AI Hub
Threat content is defensive-only and describes observed or possible attack patterns from a defender perspective. No actionable abuse guidance, exploitation instructions or offensive tooling is provided.
Threat categories
AI-Enabled Social Engineering
Threat actors leveraging language models to generate convincing phishing content, impersonation attacks and pretexting scenarios at scale.
Synthetic Media & Deepfakes
Generated audio, video and image content used for fraud, impersonation and disinformation campaigns targeting organizations.
Model Abuse & Misuse
Exploitation of AI model capabilities for vulnerability research acceleration, malware generation assistance and automated attack tooling.
Defensive Countermeasures
Detection techniques, verification procedures and organizational controls for mitigating AI-enabled threats.
Related campaigns
View allAI-Generated Executive Impersonation Phishing
Threat actors are using language models to generate more convincing executive impersonation emails, reducing detectable grammar and formatting errors in phishing campaigns.
Defensive Context
Security teams should update phishing awareness training to include AI-generated content examples and strengthen sender verification procedures for financial authorization requests.
Defensive context only. No phishing templates or operational instructions.
Synthetic Voice Deepfake in Financial Fraud
Observed cases of synthetic voice generation used to impersonate executives in wire transfer authorization calls. Quality of synthetic audio continues to improve.
Defensive Context
Organizations should implement multi-factor verification for high-value transactions and consider voice authentication challenges as a compensating control.
Defensive context only. No deepfake generation guidance.
Model Abuse for Automated Vulnerability Scanning
Reports of threat actors using language models to accelerate vulnerability research and generate exploitation payloads from public advisories.
Defensive Context
Patch management and exposure reduction remain the primary defenses. AI-accelerated exploitation shortens the window between disclosure and exploitation.
Defensive context only. No exploitation guidance.
