AI has been part of the cyber conversation for years, and its influence has accelerated as organisations modernise their environments. AI models have reshaped workflows and sharpened both the defensive capabilities of major companies and the ambitions of those threat actors trying to break past those firewalls to ransom their secrets. But there is still a gap between what some recent reports suggest and what attackers can realistically achieve with AI today. Security teams should stay focused on evidence rather than assumptions.
Two headline-grabbing studies have created the impression that attackers are already running sophisticated, autonomous AI-driven campaigns. The first came from the MIT Sloan School of Management and Safe Security, which claimed that most ransomware attacks now involve AI, a methodology later challenged by security researchers. That report was temporarily withdrawn, but a second announcement from Anthropic that state-sponsored actors had manipulated one of its models to run a multi-stage espionage campaign across dozens of organisations raised the spectre of AI-powered cybercrime yet again.
According to the AI developer’s account, their Claude model played an active role in everything from identifying weaknesses to lateral movement and data theft. Yet the absence of any technical indicators, combined with the reliance on widely detectable open-source tools, raised serious doubts among experts. “To me, Anthropic is describing fancy automation, nothing else,” Michał Woźniak, an independent cybersecurity expert, told The Guardian. “Code generation is involved, but that’s not ‘intelligence’ – that’s just spicy copy-paste.”
No proof of a pattern of AI cybercrime
There are certainly emerging examples of attackers experimenting with AI in operational workflows. One recent case involved ransomware labelled PromptLock, which used a locally hosted large language model to generate Lua scripts on demand for reconnaissance and encryption. Earlier this year, researchers also assessed that the FunkSec group had likely used generative tools to assist their development process.
These examples are interesting, but they are exceptions rather than proof of a broader pattern. The most capable ransomware groups already maintain their own development pipelines and rely on human expertise honed over years. Where AI may help today is in refining existing code, supporting reconnaissance, or crafting more convincing social engineering, not in building complete attack chains from scratch.
There is also an important practical point: malware produced directly from a model has not been iterated, tested or tuned in real-world conditions. Established groups depend on field testing to refine reliability and impact. Those insights rarely feed back into public model training data, which makes AI-generated malware less dependable than the work of human operators.
Even if we take Anthropic’s findings at face value, there are structural limits to this type of operation. The company itself noted that its model repeatedly exaggerated its own progress and manufactured details, including credentials that did not exist. That kind of behaviour forces human oversight back into the process, undermining any idea of a fully autonomous assault.
There is a simple tactical constraint. If an attack is tied to a commercial model, the entire AI-powered cybercrime operation depends on continued access to that system. The moment the provider detects misuse, the access is revoked, and the campaign is collapsed. Attackers could shift to local open source models, but they tend to be less capable than the leading commercial platforms and require more maintenance and expertise.
Clarity over noise
The UK’s National Cyber Security Centre has warned that AI will make parts of intrusion activity quicker and easier, and that organisations should expect a rise in both volume and complexity of attacks. It predicts that the most significant developments will come from AI-assisted vulnerability research and exploit development rather than the fully autonomous attacks described in recent headlines.
This is why clarity matters. As AI advances, adversaries will use it whenever it provides them with an advantage. But the defensive community has access to the same technology and can apply it at scale and with accountability. The industry needs clear analysis, not sensational claims, so that organisations invest their energy in the threats that truly matter.
The reality is simple. AI will reshape cyber-attacks, but not in the way some reports imply. The priority now is to strengthen visibility, reduce exposure, and use AI responsibly to counter the attackers who are already adapting their methods. The goal is resilience without fear-mongering, and security based on evidence rather than hype.
David Sancho is a senior threat researcher at Trend Micro
Read more: Zero Days might be scary – but older, known vulnerabilities are much more frightening
