails with perfect grammar and cultural references tailored to the victim.

Charming Kitten, an Iran-linked espionage group, “likely” used an AI model to draft messages in a 2024 phishing campaign against United States and European organisations. Rather than relying on recycled templates that often raise suspicion, the hackers produced bespoke content for each target, increasing their hit rate and cutting development time. CrowdStrike’s hunters saw similar tactics in play at Reconnaissance Spider, a financially motivated gang that repurposed old phishing lures by running them through an AI translator. The criminals forgot to strip out the model’s prompt-response boilerplate, a mistake that tipped off investigators, but the incident highlighted how easily language models can help attackers breach cultural and linguistic barriers.

North Korea’s Famous Chollima takes the strategy to its logical conclusion. The group orchestrates elaborate remote-worker fraud, planting operatives inside foreign companies to siphon salaries and steal intellectual property. According to CrowdStrike, Famous Chollima executed more than three hundred intrusions in the past year thanks to AI tools that write résumés, populate job application portals, and even generate deepfake appearances for video interviews. By automating these time-consuming chores, the hackers can chase dozens of leads in parallel, overwhelming ordinary vetting processes.

AI as an attack surface

Generative AI is not only a weapon, it is also a target. In the rush to deploy chatbots, coding assistants, and automated workflow engines, many firms expose poorly secured endpoints or misconfigured application programming interfaces. CrowdStrike points to the April exploitation of Langflow, an open-source tool for building AI workflows, as a cautionary tale. Attackers leveraged an unpatched vulnerability to seize user accounts, pivot deeper into corporate networks, and plant malware. Because the entry point was a trusted AI platform, security teams were slow to recognise the breach.

The problem is structural. AI services often depend on wide-open data pipelines and generous permission sets so they can ingest documents, logs, and email threads. That convenience translates into juicy initial-access vectors for intruders. Once inside, the same features that make AI tools powerful for legitimate users—automated file handling, rapid API calls, privileged cloud integrations—become force multipliers for malicious actors.

Why the stakes keep rising

Several trends amplify the risk. First, the barriers to entry are falling. Public cloud providers offer GPU rentals by the hour, and open-source checkpoints of advanced language models circulate freely on developer forums. Even gangs with modest budgets can fine-tune a model on leaked corporate emails and churn out persuasive phishing kits targeted at a specific industry.

Second, attacks are increasingly identity-driven. CrowdStrike reports that malware-free intrusions, where criminals log in using stolen credentials rather than dropping malicious code, now account for a large share of incidents. AI accelerates that shift. Phishers armed with tailored messages harvest credentials more efficiently, while deepfake audio and video undermine voice verification and liveness checks.

Third, geopolitical tensions continue to spill into cyberspace. State-aligned groups experiment with AI not just for espionage but also for influence operations and disruptive attacks on critical infrastructure. As the technology matures, the line between propaganda and hacking blurs. An adversary can scrape social media, generate divisive content at scale, and simultaneously target the same population with malicious links that deliver spyware.

Defensive strategies for an AI-supercharged era

Organisations cannot afford to treat AI security as a distant concern. CrowdStrike’s researchers argue that the threat landscape already incorporates generative tools as standard kit. The defenders’ job is therefore to assume compromise, monitor continuously, and harden every link in the identity chain.

1. Secure the AI stack from day one. Treat chatbots, model-hosting services, and workflow builders like any other production system. Enforce strong authentication on APIs, segment data pipelines, and apply rigorous patch management. If a third-party tool lacks transparent security documentation, reconsider its deployment or place it in a tightly controlled sandbox.

2. Double down on identity protection. Implement multifactor authentication, monitor for abnormal log-in patterns, and adopt zero-trust principles that verify both user and device context. Train staff to recognise deepfake attempts and to question unexpected requests, even when they appear to come from familiar voices.

3. Use AI defensively, but wisely. Machine-learning-driven threat detection can flag unusual behaviours faster than signature-based tools, yet models are only as good as their training data. Blend AI analytics with human expertise. Threat hunters should constantly validate alerts and feed insights back into detection logic.

4. Build an incident-response muscle. Assume that sophisticated intrusions will occur. Conduct regular tabletop exercises that simulate AI-enabled attacks such as mass-translated phishing or deepfake CEO fraud. The faster teams can contain and eradicate an incident, the less time adversaries have to exploit automated footholds.

5. Foster an intelligence-sharing culture. CrowdStrike’s report highlights the value of collaboration among security vendors, academic researchers, and open-source communities. By contributing to shared blacklists, reporting adversary tactics, and integrating patches upstream, defenders can blunt the first-mover advantage of threat actors.

A future written by both man and machine

The same generative engines that draft marketing copy and summarise research papers have opened a new frontier in cyber-offence. Criminals now wield AI to remove linguistic hurdles, multiply social-engineering attempts, and keep up relentless operational tempos. Businesses, in turn, must weave AI literacy into every layer of security architecture. The lesson from CrowdStrike’s latest findings is clear: automation cuts both ways. Organisations that harness AI responsibly will outpace attackers. Those that ignore its darker applications risk becoming cautionary footnotes in the next annual threat report.

Photo Credit: DepositPhotos.com