Skip to content

Sophos Analysis: Cybercriminals Divided on AI Adoption

Bottom line: Cybercriminals are split on AI adoption: while some embrace automation and efficiency gains, others fear their existing illegal services are endangered by AI-powered security.

The Sophos Counter Threat Unit has analyzed how cybercriminals discuss artificial intelligence in underground forums and darknet marketplaces — the result is a deep divide between those who see AI as a strategic advantage and those who fear it as a threat to their business models.

The Sophos Counter Threat Unit (CTU) has examined underground forums and darknet marketplaces in its latest analysis and documented that cybercriminals are far from uniformly positive or negative about artificial intelligence. Instead, an ambivalent picture emerges: while some rate AI as a game changer for their operations, others discuss how AI could endanger their existing business models.

In the analyzed underground forums, AI is not treated as an abstract technology but as a concrete challenge to established criminal practices. AI-powered security solutions are discussed as potential obstacles to traditional attack vectors such as malware distribution or phishing campaigns. At the same time, parts of the criminal community recognize the potential of automation and scalability that AI tools could offer for large-scale attacks.

For CISOs, this divide means that the attacker side itself has not yet developed a unified AI strategy. This opens a window in which defensive measures that rely on AI-powered early detection and anomaly detection could potentially gain in effectiveness before cybercriminals have fully switched their tactics to AI automation.


Source: itwelt.at · Published 26 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.

Share on: