Group-IB has released its landmark whitepaper, Weaponized AI: Inside the Criminal Ecosystem Fueling the Fifth Wave of Cybercrime. The report details a seismic shift in the digital underworld: AI is no longer just a tool; it has become the core infrastructure of modern crime.
As threat actors transition from manual phishing to industrialized AI-driven operations, the barrier to entry for sophisticated cyberattacks has effectively vanished.
The transition into the Fifth Wave is backed by staggering growth in dark web activity. Group-IB’s infiltration of underground forums revealed:
- Surging Interest: Discussions mentioning AI-powered crime have grown 371% since 2019.
- Engagement Explosion: Replies to AI-related threads have seen a ten-fold increase (1199%), signaling a massive adoption rate among rank-and-file criminals.
- Deepfake Boom: After a record 233% spike in 2024, the market for deepfake services grew another 52% in 2025, with no signs of slowing down
Cybercriminals are now mimicking legitimate software-as-a-service (SaaS) businesses, offering sophisticated AI tools for the price of a monthly streaming subscription.
The Operating Systems of Modern Crime:
- Proprietary, unrestricted large language models like FraudGPT or WormGPT are selling for as little as $30 per month. These models have no ethical guardrails and are optimized for generating malicious code and persuasive lures.
- For just $5, criminals can purchase deepfake-as-a-service packages including AI video actors, cloned voices, and biometric datasets to bypass KYC checks.
- Pre-built templates designed to bypass the security guardrails of legitimate AI models like ChatGPT and Gemini, enabling them to output unsafe content.
“AI has industrialized cybercrime. What once required skilled operators and time can now be bought, automated, and scaled globally. This shift marks a new era, where speed, volume, and sophisticated impersonation have fundamentally changed how crime is committed.” — Craig Jones, Former INTERPOL Director of Cybercrime
“In the near future, autonomous AI will carry out attacks that once required human expertise. Understanding this shift is essential to ensuring defenders outpace attackers, moving towards an intelligence-led security strategy.” — Dmitry Volkov, CEO of Group-IB
Because AI-enabled attacks leave significantly fewer forensic traces than traditional malware, Group-IB advocates for an Adversary-Centric defense strategy:
- Predictive Threat Intelligence: Gaining deep visibility into underground ecosystems to spot new AI tools before they hit the mainstream.
- Fraud Prevention: Deploying AI-driven detection to spot synthetic media and deepfake impersonations in real-time.
- Cross-Border Collaboration: Strengthening ties between the private sector, law enforcement, and global regulators to disrupt the criminal supply chain.
