The use of generative AI in Cyberattacks: Its threats and mitigations
Aro, Jesper (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025121737599
https://urn.fi/URN:NBN:fi:amk-2025121737599
Tiivistelmä
With generative AIs increased public use, some choose to leverage the power of generative AI for offen-sive cyber operations. This study conducts a qualitative literature review to determine how generative AI is used for cyber-attacks and how great is the threat, in order to determine how these attacks can be de-fended against and what additional defense techniques or practices should be implemented in the fu-ture. To determine what role generative AI holds in the world of cyberattacks, three cases are examined, which include real world incidents and proof of concepts to showcase the effectiveness of generative AI. The used attack methods are examined how generative AI has specifically influenced the case and what it means. The examined cases include social engineering, malware development and vulnerability exploita-tion.
The findings show that generative AI accelerates attacks rather than fundamentally changing how attacks work or are performed. Generative AI increases the scale, efficiency and accessibility for attackers. Gen-erative AIs features do not innovate but synthesize, which reflects on the sophistication of AI generated malware or vulnerability exploitation. Modern cybersecurity remains effective if properly implemented. Generative AI significantly amplifies social engineering with extremely realistic video and audio deep-fakes. Additionally, the ability to create convincing phishing messages at with speed and efficiency, which can be edited and translated on the fly, showcases that generative AI powered social engineering is a more prominent threat.
This study concludes that for malware development and vulnerability exploitation modern, well imple-mented, security measures provide ample defense. Generative AI powered social engineering is a more alarming threat with deepfakes becoming indistinguishable by humans. With the increasing robustness of technological security measures, human error has become a larger vulnerability. Additional verification in virtual interactions and strengthened phishing detection are critical additions to defenses against the use of generative AI in cyberattacks.
The findings show that generative AI accelerates attacks rather than fundamentally changing how attacks work or are performed. Generative AI increases the scale, efficiency and accessibility for attackers. Gen-erative AIs features do not innovate but synthesize, which reflects on the sophistication of AI generated malware or vulnerability exploitation. Modern cybersecurity remains effective if properly implemented. Generative AI significantly amplifies social engineering with extremely realistic video and audio deep-fakes. Additionally, the ability to create convincing phishing messages at with speed and efficiency, which can be edited and translated on the fly, showcases that generative AI powered social engineering is a more prominent threat.
This study concludes that for malware development and vulnerability exploitation modern, well imple-mented, security measures provide ample defense. Generative AI powered social engineering is a more alarming threat with deepfakes becoming indistinguishable by humans. With the increasing robustness of technological security measures, human error has become a larger vulnerability. Additional verification in virtual interactions and strengthened phishing detection are critical additions to defenses against the use of generative AI in cyberattacks.