An underground AI tool called SpamGPT is emerging as a CRM for cybercriminals, providing advanced marketing capabilities that enable more effective and targeted spam campaigns. This tool is designed to streamline operations for cybercriminals, offering features similar to legitimate business software, thus enhancing their ability to execute scams and phishing attacks. The rise of such tools highlights the ongoing challenges in cybersecurity and the increasing sophistication of cybercriminal activities.

Attackers are exploiting artificial intelligence to create fake CAPTCHAs, bypassing security measures that are designed to differentiate between human users and bots. This emerging tactic poses significant risks to online platforms and underscores the need for more robust security protocols.

AI is transforming the cybercrime landscape by enhancing existing attack methods rather than creating new threats, making cybercriminal activities more efficient and accessible. The panel at RSA Conference 2025 emphasized the importance of adapting defense strategies to counter AI-driven attacks, highlighting the need for international cooperation and innovative security frameworks. As AI continues to evolve, both defenders and threat actors will need to adapt rapidly to the changing dynamics of cyber threats.

An analysis of over 2.6 million AI-related posts from underground sources reveals how threat actors are leveraging AI technologies for malicious purposes. The research highlights 100,000 tracked illicit sources and identifies five distinct use cases, including multilingual phishing and deepfake impersonation tools. This comprehensive insight offers unmatched visibility into adversaries' strategies and innovations in AI exploitation.