Threat Watch

Intelligence Insights on AI-Enabled Cyber and Influence Operations

Go to Threat Database

Key Takeaways

  • Q3 2025 has seen a qualitative leap in sophistication, including AI-powered ransomware and "vibe hacking" (use of coding agents to execute attacks).
  • State actors (China, North Korea, Russia, Iran) have benefited most, especially in espionage, using AI for end-to-end support in months-long campaigns.
  • The offense-defense balance still seems to favor defense for high-value targets, but this is not guaranteed to remain.
  • The prominent use of AI in social engineering suggests a need for deeper assessment, as it remains the most neglected capability in evaluations.

AI Capabilities Used in Operations

Click a bar for details

Threat Sophistication Over Time

Hover over a point for details

Key Operations

PromptLock

First-known AI-powered ransomware, using OpenAI's gpt-oss-20b model to generate malicious scripts on the fly.

Source: ESET

Vibe hacking

Claude Code used to scale up a data extortion operation across all stages: reconnaissance, initial access, evasive malware development, and data exfiltration.

Source: Anthropic

No-code malware

Claude used to develop, market, and distribute ransomware with advanced evasion in a Ransomware-as-a-service operation.

Source: Anthropic

Long multi-stage attack

Chinese actor leveraging Claude to support nearly all phases of an attack lifecycle over a 9-month campaign targeting Vietnamese critical infrastructure.

Source: Anthropic

LAMEHUG

First known malware integrating LLM capabilities (Qwen2.5) for real-time command generation, delivered via phishing emails.

Source: CATO Networks

Remote worker fraud

North Korea using AI to generate application-related content and deliver technical work to secure employment at Western tech companies.

Source: N/A

Telecom espionage

Campaign targeting Western telecom companies to monitor communications of U.S. officials, where AI may have been used to break in and maintain access.

Source: The Wall Street Journal

Threat Actor Nations

Click a nation for details

General Trends

AI in Phishing
82.6%

of phishing emails utilized AI in some way (Sep 15, 2024 - Feb 14, 2025).

Source: KnowBe4
Phishing Speed
+40%

Speed-up of phishing attacks thanks to AI.

Source: SoSafe
BEC Emails
40%

of Business Email Compromise (BEC) emails were AI-generated in Q2 2024.

Source: VIPRE Security Group
Deepfake Fraud
6.5%

6.5% of all fraud attacks in 2025 involved deepfakes, an increase of 2,137% since 2022.

Source: Signicat
Phishing Clicks
21%

of people click on malicious content within AI-generated phishing emails.

Source: SoSafe
Vishing Attacks
+442%

increase in vishing attacks between H1 and H2, leveraging increasingly sophisticated voice cloning.

Source: CrowdStrike
AI-Driven Attacks
87%

of security pros report their organization has encountered an AI-driven cyberattack in 2024.

Source: SoSafe
Significant Impact
73.6%

of security pros reported in 2025 that AI-powered threats are having a significant impact.

Source: DarkTrace