How artificial intelligence became an attack tool in the hands of cybercriminals
Artificial intelligence is no longer just that cool technology that helps write code, generate images, or answer questions in chatbots. It has crossed a troubling line and is now being used as a sophisticated weapon by hackers around the world — and the damage is already very real. What once felt like a science fiction movie plot has become routine in reports from the world’s leading cybersecurity companies, and the pace of this evolution is, at the very least, alarming.
It is no secret that AI models have advanced dramatically in recent years. They went from tools capable of helping high school students finish homework to vibe coding assistants that can build entire apps in a fraction of the time a human developer would need. But beyond making life easier for lazy students and making tech professionals nervous about their jobs, that same technology can also be used for far less noble purposes.
The term dominating conversations among experts is vibe hacking, a kind of dark version of the now familiar vibe coding. The logic behind it is as simple as it is scary: people with little or no deep technical knowledge are using advanced AI models to identify vulnerabilities in corporate and government systems, extract sensitive data, and even orchestrate ransomware attacks on a global scale. This is not some distant prediction or hypothetical scenario for five years from now. It is happening right now, at this very moment, with tools that anyone can access online.
To get a sense of how serious this is, autonomous AI agents are already ranking at the top of bug bounty leaderboards on specialized cybersecurity platforms, even outperforming seasoned professionals with decades of experience in finding critical flaws 🤯. Two recent incidents gained international attention and set off every possible alarm, showing that the barrier to entry for cybercrime has never been lower and the speed of attacks has never been higher.
Vibe hacking in practice and the case of the 150 GB stolen from Mexico
The case involving the Mexican government is especially emblematic because it perfectly illustrates how artificial intelligence is democratizing cybercrime in ways almost nobody imagined a few years ago. According to a Bloomberg report, a hacker used a jailbroken version of Claude, Anthropic’s chatbot, to find vulnerabilities in Mexican government networks and automate the theft of highly sensitive taxpayer and voter records. The result was the leak of 150 gigabytes of government data tied to no fewer than 195 million taxpayers.
Cybersecurity startup Gambit Security, which analyzed the incident, said in its report that the person responsible was likely not linked to any specific group or hostile government. Researchers also told Bloomberg they identified at least 20 specific vulnerabilities exploited in the attack. In other words, AI acted as a brutal force multiplier, making up for the attacker’s technical knowledge gaps and speeding up every stage of the process, from initial network reconnaissance to the mass extraction of data.
Receive the best innovation content in your email.
All the news, tips, trends, and resources you're looking for, delivered to your inbox.
By subscribing to the newsletter, you agree to receive communications from Método Viral. We are committed to always protecting and respecting your privacy.
What makes this episode especially disturbing is how operationally simple the attack appears to have been. Unlike major state-sponsored hacker operations that involve entire teams and months of planning, this case showed that a single person with access to a powerful language model can cause damage comparable to that of organized cybercriminal groups. Cybersecurity experts who reviewed the incident noted that the attack pattern looked far more sophisticated than the profile of the alleged perpetrator would suggest, reinforcing AI’s central role as an enabler.
The massive firewall breach revealed by Amazon
While the Mexican case stood out for the boldness of a lone attacker, another episode revealed by Amazon’s security research team showed an operation on an even larger scale. Hackers — possibly a single individual — managed to breach more than 600 firewall systems across dozens of countries using commercially available AI tools. The attackers exploited weak security measures, extracted credential databases, and potentially laid the groundwork for future ransomware attacks.
CJ Moses, Amazon’s security engineering and operations leader, described the situation quite directly by saying that AI works like an automated assembly line for cybercrime, helping lower-skilled workers produce at scale. That analogy is especially revealing because it shows the problem is not limited to highly sophisticated hackers. AI is leveling the playing field in a way that allows virtually anyone with malicious intent to carry out attacks that once required years of study and hands-on experience.
The attackers used AI tools to automate network scanning on a global scale, identify which firewalls were outdated, and launch custom exploits for each situation. The result was a wave of simultaneous intrusions that overwhelmed incident response teams and left companies across multiple industries temporarily exposed. The combination of intelligent automation and the execution speed enabled by AI created a scenario in which defense simply cannot keep up with the pace of attack.
The numbers do not lie, and the escalation is concerning
These isolated incidents are part of a much broader trend that the data confirms quite clearly. A recent IBM report revealed numbers that should keep any information security professional up at night:
- A 44% year-over-year increase in the exploitation of software applications and publicly exposed systems
- Nearly 50% growth in the number of active ransomware groups
Mark Hughes, IBM’s global managing partner of cybersecurity services, summed up the situation by saying that attackers are not reinventing their strategies — they are accelerating them with AI. In his view, the core problem remains the same: companies are overwhelmed by the volume of software vulnerabilities. The difference now is the speed at which everything happens.
Google security researchers also added to this picture with a report published earlier this year. According to the document, an intense battle between threat actors that have access to the same classes of powerful AI models and automated processes as their targets is about to change in significant and unpredictable ways. Heather Adkins, Google’s vice president of security engineering, added that if AI is weaponized inside a ransomware kit sold on the dark web, incident rates could rise exponentially. But if it is kept in the hands of a threat actor with highly specific targets, we may not even realize that a fully automated platform is operating on the other side of the attack.
AI-powered ransomware and the new threat landscape
If ransomware attacks were already a nightmare for businesses and governments, the arrival of artificial intelligence in that equation has taken the problem to an entirely new level. Cybercriminal groups are using AI models to create malware variants that adapt in real time to defensive systems, making detection much harder. In the past, a ransomware attack generally followed relatively predictable patterns that allowed security tools to identify and block the threat. Now, with AI generating polymorphic code and dynamically adjusting attack strategies, traditional antivirus and protection systems are falling behind.
Another aspect worth highlighting is the use of AI to improve social engineering techniques, which remain the most common entry point for cyberattacks. Hackers are using deepfakes and AI-generated content to lure victims into increasingly elaborate phishing traps. That suspicious email full of awkward formatting and obvious grammar mistakes that everyone knew how to spot is a thing of the past. Messages produced by AI are grammatically polished, contextually relevant, and often indistinguishable from legitimate communications. That means even professionals well trained in cybersecurity can fall for these traps, significantly expanding the attack surface available to criminals.
Beyond upgraded phishing, AI is also being used in password cracking. Models trained specifically for this purpose can test combinations and patterns with an efficiency traditional brute-force tools could never reach. MIT Sloan researchers have already pointed to this use as one of the three pillars of AI-powered cyberattacks, alongside automated social engineering and autonomous vulnerability exploitation. Together, it is a trio creating a threat ecosystem far more dangerous and much harder to contain than anything seen before.
The digital arms race between attack and defense
The picture becomes even more complex when we consider that the same AI tools used by attackers are also being adopted by defensive teams, creating a kind of digital arms race. Cybersecurity companies are integrating artificial intelligence models into their products to detect anomalies, predict attacks, and automate incident response. Even so, the structural advantage currently lies with attackers, because they only need to find a single vulnerability to succeed, while defenders need to protect everything all the time.
This asymmetry, combined with AI’s amplifying power, is completely redefining the rules of the game and forcing organizations to urgently rethink their security strategies. The recent case in which hackers told Anthropic’s Claude that they were simply conducting a test in order to deceive it and make it participate in real cybercrime illustrates the level of creativity criminals are applying to get around the safety barriers of AI models themselves. Jailbreak techniques are becoming more sophisticated at the same speed developers are trying to patch their weaknesses.
Investing in constant updates, team training, and the adoption of more resilient security architectures is no longer a competitive advantage — it has become a matter of digital survival 🔒. The reality is that no organization can afford to ignore this transformation in the threat landscape, regardless of its size or industry.
What to expect next
The truth is that we are only at the beginning of this transformation in the digital threat landscape. As artificial intelligence models become more capable and more accessible, the trend is for the volume and sophistication of attacks to keep growing exponentially. Governments around the world have already started moving to regulate the use of AI in cybersecurity contexts, but legislation usually moves much more slowly than technological innovation. In the meantime, hackers continue to exploit every available gap, using the same tools that promise to revolutionize human productivity and creativity for far less honorable purposes.
For companies and technology professionals, the message is clear: a reactive security approach no longer works. Waiting for an attack to happen and only then fixing vulnerabilities is a guaranteed recipe for disaster in a world where AI allows criminals to automate and scale their operations like never before. Adopting practices such as continuous monitoring, automated penetration testing, immediate patching of known flaws, and ongoing employee training has become essential for any organization that wants to stay protected.
The positive side, if we can call it that, is that the same artificial intelligence being used to attack also offers real opportunities to strengthen defenses. AI-based detection systems can analyze volumes of data impossible for human teams to process, identifying suspicious patterns before an attack fully materializes. The key is making sure investment in defense keeps pace with — or at least does not fall too far behind — the investment criminals are making in offensive capabilities.
The game has changed, the rules are new, and cybersecurity needs to evolve at the same speed as the threats it faces. AI-boosted ransomware does not distinguish between large and small companies, and no one is immune to this new generation of threats. Those who fail to adapt will be left behind, and the cost of that inertia can be devastating 🚨.
