Researchers uncovered what appeared to be the first AI-powered ransomware, PromptLock, which employed large language models throughout every attack stage. The malware could autonomously generate customized code, map systems, and write personalized ransom notes without human intervention. This discovery initially caused widespread alarm, though it later emerged to be a research project rather than an active threat.

Real criminals already leverage AI tools to enhance their attacks, with Microsoft reporting blocking $4 billion in scams potentially aided by AI content. By April 2025, at least 14% of targeted email attacks used LLMs, up from 7.6% the previous year. Deepfake technology enabled a $25 million fraud at a British engineering firm through video calls with fake company executives.

Security experts stress that AI-powered cyberattacks represent an immediate reality rather than a future concern. While fully autonomous attacks remain unlikely, AI is already lowering barriers for less experienced attackers and increasing scam effectiveness. Google has observed China-linked actors using Gemini AI to identify vulnerabilities after bypassing safety measures through deceptive prompts.