In the age of AI, truth is becoming optional, and cybercriminals are taking full advantage.
Today’s threat actors aren’t just buying phishing kits and reusing old malware. They are actively using AI to write convincing lures, generate malicious code, troubleshoot payloads, translate scams into multiple languages, and rapidly iterate campaigns like a software development team.
This talk provides a behind-the-scenes look at what defenders rarely get to see: pre-breach threat intelligence artifacts collected from real-world criminal testing environments. Many attackers test their malware and phishing infrastructure before launching full campaigns, and those “trial runs” often leak into places where defenders can collect and analyze them.
We will walk through real-world examples of:
- AI-generated phishing emails, landing pages, and social engineering scripts
- Infostealer malware development patterns that strongly suggest LLM involvement
- Prompt-driven iteration: how criminals “debug” scams and malware faster than ever
- The fingerprints AI leaves behind in code, wording, structure, and infrastructure
- What this shift means for detection, threat hunting, and incident response
As machine-generated content floods the internet, scams become harder to distinguish from legitimate communication, and malware becomes easier to produce than ever before.
This session highlights the uncomfortable reality defenders now face: attackers don’t need advanced skills anymore, they just need the right prompt.
