Cybersecurity: Criminal Use of Generative AI Tools a Growing Threat

I’ve previously blogged about some of the conclusions in the World Economic Forum’s 2025 Global Cybersecurity Outlook, but I thought it was revisiting the report’s finding that nearly half of global organizations cite malicious use of Gen AI tools as their top cybersecurity concern. This excerpt explains why there’s a good reason for that concern:

Cyberattackers are adopting new tools to increase the effectiveness and scope of familiar forms of attack, such as ransomware and business email compromise (BEC). GenAI tools are lowering the cost of the phishing and social engineering campaigns that give attackers access to organizations. Therefore, while the core character of cyberattacks has remained stable, organizations may need to place additional emphasis on protecting themselves against well-developed phishing and cyber-fraud campaigns.

Cybercrime-as-a-Service (CaaS) platforms continue to be a dominant and rapidly growing business model in the criminal landscape, allowing individuals or groups without technical expertise to engage in illicit online activities by purchasing the necessary tools and support. This model, which is already well established among criminal groups, has progressively been adopted in other areas of cybercrime, such as AI-enhanced phishing attacks. These platforms present a challenge, as they remove the barriers for entry into cybercriminal activities. While progress has been made in dismantling some of the platforms, enforcement efforts remain inconsistent as CaaS platforms continue to thrive.

To make matters worse, the WEF report says that this lucrative market has attracted violent organized
crime groups into the cybercrime market, and the interaction of these criminals with cybercriminals is changing the nature of cybercrime and its impact on society. The report points out that the starkest example of this is the trafficking of more than 200,000 people into Southeast Asia to work on online scam farms.