<\/p>\n
![](\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/25\/redefining-defense-in-ai-led-cyberattacks-hero.jpg\")
<\/div>\nKey takeaways:<\/b><\/p>\n Anthropic\u2019s recent disclosure of an AI-orchestrated cyber espionage campaign<\/a> reflects the broader trend of threat actors using autonomous artificial intelligence (AI)<\/a> to automate and scale their cyberattacks: The incident involved a China-aligned group that manipulated Anthropic\u2019s Claude Code tool to autonomously target around 30 organizations around the world, including tech companies, financial institutions, chemical manufacturers, and government agencies. The attackers bypassed AI guardrails through jailbreaking techniques, instructing the AI to conduct reconnaissance, develop exploit code, harvest credentials, and exfiltrate sensitive data, all with minimal human intervention. This event underscores the urgent need for enhanced safeguards and industry-wide collaboration to counter increasingly sophisticated AI-powered threats.<\/p>\n What we\u2019re seeing in the threat landscape<\/span><\/p>\n Early stages <\/b> A significant trend is the proliferation of so-called criminal large language models (LLMs). Most offerings in criminal circles are not truly custom-trained models, but rather jailbreak-as-a-service frontends<\/a> \u2013 interfaces that use specially designed prompts to bypass the ethical safeguards of commercial LLMs and deliver unfiltered, malicious responses. Notable examples include WormGPT and DarkBERT, which have resurfaced in various forms, often accompanied by claims of new features or capabilities. Many such offerings are scams or simply repackaged interfaces to commercial models, yet the demand for privacy and anonymity among criminals drives continuous development.<\/p>\n Deepfake technologies<\/a> represent another area of rapid growth. Criminals now offer deepfake services to bypass Know Your Customer (KYC) checks<\/a> at financial institutions, facilitate scams, and perpetrate extortion. These services have become more affordable and accessible, with offerings ranging from image and video manipulation to real-time avatar generation for fraudulent video calls. The quality and sophistication of these tools are improving, enabling threat actors to target regular citizens and not just high-profile individuals.<\/p>\n Trend\u2019s ongoing research in this area underscores that criminal adoption of AI is marked by incremental evolution rather than revolutionary change. Cybercriminals favor tools that lower barriers to entry and increase efficiency, such as jailbreaking existing LLMs and utilizing deepfake services. The market is also rife with scams targeting other criminals, reflecting the opportunistic nature of the underground that\u2019s ready to seize on emerging AI features. As GenAI capabilities continue to advance, Trend remains vigilant in tracking these developments and advising organizations to strengthen their defenses against increasingly sophisticated AI-driven threats.<\/p>\n Today<\/span><\/p>\n Attackers are not only using AI for code generation or jailbreaking LLMs; they\u2019ve progressed to actively integrating AI into the malware itself. Notable cases<\/a> such as LameHug’s (PROMPTSTEAL) use of HuggingFace-hosted AI to craft info-stealing scripts, and how PROMPTFLUX requested obfuscation techniques from Google\u2019s Gemini AI, demonstrate how adversaries are moving past traditional, static malware. Although threat actors may still face challenges like API key revocation and the unpredictability of AI-generated code, the use of AI in cybercrime is poised to increase as attackers continue to explore new ways of exploiting these technologies, making proactive security strategies critical.<\/p>\n While conventional defenses like network segmentation, multi-factor authentication (MFA), and endpoint detection and response (EDR) remain foundational to cybersecurity, these are challenged more and more by AI-powered cyber threats. \u201cVibe-coded\u201d attacks<\/a> \u2013 which uses AI-generated malicious code that mimics trusted sources \u2013 further complicates attribution and signature-based detection, since AI can craft malware fragments that closely resemble legitimate research or imitate the tactics of other threat actors, making it difficult for defenders to distinguish between genuine and malicious activity.<\/p>\n Anthropic reports that Claude was manipulated into writing its own exploit code, which was then used to collect credentials that gave attackers access to sensitive information. AI-powered malware, particularly in the form of agentic AI, represents a transformative shift in the cybercriminal ecosystem. As AI agents begin to supplant human-driven use of GenAI, attackers will increasingly deploy and rely on their own agentic AI architectures, in which specialized agents \u2013 each equipped with their own tools and roles \u2013 work together under the direction of sophisticated orchestration layers. By automating tasks that once required the coordinated effort of entire teams, attacks that previously took days or weeks can now unfold within hours. And because these AI-powered agents can be replicated at scale, threat actors are also able to launch and adapt campaigns across multiple targets simultaneously. In Anthropic\u2019s case, the attackers were able to leverage the AI\u2019s agentic abilities for their own purposes: Disguising their malicious activity as small, benign tasks for Claude to execute, the attackers were able to deceive the AI into believing it was conducting legitimate defensive testing \u2013 ultimately, the AI was responsible for carrying out as much as 80% to 90% of the campaign.<\/p>\n Tomorrow<\/span><\/p>\n Currently, many AI-driven attacks are essentially scaled-up versions of established cybercriminal techniques \u2013 think phishing, ransomware, and credential stuffing \u2013 that are now performed with far greater efficiency and resilience owing to AI-driven automation. While this enhances traditional attack models, AI also opens the door to new kinds of cybercrime previously thought impractical because of their complexity or the resources needed, like physical surveillance with digital exploitation for hyper-targeted phishing campaigns. The turn away from manually controlled operations is evolving cybercrime from a \u201cCybercrime as a Service\u201d model to \u201cCybercrime as a Servant,\u201d in which cybercriminal operations are increasingly managed by agentic AI systems.<\/p>\n Agentic AI is a game-changing force for cybercrime thanks to its layered architecture, with orchestrators allocating tasks and managing data flow among agents dedicated to specific jobs. The orchestrator acts as the criminal operation\u2019s \u201cbrain\u201d, composing workflows that chain agents in optimal order based on given objectives and available data. This allows agents to quickly recover from disruptions and respond to changing circumstances in real time: Their priorities, roles, and tactics can be reconfigured on the fly, leading to adaptive, persistent, and highly scalable attack ecosystems that challenge conventional security controls.<\/p>\n Its modular nature can also facilitate persistent, multi-stage operations, as criminal agents will be able to independently carry out complicated tasks and maintain attack continuity even if parts of the infrastructure are taken down. Additional attack techniques and tools are also easily integrated into the architecture; new agents can just be plugged into the system without requiring extensive reengineering. This has also fast-tracked the identification and weaponization of any vulnerabilities in a targeted system \u2013 similarly, Claude was misused to identify and test for vulnerabilities in targeted systems as part of the attack \u2013 since agents can analyze vast datasets, discover unknown weak points, and quickly develop and deploy tailored exploits, leaving defenders with the challenge of combating an adversary supported by a self-healing architecture. In the long run, AI-powered malware and agentic AI in the hands of malicious actors will mark the beginning of a new baseline in cybersecurity, in which defenders must adopt similarly automated, agentic defenses that target autonomous networks rather than individual people.<\/p>\n What it means for enterprise risk<\/span><\/p>\n While current criminal adoption of agentic AI is still nascent, its integration will accelerate existing criminal business models, making operations faster, more flexible, and resilient. For instance, agents can customize malware payloads per victim type, automate complex exploitation chains, and parse massive volumes of breach data for monetization, all with minimal human oversight. Moreover, agentic AI makes low-margin, high-volume attacks like social engineering scams profitable by leveraging scalable AI-driven interactions. With the ecosystem maturing, criminal marketplaces will emerge for purchasing agents and orchestrators that will further lower the barriers to entry and drive specialization among threat actors.<\/p>\n As agentic AI becomes more prevalent, enterprises should expect a surge in attacks targeting cloud and AI infrastructure, which offer criminals scalable resources and valuable data to exploit. The evolution of agentic cybercrime will introduce new attack types and optimize existing ones, giving rise to novel criminal business models where human actors become overseers rather than direct participants, as with “Cybercrime as a Servant”. These changes will create unpredictable ripple effects throughout the criminal ecosystem, making proactive planning essential.<\/p>\n Responding at the speed of AI<\/span><\/p>\n To safeguard their assets, enterprises must invest in advanced, agentic AI-powered security platforms and proactive attack simulations, prioritize education on emerging threats, and maintain vigilance as the cyber threat landscape continues to change. Matching the speed and adaptability of attackers means practicing the following:<\/p>\n Agentic defense<\/b><\/p>\n As cybercriminals increasingly use agentic AI architectures, organizations and their security teams must respond in kind by developing their own automated defense systems: This involves deploying orchestrators and agents that not only handle incident response and alert triage, but are able to learn and adjust to new threats over time. By adopting agentic AI-powered security platforms for their own defenses, business leaders ensure that their security operations can keep pace with the evolving tactics and scale of modern cybercrime, reducing reliance on manual intervention while strengthening their ability to respond to new kinds of attacks.<\/p>\n Proactive simulation<\/b><\/p>\n\n
Trend Micro\u2019s leading research into the criminal adoption of AI reveals a rapidly evolving landscape: Trend\u2122 Research\u2019s analysis of underground forums and marketplaces demonstrates that while cybercriminals were initially slow to adopt generative AI (GenAI) technologies, their interest and activity have accelerated. Early criminal use focused on leveraging AI tools like ChatGPT<\/a> to assist in coding malware, generating phishing emails, and crafting social engineering campaigns. However, these activities typically involved using AI to improve existing attack methods rather than developing AI-powered malware itself.<\/p>\n