PromptRiskDBThreat intelligence atlas

Cyber offence

AI Risk

"General- purpose AI systems could uplift the cyber expertise of individuals, making it easier for malicious users to conduct effective cyber- attacks, as well as providing a tool that can be used in cyber defence. General- purpose AI systems can be used to automate and scale some types of cyber operations, such as social engineering attacks."

Overview

A source-backed snapshot of this AI risk.

Techniques5Attack methods connected to this risk.
Mitigations2Defenses that may help with related attacks.
Records2Source records unified into this concept.

Risk profile

How the MIT AI Risk Repository categorizes this risk.

Domain4. Malicious Actors & Misuse
Subdomain4.2 > Cyberattacks, weapon development or use, and mass harm
Entity1 - Human
Intent1 - Intentional
Timing2 - Post-deployment
CategoryMalicious Use Risks; Risks from malicious use
SubcategoryCyber offence

Merged risk records

Source records unified into this canonical risk concept.

2 recordsView all →

MITRISK-Bengio2024-49.01.02-839cab88 - Cyber offence

"General- purpose AI systems could uplift the cyber expertise of individuals, making it easier for malicious users to conduct effective cyber- attacks, as well as providing a tool that can be used in cyber defence. General- purpose AI systems can be used to automate and scale some types of cyber operations, such as social engineering attacks."

Domain4. Malicious Actors & MisuseSubdomain4.2 > Cyberattacks, weapon development or use, and mass harmSourceInternational Scientific Report on the Safety of Advanced AIYear2024

MITRISK-Bengio2025-60.01.03 - Cyber offence

"Attackers are beginning to use general- purpose AI for offensive cyber operations, presenting growing but currently limited risks. Current systems have demonstrated capabilities in low- and medium- complexity cybersecurity tasks, with state- sponsored threat actors actively exploring AI to survey target systems. Malicious actors of varying skill levels can leverage these capabilities against people, organisations, and critical infrastructure such as power grids."

Domain4. Malicious Actors & MisuseSubdomain4.2 > Cyberattacks, weapon development or use, and mass harmSourceInternational AI Safety Report 2025Year2025

Mitigations

Defenses that may help with related attacks.

LifecycleBusiness and Data Understanding + 2 moreCategoryTechnical - Cyber
B&D UnderstandingData Preparation+1 more
LifecycleDeployment + 3 moreCategoryTechnical - ML
DeploymentMonitoring+2 more

Source evidence

Research source for this risk, when available.