AI Supercharges Attacks in Cybercrime's New 'Fifth Wave'

The cybersecurity landscape has long been defined by distinct "waves" of threat evolution, from early malware to supply‑chain attacks. Group‑IB now labels the current era the "fifth wave," driven by weaponized artificial intelligence. Unlike previous phases that relied on human expertise and manual labor, AI democratizes sophisticated techniques, allowing even novice actors to launch high‑impact campaigns. This shift mirrors broader AI adoption across industries, but in the hands of criminals it translates into rapid, automated weaponization of deepfakes, phishing, and code generation.

Deepfake kits and synthetic identity packages have become commodities on dark‑web forums, with prices as low as five dollars. These tools can impersonate voices, faces, and even biometric data, enabling fraudsters to bypass KYC checks, steal funds, or infiltrate secure systems. The volume of discussion around AI‑enabled crime has surged from under 50,000 messages (2020‑2022) to roughly 300,000 annually since 2023, underscoring a market boom. By lowering cost and effort, these kits expand the attack surface for financial institutions, telecoms, and any organization that relies on identity verification.

Perhaps most concerning is the emergence of dark large language models (LLMs) like Nytheon AI, which operate offline and lack ethical safeguards. Subscriptions ranging from $30 to $200 grant access to 80‑billion‑parameter models capable of drafting malware, crafting persuasive phishing narratives, and automating vulnerability research. Coupled with agentized phishing platforms that continuously refine lures based on victim responses, defenders face threats that evolve in real time. Mitigation now requires AI‑aware security stacks, threat‑intel that tracks illicit model offerings, and proactive deception strategies to outpace the automated adversary.