A quieter reality behind the “AI-fueled cybercrime” narrative
The latest empirical reporting highlighted by *Wired* complicates a storyline that has become almost reflexive in boardrooms and policy circles: that generative AI is automatically supercharging online fraud. The study’s core finding is less cinematic but more operationally useful—many low-skill cybercriminals are not rushing to adopt AI tools, and some are openly skeptical or hostile toward them.
On Tor-accessible legacy communities such as Hack Forums, participants reportedly express a preference for the familiar mechanics of their trade: manual social engineering, copied-and-tweaked templates, and—crucially—relationships built through repeated interaction. That social fabric is not incidental; it is a functional asset in illicit markets where contracts are unenforceable and reputations substitute for legal recourse. In that context, AI is not merely a tool choice—it is perceived by some as a destabilizing force that can dilute authenticity, introduce errors, or invite suspicion.
This is an important corrective for executives and security leaders. The most common scams hitting consumers and employees today are often not “AI-native.” They are human-led, trust-based, and operationally conservative, even when they borrow occasional automation.
Key takeaway for threat modeling: the presence of generative AI in the public conversation does not automatically translate into universal adoption across the cybercrime skill spectrum.
Adoption friction in the underground: trust, craft, and “human-in-the-loop” crime
The study underscores a classic technology pattern: an innovation–adoption chasm. Generative AI may be widely available, but adoption depends on perceived reliability, social acceptance, and the ability to integrate tools into existing workflows. Among low-skill scammers, the barriers appear to be as much cultural as technical.
Several dynamics stand out:
- Trust deficit in autonomous outputs: Forum participants reportedly doubt AI’s ability to handle edge cases in code, maintain operational security, or reliably produce bespoke scam logic. This mirrors legitimate enterprise concerns about “black-box” systems—except the cost of failure in criminal contexts can include exposure, bans, or arrest.
- Craft matters in persuasion: While AI can draft text quickly, successful phishing and confidence scams still hinge on timing, context, and psychological calibration. The study reinforces that human judgment remains central, particularly where the objective is to manipulate a specific target rather than broadcast generic spam.
- Community norms as a gatekeeper: Underground forums function as marketplaces and social clubs. If moderators and high-status members treat “AI spam” as low-quality or suspicious, that norm becomes a de facto adoption brake—an informal governance mechanism that resembles content curation debates on mainstream platforms.
For defenders, this is not comforting so much as clarifying. It suggests that the most prevalent threats may remain stubbornly human, even as AI becomes more capable. The human element is not a temporary gap; it is part of the operating model.
The economics of AI in cybercrime: two-tier incentives, uneven returns
The research points to a bifurcated cybercrime economy where return on investment (ROI) determines how AI is used—if it is used at all.
For large, well-resourced syndicates, AI can be a commodity input: helpful for scaling routine tasks such as syntax cleanup, generating message variants, translating lures, or producing basic code snippets. At scale, even marginal efficiency gains can matter. These groups can also afford experimentation, custom tooling, and operational testing.
For small-scale “mom-and-pop” scammers, the calculus is different. They often operate with thin margins, limited technical depth, and high sensitivity to mistakes. Learning an AI workflow, paying for tools, or trusting outputs that might be inconsistent can look like unnecessary risk—especially when existing playbooks already “work” well enough.
This creates a counterintuitive parallel to legitimate labor markets. In many industries, AI is positioned as a way to reduce labor intensity. In low-skill cybercrime, the study suggests the opposite: scarcity of technical trust pushes operators toward labor-intensive methods—manual outreach, direct messaging, and community-vetted tactics.
Economic conditions may amplify this split. In periods of macroeconomic stress, opportunistic fraud can rise in volume, but not necessarily in sophistication. Meanwhile, better-funded actors selectively modernize, reinforcing a two-tier threat landscape: high-volume low-tech scams on one side, and targeted, AI-assisted operations on the other.
What this means for cybersecurity strategy, policy, and AI governance
The most actionable implication is strategic: defenders should resist monolithic assumptions about “AI-driven cybercrime” and instead adopt stratified threat models that distinguish between operator classes.
Practical considerations for organizations and policymakers include:
- Intelligence-driven defense over tool-chasing: Monitoring underground forum dynamics—reputation systems, vendor disputes, moderation patterns, and shifting norms—may yield more predictive value than simply tracking which AI tools are trending.
- Prepare for deepfake escalation without overfitting to it: The study’s skepticism among low-skill scammers does not reduce the risk that organized crime groups or state-aligned actors will deploy voice synthesis, deepfake video, and automated spearphishing at scale. The key is differentiation: not every scam wave signals advanced AI capability, but some will.
- Exploit friction as a defensive advantage: If illicit communities distrust AI outputs, that friction can slow diffusion. Policy and platform interventions that increase uncertainty for malicious use—without broadly restricting legitimate innovation—can be more effective than blunt, one-size-fits-all regulation.
- Invest in explainable, auditable AI for defense: The same trust issues criminals cite are precisely where defenders can build advantage. Security teams adopting transparent, explainable detection systems can improve analyst confidence, accelerate response, and reduce overreliance on opaque automation.
The study ultimately reframes generative AI not as a universal accelerant, but as a selective multiplier—powerful in the hands of capable, well-capitalized operators, and often unwelcome among the low-skill majority. For leaders navigating cybersecurity risk, that nuance is not academic; it is the difference between chasing headlines and building defenses aligned to how threats actually evolve.
By
By
By
By
