Notifications
Clear all
Topic starter
27/06/2026 1:12 pm
TL;DR: Malicious GPTs such as WormGPT and FraudGPT are lowering the barrier to entry for cybercriminals and helping AI-driven attacks move faster than legacy defenses can comfortably absorb, according to Abnormal AI. The governance issue is not just detection volume, but the way AI compresses attacker skill, speed, and scale into a narrower response window.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams respond to AI-generated phishing and fraud content?
A: Security teams should treat AI-generated phishing and fraud content as a scale problem, not just a message quality problem.
Q: Why do malicious GPTs make traditional email defenses less effective?
A: Malicious GPTs make traditional defenses less effective because they let attackers change wording, tone, and structure quickly without changing intent.
Practitioner guidance
- Rebaseline email and identity detections for AI-generated variation Test whether your phishing, impersonation, and anomalous-login detections still work when content is rewritten at high volume with the same intent.
- Add identity context to AI-assisted threat triage Prioritise alerts by who was targeted, whether the identity is human or non-human, and what privilege or token state could be abused next.
- Harden privileged workflows against social engineering spillover Treat privileged users, service accounts, and AI-enabled workflows as linked attack surfaces.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- Speaker discussion with Abnormal’s Field CISO, ethical hacker Jamie Woodruff, and threat intelligence leadership on malicious GPT tradecraft.
- Chapter 10 framing from The Convergence of AI + Cybersecurity series, including the threat patterns explored in the session.
- On-demand webinar access for practitioners who want the full discussion of AI-enabled abuse and defensive response.
- ISC2 CPE eligibility details for teams using the session for continuing education.
👉 Watch Abnormal AI's webinar on malicious GPTs and cybercrime →
Malicious GPTs and cybercrime: what changes for security teams?
Explore further
27/06/2026 2:27 pm
Malicious GPTs are best understood as attacker enablement layers, not as autonomous identities. The article describes tools that help criminals produce better abuse content and move faster, but that is still different from an identity making independent runtime decisions. That distinction matters because governance failures in this space are usually about velocity, scale, and deception, not about agentic authority. Practitioners should treat the threat as AI-accelerated abuse against identity systems, not as proof that every AI tool is autonomous.
A few things that frame the scale:
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
- Companies are dedicating an average of 32.4% of their security budgets to secrets management and code security, with US organisations leading at 40.8%, according to The State of Secrets in AppSec.
A question worth separating out:
Q: How can organisations prepare for faster AI-assisted abuse campaigns?
A: Organisations should prepare by testing controls against high-volume, rapidly changing lures and by defining identity-based escalation paths before incidents happen. That includes clear handling for privileged users, service accounts, and token exposure. Preparedness is about reducing decision time when malicious content starts to move.
👉 Read our full editorial: Malicious gpts are lowering the barrier for cybercriminals
