Notifications
Clear all
Topic starter
27/06/2026 1:07 pm
TL;DR: Generative AI is being used by attackers to increase attack success rates and to power malicious LLMs such as WormGPT, according to Abnormal AI’s Vision 2024 webinar with Keren Elazari. The governing assumption is collapsing because cybercrime now adapts at AI speed, while traditional detection and user-awareness controls still assume slower, more predictable attacker behaviour.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams respond to AI-assisted phishing and social engineering?
A: Treat AI-assisted phishing as a scale and quality problem, not just a messaging problem.
Q: Why do generative AI threats matter to identity security teams?
A: Because most AI-assisted attacks still need identity to convert persuasion into impact.
Practitioner guidance
- Harden identity verification at the approval point Require phishing-resistant authentication and step-up checks wherever a message can trigger access, payment, or privilege changes.
- Instrument session-level detection for token abuse Add monitoring for unusual session creation, impossible travel, token reuse, and sudden changes in inbox or identity-system behaviour.
- Limit blast radius for high-trust workflows Break sensitive workflows into smaller approval steps, shorten privilege duration, and require independent verification for account recovery, mailbox delegation, and admin elevation.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- Keren Elazari's closing keynote framing on how attackers are using generative AI in live cybercrime workflows
- The webinar discussion of WormGPT and other malicious LLMs as offensive tooling rather than theoretical risk
- The specific Vision 2024 context behind the talk and the practitioner questions raised during the session
- The on-demand presentation format, which is useful if you want the source commentary in full
👉 Watch Abnormal AI’s on-demand webinar on generative AI and cybercrime →
Generative AI and cybercrime tactics: what security teams need to know?
Explore further
27/06/2026 2:18 pm
Generative AI is now an attack multiplier, not just a content tool. The practical change is not that cybercrime became novel, but that existing social engineering, fraud, and credential theft workflows became faster, cheaper, and more adaptable. That shifts defender assumptions about campaign volume, iteration speed, and the half-life of a lure. Practitioners should plan for adversaries who can generate and test many more variants before a human analyst ever sees them.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 44% of organisations have implemented any policies to govern AI agents, even though 92% agree that governance is critical to enterprise security.
A question worth separating out:
Q: How can organisations reduce the impact of AI-enabled cybercrime?
A: Shorten the path from suspicious activity to identity containment. Use stronger authentication, narrow privilege, and rapid session review so a successful lure does not automatically become a successful breach. When attackers move faster, response has to be anchored in the identity layer, not only in email filtering or awareness training.
👉 Read our full editorial: Generative AI is reshaping cybercrime tactics and attack success
