TL;DR: Attackers are already using AI to increase the scale and sophistication of cybercrime, while the webinar also weighs whether tools like ChatGPT are a genuine threat and how tactics may evolve, according to Abnormal AI. The real issue is not AI hype but how quickly adversaries can industrialise deception, targeting, and response bypass.
At a glance
What this is: This on-demand webinar examines how attackers are using AI in cybercrime and whether generative AI materially changes the threat landscape.
Why it matters: It matters because security teams must separate hype from attacker capability and adjust detection, response, and awareness programmes across human identity, NHI, and autonomous-agent risk.
By the numbers:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
👉 Watch Abnormal AI's on-demand webinar on AI use in cybercrime and attacker tactics
Context
AI-assisted crime changes the operational tempo of attacks, especially when defenders are still tuning controls for human-paced phishing, credential abuse, and fraud. For security teams, the question is not whether AI exists in attack workflows, but which parts of the kill chain it compresses, automates, or makes harder to attribute.
This webinar sits squarely in the identity and access problem space because AI can amplify deception against human identities, accelerate abuse of non-human identities, and blur accountability when autonomous systems are involved. The useful lens is not vendor optimism or AI panic, but where current governance models stop matching attacker behaviour.
Key questions
Q: How should security teams respond to AI-assisted phishing and impersonation?
A: Security teams should move beyond signature-based email filtering and focus on identity context, behavioural anomalies, and downstream action validation. The strongest controls are those that verify who is requesting action, what access is being touched, and whether the request matches normal business patterns. AI changes the volume and quality of deception, so response must be identity-aware.
Q: When does generative AI become a real cyber risk for enterprises?
A: Generative AI becomes a real cyber risk when it materially improves an attacker’s speed, scale, or credibility in phishing, fraud, or credential abuse. That risk is immediate if existing workflows rely on human judgement alone or if NHI and delegated access paths lack strong verification. The issue is operational, not theoretical.
Q: What do teams get wrong about AI as a threat?
A: Teams often focus on whether AI is inherently dangerous and miss the more practical question of how it changes attacker economics. AI mainly helps adversaries generate more convincing content, test more variants, and move faster through the attack chain. The mistake is treating AI as a novelty instead of an amplifier of known abuse patterns.
Q: How can organisations prepare for AI-accelerated cybercrime?
A: Organisations should strengthen identity controls, response speed, and evidence capture across human, NHI, and delegated workflows. Preparation means assuming more persuasive lures, faster campaign iteration, and more targeted follow-up. Teams that can tie suspicious activity back to identity state will contain AI-assisted attacks more effectively.
Background and context
How AI changes the attack economy
AI does not need to invent new attack classes to matter. It can lower the cost of reconnaissance, personalise phishing at scale, generate convincing lures, and adapt language in ways that make campaigns more efficient. The practical shift is economic: attackers can test more variants, target more victims, and iterate faster before defenders complete manual analysis. That means detection quality, response speed, and identity context matter more than static prevention alone.
Practical implication: tune detection and response around higher message volume, faster iteration, and more convincing social engineering rather than expecting obvious phishing cues.
Generative AI as an attacker force multiplier
Generative AI becomes dangerous when it is embedded into existing crime workflows. A model can help draft lures, summarise stolen material, translate content for cross-border campaigns, and refine interaction style during social engineering. That does not require full autonomy. It is enough that the tool improves consistency, speed, and scale across the attack chain. The governance question is therefore operational: which controls still assume low-volume, manually crafted abuse?
Practical implication: assume the attacker can generate more tailored artefacts per target and stress-test whether your email, identity, and fraud controls still work under volume.
Why AI threat models must include identity abuse
AI-driven crime often succeeds by abusing identity trust rather than breaking cryptography. Human accounts are manipulated through impersonation and urgency. NHI credentials are attractive because they can expose systems, pipelines, and data with little friction. If autonomous agents are involved, the problem expands again because runtime decision-making can change access patterns mid-session. The common thread is identity being the control plane for abuse, even when AI supplies the content or timing.
Practical implication: review how identity controls, privilege boundaries, and approval flows behave when the attacker is using AI to impersonate users or exploit NHI access paths.
NHI Mgmt Group analysis
AI in cybercrime is best understood as an acceleration layer, not a brand-new threat class. The article points to attacker use of AI to increase scale and sophistication, which is consistent with what security teams already see in phishing, impersonation, and fraud. The real shift is that attack preparation, message variation, and targeting can happen faster and with less human effort. Practitioners should treat AI as a force multiplier inside existing abuse patterns, not as a reason to abandon established identity controls.
The security problem moves when AI reduces the cost of convincing people and systems to trust the wrong actor. That matters across human identity, NHI abuse, and agentic workflows because trust is what attackers are trying to borrow. Once a lure, token request, or delegated action looks credible enough, the control failure is often one of context, not cryptography. Practitioners should focus on where trust decisions are made quickly and with too little identity context.
Generative AI does not have to be autonomous to be operationally dangerous. The article’s framing does not require full agentic behaviour, and that distinction matters. A tool that helps an attacker write, translate, adapt, or sequence actions is already relevant to governance. The implication is that defenders should not wait for a fully autonomous adversary before updating response models. Practitioner teams need to account for AI-assisted tradecraft now, not after the threat becomes obvious.
Abnormal AI is pointing at a broader identity governance problem: attackers are using AI to collapse the distance between intent and execution. That same collapse is already visible in enterprise AI adoption, where scope drift and unauthorised action become governance issues rather than pure security events. The lesson for practitioners is that identity programmes must be designed for dynamic behaviour, whether the actor is a person, a service account, or an AI system.
AI threat readiness will increasingly be measured by how well organisations separate signal from synthetic persuasion. Detection teams will need more than content inspection. They will need identity-aware controls that understand who is acting, what access they touched, and whether the action matches the expected operating pattern. Practitioners should treat synthetic persuasion as an identity problem with security consequences, not as a messaging issue.
From our research:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
- That gap makes OWASP NHI Top 10 useful for mapping where AI-driven access, tool misuse, and governance failures start to converge.
What this signals
Identity controls will now be judged by whether they can survive synthetic persuasion at scale. The immediate programme question is not whether AI-generated attacks exist, but whether your identity stack can distinguish a convincing request from a legitimate one when the volume of attempts rises sharply. Teams should expect more pressure on verification, approval hygiene, and post-event traceability across human and machine identities.
Scope drift is becoming the named failure mode for AI-enabled access. With 80% of organisations already seeing AI agents act beyond intended scope in our research, the operational challenge is no longer hypothetical. The practical response is to map where access, delegation, and audit assumptions still rely on stable behaviour and to close those gaps before attacker tradecraft exploits them.
For practitioners, the signal is simple: treat AI-assisted crime as an identity programme issue with security consequences. That means connecting collaboration security, fraud response, NHI governance, and incident evidence preservation into one operating model. If those domains remain separate, attackers will keep using AI to move faster than the organisation can correlate events.
For practitioners
- Harden phishing and impersonation detection for AI-generated variation Train mail, collaboration, and fraud controls to look for intent patterns, not just repetitive phrasing. AI-assisted campaigns can vary wording, tone, and formatting at scale, so detection needs stronger context from sender reputation, identity history, and action requests.
- Re-test identity workflows against synthetic persuasion Walk through password reset, payment approval, vendor onboarding, and access request paths using AI-generated lures. The goal is to find which human and service workflows still trust persuasive language more than verified identity state.
- Map where AI can amplify NHI abuse Review secrets, API keys, and service accounts that would become more valuable if an attacker used AI to automate discovery, exfiltration, or lateral movement. Prioritise controls that reduce blast radius when machine credentials are exposed.
- Update incident playbooks for faster adversary iteration Assume the attacker can change lures, targets, and follow-up messages between response cycles. Add containment steps that preserve evidence from messaging, identity, and access logs before campaigns are retooled.
Key takeaways
- AI is not a standalone attack category here. It is an accelerant that makes phishing, impersonation, and credential abuse more efficient and harder to spot.
- The evidence points to a real operational shift: attackers can generate more convincing content, iterate faster, and exploit trust more effectively than legacy controls assume.
- Security teams should respond by strengthening identity-aware verification, preserving evidence earlier, and reducing the value of compromised NHI and delegated access paths.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A2 | AI-assisted attacks increase tool misuse and unsafe action generation. |
| NIST AI RMF | AI threat governance depends on clear accountability and risk monitoring. | |
| NIST CSF 2.0 | PR.AA-01 | Identity verification and access context are central to defending AI-assisted attacks. |
Strengthen identity assurance and logging so suspicious AI-assisted activity can be attributed and contained.
Key terms
- AI-assisted cybercrime: Cybercrime that uses AI to improve speed, scale, or realism rather than to invent an entirely new attack class. The tool helps attackers write, adapt, translate, or sequence actions more efficiently, which raises the pressure on identity controls, detection, and response.
- Synthetic persuasion: The use of machine-generated language, images, or interaction patterns to make a malicious request appear legitimate. It matters because many security and business workflows still rely on humans recognising cues, and AI makes those cues easier to imitate convincingly.
- Identity-aware detection: A detection approach that evaluates actions in the context of who or what is acting, what access they hold, and whether the behaviour matches the expected pattern. It is stronger than content-only filtering because it ties suspicious activity to identity state and privilege use.
- Delegated access path: A workflow in which one identity, human or machine, can act on behalf of another through approvals, tokens, or service relationships. These paths are attractive to attackers because they can convert a single compromised request into broader authorised action.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or programme maturity, it is worth exploring.
This post draws on content published by Abnormal AI: an Innovate 2025 on-demand webinar on AI in cybercrime. Read the original.
Published by the NHIMG editorial team on 2026-06-26.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
