The use of AI in cybercrime is nothing new. Criminals have been widely leveraging machine learning (ML) since the early 2000s. Back then, it was primarily used as a tool to help crack passwords and to automate scams. The emergence of generative AI has changed this, allowing bad actors to run more sophisticated attacks faster and with greater ease.
AI-Enabled Attacks Are Skyrocketing
Compared to last year, attacks by hacking groups using AI capabilities increased 89 percent, according to CrowdStrike. The organization also identified 24 new hacking groups during the year, bringing the total number it tracks to 281.
The FBI is Now Tracking AI Cyberattacks Separately
When the FBI began tracking cybercrime in 2000 as part of a pilot program, a few thousand reports would roll in each month, the bureau reports. Today, it averages nearly 3,000 complaints per day. Moreover, the latest report shows a whopping 26 percent year-on-year increase in total losses. But that’s not the only shift. For the first time ever, the bureau included a section on the use of AI in cybercrime, with the inaugural run showing 22,364 complaints and $893,346,472 in total losses reported.
Most Organizations Are Impacted by the Uptick
The FBI isn’t the only one to pick up on this shift. Security professionals are feeling it, too. In fact, 73 percent say AI-powered threats are having a significant impact on their organization, per a recent Darktrace survey.
The Field of AI Online Theft is Vast
Cyber theft is a subset of cybercrime focused specifically on stealing money, financial information, sensitive business data, credentials, or valuable digital assets through online means. While cybercrime also includes activities like service disruption, political espionage, harassment, or sabotage, cybertheft is financially motivated.
Aided by AI, cybercriminals use a variety of distinct tactics to separate your business from its assets.
Hyper-Personalized and Automated Phishing Attacks
Phishing attacks involve the impersonation of reputable entities. It’s most often associated with email. For instance, you might get an email that looks like it’s from your bank, but it’s from another entity that hopes you’ll share sensitive information such as passwords, credit card info, or personal data. Criminals send these out in large numbers, hoping that the information will align with at least some recipients and trick them into clicking a link or downloading malware.
Business email compromise (BEC) fits in the same bracket, but rather than sending to the masses, criminals impersonate specific trusted individuals, such as a CEO or vendor. Because these messages don’t always have links or files to download, they often bypass systems designed to catch phishing. In fact, 82 percent of threats are now malware-free, per CrowdStrike, up from 51 percent in 2020.
Newer technology makes this easier. Attackers simply use generative AI to scrape social media and professional profiles, then have the tool craft personalized emails using the information. In the FBI’s latest annual report, phishing schemes leveraging AI cost Americans $10 million, while BEC losses surpassed $30 million.
Deepfake Cyber Scams
Deepfakes are one of the newer techniques used to commit cyber theft. Sometimes, voice cloning is used. Also known as “vishing,” short for voice phishing, the attacker uses specialized software to recreate someone’s voice. They only need a few seconds of the person’s recorded voice to pull off a rudimentary clone, which is then used to trick others into carrying out specific activities. For instance, an employee may receive a call from someone who sounds like the company owner, who then instructs them to transfer funds, or a call from the company’s IT department that guides the team member into revealing credentials or providing access to sensitive data. It can be used to bypass voice-biometric authentication as well.
Video deepfakes are also becoming more sophisticated and problematic. In these cases, there’s often a real person on the other end of a video call, but they’re using AI to overlay another face and body over the top of theirs. This is typically paired with a voice deepfake, and it can be incredibly convincing. For instance, just a couple of years ago, a finance worker jumped on a Zoom call with who he thought were several coworkers and the company’s chief financial officer. When instructed to transfer over $25 million, he carried out the transaction, as CNN reports.
Sometimes there are tells and video glitches, as shown in government footage, but individuals can’t count on fraudsters to reveal themselves or count on groups of known entities to reliably flag concerning situations.
AI-Enhanced Malware
Antivirus software has historically used recurring traits or signatures to identify malicious software. AI has given rise to polymorphic malware, which can alter its code and change its signature each time it replicates, allowing it to evade detection.
Synthetic Identity Theft
Just as AI can be used to facilitate sophisticated phishing schemes, it can be used to recreate identities by combining stolen data from real people or businesses. This is usually done to open fraudulent accounts or to leverage credit, and you could have some of these “Frankenstein identities” in your customer database right now. When executed well, cybercriminals can even bypass Know Your Customer (KYC) identity verification processes.
Automated Credential Abuse
We previously touched on machine learning threats in terms of password cracking and credential stuffing. AI makes this faster and easier because it can predict likely character combinations and adapt user selection and timing to avoid detection.
Once inside systems, cybercriminals move faster than ever. It takes an average of 29 minutes for them to reach other systems, obtain additional permissions, or access sensitive data, with the fastest recorded time at just 27 seconds, per CrowdStrike.
Adversarial AI and Prompt Injection
If your business leverages AI, you’re also at risk of prompt injections. In these cases, malicious instructions are typically hidden in emails or documents. AI assistants then process the data and carry out the instructions. The prompt injection effectively hijacks a trusted AI tool, forcing it to leak sensitive information or perform unauthorized actions on behalf of the attacker.
You Must Take a Proactive Approach to Online Theft Prevention
AI-powered online theft is growing more common by the day. Your team can no longer trust their eyes and ears to tell them what’s real, and your business is only as secure as its weakest link. It’s essential to take proactive steps to avoid becoming a victim.
Leverage AI Fraud Detection Tools
Cybercriminals are increasingly using AI to automate scams, mimic legitimate activity, and move through systems faster. Many businesses are responding by using AI-powered fraud detection tools that can identify suspicious behavior, unusual login activity, abnormal transactions, and potential threats in real time. Because AI systems can analyze massive amounts of data far faster than humans, they can help you detect issues earlier and respond more quickly before losses escalate.
Train Employees to Recognize AI-Enhanced Scams
Your employees are now dealing with more realistic emails, voice calls, video meetings, and impersonation attempts. Hold cybersecurity awareness training to help your team identify suspicious requests, verify unusual payment instructions, and recognize signs of social engineering before funds or data are compromised.
Create Multi-Step Verification Procedures for Financial Requests
Many AI-powered scams succeed because employees act quickly under pressure. Require secondary verification for wire transfers, payment changes, payroll updates, vendor banking changes, credential requests, or sensitive data access requests, especially when the request arrives through email, text, or voice calls.
Limit Access to Sensitive Systems and Data
The more access an employee account has, the more damage can occur if credentials are compromised. Restrict permissions based on role and business need to contain breaches and reduce exposure if attackers gain access to one system or account.
Use Multi-Factor Authentication
Passwords alone are increasingly vulnerable to credential theft and automated attacks. Multi-factor authentication (MFA) adds another layer of protection by requiring additional verification before access is granted.
Keep Software, AI Tools, and Security Systems Updated
As touched on earlier, cybercriminals increasingly exploit vulnerabilities quickly after they are discovered. Regular updates and patch management help close security gaps before attackers can leverage them.
Develop an Incident Response Plan
Fast-moving attacks leave little time for confusion or debate. Have a documented response plan to ensure your business can act quickly if systems, accounts, vendors, customer data, or funds are compromised.
Vet Vendors and Third-Party Technology Providers Carefully
Your cybersecurity exposure also depends on the businesses you work with. Weak vendor security practices can create indirect pathways into your systems, accounts, or sensitive information.
Back Up Critical Business Data Regularly
Have secure backups to help your business recover more quickly if systems are compromised, encrypted, corrupted, or otherwise disrupted during an attack.
Strengthen AI Security Measures and Review Cybersecurity Policies Around AI Usage
Employees are increasingly using AI tools across day-to-day operations. Establish clear policies around approved platforms, sensitive data handling, customer information, internal documents, and AI-assisted workflows to reduce unnecessary exposure.
Invest in Cyber Theft Insurance
Strong cybersecurity practices are essential, but they don’t completely eliminate risk. A cyber theft insurance policy can help reduce the financial impact of cyber incidents by covering costs related to stolen funds, data breaches, ransomware events, legal claims, recovery efforts, business interruption, forensic investigations, and customer notification requirements.
It’s worth noting that a typical business owner’s policy (BOP) doesn’t cover cybercrime. A separate cybersecurity insurance policy is typically needed. Cyber theft insurance is often an add-on to these policies. Always check your coverage to be sure if and how you’re protected.
Shore Up Your Cybersecurity and AI Theft Prevention with Factoring
Protecting your business against online theft and other cybercrimes may seem like a pipedream when your money’s tied up in unpaid invoices and you’re already worried about the challenges that are guaranteed to hit, like payroll, taxes, and supplies. But accelerating payment on your receivables by factoring with Charter Capital can make addressing those challenges easier and may even give you breathing room to address the what-ifs, so you can protect what you’re building. To learn more or get started, request a no-obligation rate quote.
DISCLAIMER: This article is not intended to provide risk management, finance, insurance, or legal advice. This material has been prepared for informational purposes only and is not intended to provide, and should not be relied on for, risk management, finance, insurance, or legal advice. You should consult your own risk management, finance, insurance, or legal advisors before engaging in any transaction.
- How to Protect Your Business Against AI-Powered Online Theft - May 25, 2026
- 10 Essential Cash Flow Forecasting Tips for Small Businesses - April 27, 2026
- 4 Keys to Scaling Your Business Without Losing Control - March 30, 2026
