Notifications
Clear all
Topic starter
27/06/2026 1:18 pm
TL;DR: ChatGPT has lowered the barrier for criminals to draft convincing attacks, accelerating phishing, impersonation, and other AI-assisted abuse patterns, according to Abnormal AI’s on-demand webinar. The important shift is not that AI creates entirely new crime classes, but that it compresses attacker effort and scale faster than current human-centric security workflows can absorb.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams respond to AI-generated phishing at scale?
A: Security teams should treat AI-generated phishing as a scale problem, not just a quality problem.
Q: Why do ChatGPT-assisted attacks matter to IAM teams?
A: They matter because they compress the attacker’s time and skill requirements, which increases the number of credible attempts against users and helpdesks.
Practitioner guidance
- Harden identity verification for suspicious requests Require step-up verification for payment changes, mailbox delegation, password resets, and other high-risk requests when message origin or tone is unusual.
- Tune detection for campaign behaviour, not single-message anomalies Correlate repeated sender patterns, persona changes, language variants, and target sequences across email and identity telemetry.
- Shorten containment paths after user interaction Predefine fast actions for suspicious clicks, token misuse, and account takeover indicators, including mailbox isolation, session revocation, and privilege review.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- A live walkthrough of how AI has changed attacker tradecraft over the last decade and why that matters for identity teams.
- A demo-driven look at ChatGPT-generated threats from former hacker Kevin Poulsen, including how the content is built and used.
- Examples of AI-generated attacks already being identified in the wild, useful for teams building detection and response playbooks.
- ISC2 CPE eligibility details for practitioners who need continuing-education credit from attending the webinar.
👉 Watch Abnormal AI's on-demand webinar on ChatGPT-era cyber threats →
ChatGPT-generated threats: what security leaders need to watch?
Explore further
27/06/2026 2:36 pm
AI-assisted abuse does not replace traditional identity attack paths, it accelerates them. The article’s core claim is not that ChatGPT invents a new class of compromise, but that it lowers the labour cost of phishing, impersonation, and pretexting. That matters because most identity programmes are still tuned to human attack tempo. Practitioners should read this as a throughput problem first and a content problem second.
A few things that frame the scale:
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
- Organisations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control, according to The State of Secrets in AppSec.
A question worth separating out:
Q: How can teams reduce the impact of AI-driven impersonation attempts?
A: Teams should combine user verification, conditional access, and response playbooks that isolate suspicious activity quickly. Once impersonation reaches credential capture or account access, the most effective control is the speed of containment, not just the quality of the initial detection.
👉 Read our full editorial: ChatGPT-era attack automation and the new cyber threat curve
