THE article outlines ten AI-assisted attack classes, from hyper-personalised phishing and deepfake video calls to agentic AI that conducts intrusions with minimal human input and polymorphic malware that rewrites itself mid-execution. It notes real-world losses and incidents, including Pepco Group’s roughly €15.5 million exposure in February 2024 and an Arup case in January 2024 where HK$200 million was wired in 15 transactions during a deepfake Teams call.
It highlights voice cloning and vishing, with the FBI reporting over 22,000 AI-related complaints and about $893 million in losses in 2024, while PlugValley offers AI-powered vishing as a service. It cites a joint disclosure by Microsoft and OpenAI that identified five state actors abusing LLMs to disrupt threat operations, and references a July 2025 attribution of LAMEHUG to Russia’s GRU-linked APT28 via a Python-based malware querying a Hugging Face API.
The piece also mentions February 2026 BreachForums leakage of WormGPT subscriber data, and a June 2025 CVE-2025-32711 zero-click prompt injection incident affecting Microsoft 365 Copilot.