AI Is Making Attacks Cheaper, Faster and More Covert, Says ReliaQuest
ReliaQuest's new report details six practical ways attackers are using AI to lower costs, speed up operations, and evade detection, from industrial-scale phishing to deepfake identity fabrication.
AI is making cyber-attacks cheaper, faster to scale, easier to customize, and harder to spot, but it is not fundamentally changing the tradecraft of intrusions, according to a new report from ReliaQuest. The threat intelligence specialist has tracked AI's evolution on the cybercrime underground over the past two years, finding that by mid-2025, AI had moved "closer into the heart of the offensive workflow."
In 2024, AI was mainly used for polishing phishing emails and generating basic scripts. Today, it enables mass generation of phishing pages and lures, rapid production of malicious tools like web shells and credential harvesters, and sophisticated social engineering that erases traditional tell-tale signs such as typos and poor grammar. The report identifies six key ways AI is being used in intrusions: phishing at industrial scale, faster malicious tool production, social engineering polish, identity fabrication, initial-access acceleration, and AI-branded tools as lures.
AI is being adopted by a wide range of threat actors, from ShinyHunters to North Korean hackers, for goals including extortion, initial access, fraud, and espionage. The central theme is that AI "consistently enabled these operators to achieve more, faster, with less effort." Attackers treat AI as operational infrastructure—something to buy, tune, and slot into existing workflows—balancing efficiency with reliability and cost.
One notable use case is identity fabrication, where AI makes North Korean worker fraud easier to scale and harder to spot through rapid development of fake profiles and convincing deepfakes for meetings and interviews. AI also accelerates initial access by generating obfuscation in ClickFix attacks and assisting in device-code phishing campaigns. Additionally, attackers are using AI-branded tools as lures, tricking users into running malicious installation commands disguised as Claude or other branded downloads.
ReliaQuest advises security teams not to build a new strategy around AI as a category, but to strengthen fundamentals to match the new pace of attacks. Recommended actions include using behavioral detection across endpoint, identity, network, and cloud; automating containment to keep pace with machine-speed attacks; retraining users on the full range of what AI can fake; investing in threat research to track AI-scaled campaign patterns; and using external threat intelligence to spot AI-enabled tradecraft before it reaches the environment.
The report underscores that while AI amplifies existing attack methods, it does not create entirely new ones. The focus for defenders should be on operational excellence and leveraging AI and automation themselves to counter the accelerated threat landscape.