The darkside of AI: Guardrails, loopholes, and exploits.

The darkside of AI: How hackers exploit artificial intelligence for cybercrime

Artificial intelligence has transformed everyday life. From drafting emails to analysing financial data, AI is now a trusted assistant for millions. Yet beneath this wave of innovation lies a more sinister reality. The same tools that help businesses operate more efficiently and individuals manage their daily tasks are being exploited by cybercriminals.

Hackers are turning AI into a weapon, using it to compose malicious scripts, automate phishing campaigns, and side step protective guardrails. This is the darkside of AI, a growing concern that affects governments, corporations, and everyday users alike.

Say Hi, Trezor Safe 5

Crypto security & convenience in a gorgeous design. The EAL6+ Secure Element adds asset protection while the bright, vibrant color touchscreen & haptic feedback bring a new level to your crypto experience.

The rise of AI-powered cybercrime

Artificial intelligence is not inherently good or bad. Like any technology, its impact depends on how it is used. For cybercriminals, AI offers an unprecedented toolkit. Tasks that once required advanced programming skills can now be executed with AI-generated code. Malware, phishing emails, and ransomware campaigns can be written, tested, and refined faster than ever before.

Unlike traditional software tools, AI systems are adaptive. They learn from prompts, adjust their responses, and improve over time. A malicious actor can interact with AI in much the same way an office worker might, asking it to “clean up” a script, “optimise” a phishing email, or “make code stealthier”. The accessibility of AI tools means that even amateurs with limited technical knowledge can now launch cyberattacks.

Real-world examples of AI in the hands of hackers

1. AI-generated phishing emails

Phishing remains one of the most effective cybercrime methods. Traditionally, poorly worded or misspelt messages raised suspicion. Today, hackers use AI to compose flawless emails that mimic corporate tone, style, and branding. In 2023, researchers from security firm SlashNext demonstrated how large language models could craft phishing messages that bypassed spam filters and fooled recipients into sharing credentials. The emails were free of the grammatical errors that usually give scams away.

2. Malware code written by AI

Security experts have uncovered malware that appears to be at least partially AI-generated. In one documented case, researchers found Python scripts with clean structure and minimal errors, suggesting the involvement of AI code-generation tools. Such scripts can be quickly modified to avoid detection by antivirus software. The cycle of “write–test–revise” that once took days can now be completed in minutes using an AI assistant.

3. Deepfake social engineering

AI is also behind convincing deepfakes, which criminals use in fraud and extortion schemes. In 2024, a Hong Kong company lost US$25 million after an employee was tricked into transferring funds during a video call where every participant, including the CFO, was an AI-generated fake. This case illustrates how AI enables crimes that go beyond digital theft, crossing into high-stakes financial fraud.

4. AI chatbots for scams

Hackers are creating rogue chatbots trained on dark web data. These bots provide criminals with instructions for building explosives, writing ransomware, or laundering money. Unlike mainstream AI platforms that enforce safety guardrails, underground models operate without restrictions, catering specifically to malicious users.

How hackers bypass AI guardrails

Developers of mainstream AI tools have built restrictions to prevent abuse. For example, if someone asks an AI model to “write malware”, it should refuse. Yet criminals have found ways around these blocks. Common tactics include:

Prompt engineering

Instead of asking for malware directly, hackers phrase requests as harmless tasks. For instance, “Write a program to encrypt my personal files” can be repurposed into ransomware.

Role-playing scenarios

Users instruct AI to “pretend to be an evil assistant” or simulate a cybersecurity exercise, which allows the model to generate dangerous content under the guise of fiction.

Code modification requests

Hackers feed AI partial code and ask it to “debug” or “optimise” it. While the AI does not know the full intent, it helps refine malicious scripts.

Using multiple AIs

Criminals split tasks across different platforms, reducing the chance of triggering safeguards. One AI might generate basic code while another polishes the final product.

Trezor Safe 5

Ultimate convenience with a vibrant color touchscreen & confirmation haptic feedback. Experience crypto security on an entirely new level.

Enhanced usability with a 1.54” touchscreen
Secure Element, PIN, passphrase protected
Crypto management with the Trezor Suite app

Countermeasures against the darkside of AI

The cybersecurity industry is not standing still. Governments, researchers, and technology companies are working to counter the criminal misuse of AI. Current strategies include:

1. Red-teaming AI systems

Major AI companies now employ red teams, groups of ethical hackers who deliberately try to break the system’s safety measures. By discovering loopholes before criminals do, they help developers patch vulnerabilities and strengthen guardrails.

2. AI detection tools

Cybersecurity firms are building AI systems designed to detect AI-generated content. These tools scan emails, documents, and code for linguistic or structural patterns common in machine-generated text. For example, Gmail and Outlook are integrating filters that can flag suspicious AI-written phishing attempts.

3. Traceable watermarking

To combat deepfakes, researchers are embedding invisible watermarks into AI-generated images, video, and audio. This technology helps authorities and companies verify whether media is authentic or manipulated. Although not foolproof, watermarking raises the difficulty level for criminals.

4. Legislation and regulation

Governments worldwide are drafting regulations aimed at controlling high-risk AI use. The European Union’s AI Act and the United States’ AI Executive Order are early attempts to mandate transparency, restrict dangerous applications, and impose accountability on developers.

5. Public awareness campaigns

Education is a key line of defence. Organisations are training employees to recognise signs of AI-enabled scams, such as unusually polished phishing attempts, urgent financial requests, or inconsistencies in video calls. The human element remains the last barrier when technology fails.

Protecting yourself from AI-powered cybercrime

While global countermeasures evolve, individuals and businesses can take steps to reduce their risk. The following recommendations are essential for avoiding known exploits today:

Strengthen email vigilance: Treat unexpected messages with caution, even if they look professional. Verify the sender through official channels before clicking links or downloading attachments.
Enable multi-factor authentication (MFA): Even if credentials are stolen, MFA prevents attackers from easily accessing accounts.
Update software regularly: Hackers often exploit unpatched systems. Keeping devices and applications up to date is one of the simplest ways to stay secure.
Use AI detection tools: Businesses should deploy solutions capable of flagging AI-generated content in communication streams.
Be cautious of video calls: With deepfakes on the rise, verify high-value requests received during virtual meetings through a secondary channel, such as a phone call to a known number.
Limit oversharing online: Criminals often gather personal information from social media to make scams more convincing. Restrict public access to sensitive details.
Invest in cybersecurity training: Businesses should educate staff about AI-driven threats, ensuring they understand how to identify suspicious behaviour.
Back up data: Regular backups protect against ransomware attacks, allowing recovery without paying criminals.

A whole investment firm of one.

Investing doesn’t have to be that hard.

Access stocks, ETFs, and more. Oh, and no commission fees. That’s right. Zero. Nada. Zilch. Your first stock is even on us.

*Conditions apply

Get started

Looking ahead

Artificial intelligence is shaping the future in both positive and negative ways. While it can write essays, compose music, or optimise logistics, it can also be misused for deception, theft, and destruction. The darkside of AI is a challenge that demands cooperation between governments, corporations, and individuals.

The next wave of cybercrime will not be fought with firewalls alone. It will require AI systems designed to fight back against malicious AI, legal frameworks that punish misuse, and an informed public that can spot the signs of manipulation. By staying alert, adopting security best practices, and questioning the authenticity of what we see and hear online, we can limit the damage criminals cause.

The battle is not about stopping AI but about ensuring it remains a tool for progress rather than exploitation. Understanding how hackers exploit it is the first step in protecting ourselves from the evolving threats of the digital age.

______________________