In 2025, AI-driven cyberthreats have evolved significantly, posing new challenges for cybersecurity professionals. Organizations face a dynamic and evolving threat landscape, from deepfake impersonations to the development of highly sophisticated malware capable of adapting in real time to security protocols, making detection more difficult. Additionally, large language models (LLMs) are being exploited to automate large-scale social engineering attacks, enabling more convincing scams across email, messaging apps, and even virtual assistants.
As AI becomes more accessible, cybercrime-as-a-service platforms are emerging, allowing even non-experts to launch complex attacks using rented AI tools. The use of AI tools by cybercriminals and state-sponsored groups further increases the risk of cyberattacks against public and private organizations across all sectors.
In the coming years, cyber threats will likely be profoundly influenced by malicious actors' increasing use of AI-powered tools. As AI’s capabilities continue to advance, malicious actors are expected to leverage them to automate and improve their attack patterns, making them faster, more sophisticated, and harder to detect.
Deepfake impersonations: The new face of fraud
Deepfake technology has matured to the point where audio and video forgeries are nearly indistinguishable from authentic recordings. If a deepfake relies on AI, machine learning is a key element in its creation. Convolutional neural networks (CNNs) are a subset of powerful AI modeled in part on the human mind; they are capable of detecting trends in information and can be used for image and speech recognition. While one may think creating a deepfake requires complex tools and technical skills, this is not the case. They can also be made with basic knowledge of computer graphics, which can help to democratize the use of deepfakes. For example, a deepfake video can be created in just two steps.
First, a large amount of actual video footage must be fed into to a deep neural network, which is gradually trained to recognize a person's rhythms and detailed characteristics. The number of videos or visual data needed to create a realistic deepfake depends on several factors, including image and audio quality, lighting conditions, viewing angle, facial expressions, and the complexity of the deepfake model used. This gives the algorithm a realistic representation of an individual's appearance from different perspectives. Second, the system combines the learning algorithm with facial and vocal models generated from the neural network input.
Cybercriminals have successfully leveraged artificial intelligence, using deepfakes to impersonate executives, deceive employees, and execute fraudulent transactions. Deepfake services for identity theft are now available on the dark web, including underground forums and Telegram channels. These services include real-time face and voice replacement for recorded or live video/audio messages, often used to bypass Know Your Customer (KYC) verifications.
AI-powered malware: Smarter, faster, deadlier
AI is also revolutionizing malware development, enabling the creation of adaptive and evasive threats, such as polymorphic malware, which automatically modifies its code to evade detection, reducing the effectiveness of traditional signature-based antivirus solutions. Tools like Nytheon AI and WormGPT offer real-time capabilities that require no coding skills, enabling users to generate malware, counterfeit documents, and phishing campaigns. These platforms, accessible on the dark web, often feature multilingual, voice-enabled interfaces.
It's becoming easier for cybercriminals to develop ransomware using AI-powered tools. Generative AI models can assist even those with limited coding skills by providing step-by-step instructions, generating malicious code snippets, and suggesting ways to evade detection.
Moreover, generative AI also enables cybercriminals, with services like FraudGPT, to create highly personalized Business Email Compromise (BEC) emails and scam pages, increasing their perceived validity to positively influence the success rate of social engineering attacks.
Emerging threats: AI in the hands of cybercrime and state-sponsored groups
Cybercrime groups and state-sponsored actors increasingly leverage artificial intelligence to enhance their cyber capabilities, marking a significant evolution in the threat landscape.
One prominent example is the deployment of AI in ransomware campaigns. Some criminal groups like FunkSec and RansomHub have or are suspected of using AI-powered tools in their offensive operations. These groups are enhancing the sophistication, speed, and success of their attacks. A primary use of AI in this context is the automation of target reconnaissance. By employing AI-driven data mining and machine learning models, threat actors can efficiently scan and analyze vast amounts of publicly available data to identify vulnerable systems, valuable targets, and entry points.
Additionally, natural language processing (NLP) can be used to craft compelling phishing emails or social engineering messages tailored to a target’s online behavior or organizational role. AI can also optimize the timing of ransomware deployment for maximum impact, such as during off-hours or system downtimes. This strategic integration of AI reduces the need for manual effort. These capabilities significantly increase the likelihood of successful ransom payments, making AI a formidable new dimension in the evolving ransomware threat landscape.
Threat actors continue to integrate AI tools into cyberattack campaigns to improve their effectiveness, stealth, and adaptability. Some APT, cybercrime, and hacktivist groups, such as SweetSpecter, CyberAv3ngers, and Lazarus, leverage AI for automated reconnaissance, allowing them to scan targets, identify vulnerabilities, and deploy malware. Machine learning models are used to craft convincing spear-phishing messages by analyzing targets' linguistic patterns and online behaviors, increasing the likelihood of successful social engineering. AI-driven malware can adapt its behavior in real time to evade traditional detection systems, such as antivirus software and intrusion detection systems. As AI evolves, their integration into APT operations poses a growing challenge for defenders in maintaining situational awareness and implementing effective countermeasures.
State-sponsored actors are also using AI for strategic, long-term operations. The Chinese-affiliated group APT31 has been reported to use AI-driven facial recognition and surveillance tools in tandem with cyber operations for domestic and international espionage. Russian-linked APT28 has experimented with AI-generated deepfakes to create realistic video content for disinformation campaigns. These AI-enhanced capabilities enable the manipulation of public perception and psychological operations, often with plausible deniability.
Implications for organizational cybersecurity
The growing use of AI-powered tools by cybercriminals and APT groups can significantly affect organizations' cybersecurity. These threat actors can now automate and deploy sophisticated attacks with greater precision, speed, and stealth. AI enables them to craft more compelling phishing campaigns, bypass traditional detection systems with adaptive malware, and exploit vulnerabilities with unprecedented efficiency.
To respond, organizations must evolve their cybersecurity strategies. This includes integrating AI into defense systems, enhancing employee awareness, and prioritizing real-time threat intelligence and anomaly detection. Ultimately, the AI arms race between attackers and defenders significantly raises the stakes, forcing organizations to evolve their cybersecurity strategies to stay ahead continuously.