AI-powered cyberattacks: How generative AI is changing the threat landscape

By Ben TAGOE

Introduction: The Dual-Use Nature of Generative AI

Generative artificial intelligence has emerged as one of the most transformative technologies of our era, demonstrating capabilities in content creation, problem-solving, and automation across virtually every industry. Large language models can write sophisticated code, create realistic images and videos, generate human-like conversations, and analyse complex datasets with unprecedented speed and accuracy.

These same capabilities that enable productivity gains, creative breakthroughs, and business innovation also present a fundamental security paradox: the technologies empowering legitimate business transformation simultaneously empower malicious actors with capabilities that fundamentally alter the cybersecurity threat landscape.

Cybercriminals now leverage generative AI to automate attack development, personalize social engineering at scale, create convincing deepfake content for fraud and manipulation, develop adaptive malware that evades traditional detection, and conduct reconnaissance with superhuman efficiency. What previously required specialized technical skills, significant time investment, or large criminal organizations can now be accomplished by individuals with modest technical knowledge and access to widely available AI tools.

This democratization of advanced attack capabilities represents a paradigm shift in cybersecurity, compressing the timeline between vulnerability discovery and exploitation, lowering barriers to entry for cybercrime, and enabling attack sophistication previously reserved for nation-state actors to become accessible to common criminals. For business leaders managing complex supply chains, sensitive partner data, and critical infrastructure, understanding this AI-transformed threat landscape is no longer optional, it represents a strategic imperative for organizational survival and competitive positioning in an increasingly hostile digital environment.

Threat Evolution: How Generative AI Amplifies Cyberattack Capabilities

Traditional phishing attacks relied on generic templates easily identified by grammatical errors, implausible scenarios, and obvious inconsistencies. Generative AI has fundamentally transformed phishing effectiveness and scale. Language models can now generate perfectly written, contextually appropriate, and highly personalized phishing messages in any language, free from the telltale signs that previously helped recipients identify fraudulent communications. More critically, AI enables hyper-personalization at scale, analysing public information about targets from social media, company websites, and data breaches to craft messages referencing specific projects, colleagues, interests, and recent activities.

An AI system can simultaneously generate thousands of unique, personalized phishing emails targeting different individuals within an organization, each tailored to that person’s role, responsibilities, and digital footprint. The system can analyse which message variants generate higher click rates and automatically optimizing future campaigns based on real-time feedback. It can engage in multi-turn conversations, responding to recipient questions or objections with contextually appropriate replies that build trust before introducing malicious elements. This capability transforms phishing from a numbers game hoping someone clicks generic messages into precision-targeted psychological manipulation designed specifically to exploit individual vulnerabilities.

AI-generated synthetic media that convincingly impersonates real people, has evolved from novelty to serious business threat. Generative AI can now create highly realistic video and audio of executives, employees, or business partners saying or doing things they never actually said or did. In business contexts, deepfakes enable unprecedented fraud schemes. Criminals use AI-generated voice clones of executives to authorize fraudulent wire transfers, with voice synthesis technology requiring only brief audio samples, often obtainable from earnings calls, conference presentations, or social media videos, to create convincing replicas.

Video deepfakes of executives can be used in fake video conferences to authorize transactions, announce false business decisions that manipulate stock prices, or damage reputations through fabricated statements. Beyond direct fraud, deepfakes undermine the fundamental trust that business relationships depend upon. When any video call, voice message, or recording could potentially be AI-generated fabrication, verification becomes exponentially more complex. B2B organizations conducting high-value transactions, merger negotiations, or confidential partnerships face particular vulnerability as deepfakes can compromise deal integrity, expose confidential information, or manipulate competitive positioning through fabricated communications attributed to executives or partners.

The reconnaissance phase of cyberattacks, gathering information about targets to identify vulnerabilities and craft effective attacks, has been dramatically accelerated by AI. Generative AI can automatically scrape and analyse vast amounts of public information from social media, company websites, job postings, public records, and data breaches, synthesizing this information into detailed profiles of organizations and individuals. It can identify organizational structures, technology stacks, business relationships, ongoing projects, and individual employee roles, interests, and potential vulnerabilities.

AI-powered chatbots can engage potential targets in social engineering conversations, building rapport over extended periods, gathering information through seemingly innocent questions, and identifying psychological vulnerabilities to exploit. These AI agents can simultaneously maintain dozens or hundreds of these relationship-building conversations, each tailored to the specific individual, creating social engineering campaigns that would require large teams of human operators to execute at similar scale. The AI never gets tired, maintains perfect consistency in its fabricated persona, and can draw upon vast databases of conversational patterns to respond appropriately to unexpected questions or situations.

Impact on Businesses: Specific Risks and Vulnerabilities

Businesses operate within complex ecosystems of suppliers, partners, service providers, and customers, creating extensive attack surfaces that AI-powered threats can systematically exploit. Criminals can use AI to map entire supply chains, identifying the weakest security links, often smaller suppliers or partners lacking robust security programs and compromising these entities as entry points to larger, better-protected target organizations. Once an attacker compromises a trusted supplier, they can leverage that position to launch highly credible attacks against the supplier’s customers.

An AI system impersonating a legitimate supplier can send convincing emails about invoice changes, product updates, or service modifications that redirect payments, install malware, or harvest credentials. The attacks appear to come from trusted sources, bypass many security controls designed to filter external threats, and exploit the trust relationships fundamental to B2B operations. AI enables these supply chain attacks to scale beyond what human operators could manage, simultaneously targeting multiple organizations through their respective suppliers, customizing each attack based on the specific business relationship and communication patterns between each supplier-customer pair.

Also, there is the case of business email compromise, where attackers impersonate executives or business partners to authorize fraudulent transactions, has become one of the costliest cybercrime categories for B2B organizations. AI dramatically amplifies BEC effectiveness and scale. Language models can analyse an organization’s email communications patterns, learning writing styles, common phrases, approval processes, and organizational hierarchies. Using this knowledge, AI can generate highly convincing fraudulent emails that perfectly mimic how actual executives write and request actions.

AI-generated voice clones enable phone-based verification attacks where criminals call finance departments using synthesized voices of executives to confirm fraudulent email requests, defeating one of the primary defences against BEC. The combination of AI-generated email and voice impersonation creates multi-channel attacks that are exceptionally difficult for employees to identify. AI also enables more sophisticated invoice fraud, analysing legitimate invoice patterns and generating fraudulent invoices with modified payment details that appear entirely normal, targeting accounts payable departments processing high volumes of invoices where individual verification may be inconsistent.

B2B relationships depend fundamentally on trust and the ability to verify the identity and authenticity of communications from partners, suppliers, and customers. AI-powered impersonation capabilities undermine these trust foundations. When any email, voice call, or video conference could potentially be AI-generated impersonation, traditional verification methods become insufficient. Organizations must fundamentally rethink authentication for high-value transactions and sensitive communications. The challenge is particularly acute for B2B sectors where business relationships span years or decades, where personal relationships between counterparties create trust, and where efficiency pressures encourage streamlined processes rather than rigorous verification. AI threats force difficult trade-offs between maintaining the efficiency and relationship quality that drive B2B success and implementing verification procedures robust enough to defend against AI-enabled impersonation but potentially cumbersome enough to strain business relationships and slow operations.

Conclusion: Navigating the AI-Transformed Threat Landscape

Generative AI represents both the most significant technological opportunity and the most fundamental security challenge of our era. For B2B organizations, the implications extend beyond abstract cybersecurity concerns to core business questions about trust, verification, risk management, and competitive positioning. AI-powered attacks are not theoretical future threats, they are present realities that organizations face today, with sophistication and scale that will only intensify as AI capabilities advance. The combination of automated phishing that perfectly mimics legitimate communications, deepfakes that undermine trust in digital identity, adaptive malware that evades traditional defence’s, and AI-enhanced reconnaissance that systematically identifies vulnerabilities creates threat complexity unprecedented in cybersecurity history. Traditional defence strategies designed for previous threat generations prove insufficient against adversaries wielding AI capabilities that fundamentally alter attack economics, timelines, and sophistication. However, acknowledging these challenges need not lead to fatalism.

The same AI technologies empowering attackers also enable transformative defensive capabilities when organizations invest in AI-powered threat detection, behavioural analysis, automated response, and continuous adaptation. Success requires more than deploying new tools, it demands strategic organizational transformation encompassing technology investment, talent development, process evolution, cultural change, and leadership commitment to security as strategic imperative rather than operational overhead. B2B organizations that treat AI security as foundational business requirement, that invest proactively rather than react to incidents, that build capabilities matching threat sophistication, and that view security as competitive advantage rather than cost centre will navigate this transformed landscape successfully.

Those that postpone investment, rely on outdated security paradigms, or treat AI threats as someone else’s problem face escalating risk that threatens not merely security posture but fundamental business viability. The AI security challenge is neither unsolvable nor optional. It is the defining business security question of this decade, requiring proportional response from organizations serious about protecting their operations, their partners, and their futures in an increasingly AI-driven world.

The post AI-powered cyberattacks: How generative AI is changing the threat landscape appeared first on The Business & Financial Times.

Read Full Story