AI-powered cyberattacks are no longer theoretical edge cases discussed only in research labs. In the near future, a single operator could launch dozens of zero-day attacks across unrelated systems at once. Malware could rewrite itself mid-deployment, adjusting its payload to evade detection. Small teams could orchestrate campaigns that once required sprawling criminal networks, not because artificial intelligence became autonomous, but because it made iteration nearly frictionless.

Evidence of AI-powered cyberattacks moving from concept to capability already exists. An autonomous AI system called XBOW ranks near the top of several leaderboards on HackerOne, a major enterprise bug bounty platform. XBOW is designed for defensive security testing, and its creators say it can independently identify and exploit vulnerabilities across a large percentage of benchmarked web applications. It is a whitehat tool, but it demonstrates how AI systems can already discover and weaponize software weaknesses with minimal human intervention.

The cybersecurity industry has watched the rise of AI-powered cyberattacks with a mix of skepticism and unease. The concern is not that AI will suddenly replace human hackers, but that it will accelerate them. Generative models produce increasingly efficient code, and companies such as Microsoft have openly discussed integrating AI agents into their software development workflows. Code generation is no longer experimental; it is becoming infrastructure.

If AI can assist engineers in shipping products faster, it can also assist attackers in refining exploits faster. Anyone can now prompt a large language model to draft reconnaissance scripts, automate repetitive tasks, or generate targeted phishing emails. What some developers call “vibe coding”—asking AI to build software with minimal hands-on expertise—has become commonplace. The same dynamic underpins the rise of AI-powered cyberattacks.

Purpose-built malicious language models began circulating in 2023. WormGPT appeared in Telegram channels and darknet forums as a tool marketed for generating phishing emails and malware. After public scrutiny intensified, it disappeared. Services such as FraudGPT soon replaced it, although security researchers later suggested that many of these tools were little more than jailbroken versions of mainstream AI models repackaged with new branding.

For attackers, custom systems may not even be necessary. Platforms like ChatGPT, Gemini, and Claude include safeguards intended to prevent malicious outputs, but online communities dedicate themselves to bypassing those restrictions. Users reframe requests as fictional scenarios or security training exercises, prompting models to generate code they would otherwise refuse to provide. In 2023, researchers at Trend Micro demonstrated that carefully structured prompts could elicit components of PowerShell-based malware from mainstream AI systems, further illustrating how AI-powered cyberattacks could scale.

The larger question is who benefits most from AI-powered cyberattacks. Unsophisticated actors have always existed in cybersecurity, and AI may lower the barrier to entry further. Automated phishing kits and copy-and-paste exploit scripts are not new phenomena. What changes is the speed at which they evolve and the volume they reach.

The more serious risk may come from experienced operators who already understand exploitation at a deep level. For them, AI-powered cyberattacks function as a force multiplier. An attacker who once spent days refining payloads can now iterate in minutes. Scripts can adjust more rapidly to bypass filters. Campaigns can personalize messaging at scale without sacrificing plausibility. The advantage lies less in creativity than in throughput.

Fully autonomous systems capable of launching complex AI-powered cyberattacks without oversight remain limited. Models still hallucinate, misinterpret context, and require skilled guidance to chain complex exploits together. However, the components necessary for semi-autonomous attack workflows already exist: automated vulnerability scanning, AI-generated exploit drafts, iterative testing, and rapid redeployment. Integration, rather than invention, is the next frontier.

Defenders are responding in kind. Machine learning has powered anomaly detection and behavioral analytics tools for years, and generative AI is beginning to augment those systems. The rise of AI-powered cyberattacks is accelerating a long-running cybersecurity arms race rather than triggering a singular revolution.

AI does not introduce cybercrime to the world. It compresses the time required to execute it. In a domain where response windows determine impact, the growth of AI-powered cyberattacks may ultimately shift the balance toward whoever can move first.