Can artificial intelligence become the next fundamental tool for cybercriminals — or will it fizzle under the weight of doubt and operational risk? A recent academic paper offers an early, close-up look at how offenders themselves are answering that question in private forums.
What the study looked at and how
The paper, titled "What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation," analyzes a unique dataset drawn from a cyber threat intelligence platform. Over a seven-month period the researchers collected and examined more than 160 cybercrime forum conversations to understand how cybercriminals perceive and discuss AI.
What criminals are saying — curiosity, experimentation, and concern
The study reports a mix of attitudes among forum participants. On one hand, conversations show "growing curiosity about AI’s criminal applications" and active discussion of ways to exploit AI. That interest ranges from attempts to misuse legitimate, off-the-shelf AI tools to efforts to build bespoke models tailored for illicit purposes.
On the other hand, the research documents "doubts and anxieties about AI’s effectiveness and its effects on their business models and operational security." In short, forum participants are experimenting but are also wary of AI’s limitations and of the risks that new tools may introduce to their own tradecraft.
How attackers plan to use AI — commercial tools and custom models
Forum exchanges described by the paper fall into two broad pathways. Some discuss repurposing legal, widely available AI services to support criminal tasks; others explore the development of dedicated criminal tools and bespoke AI models. The study captures both the opportunism of offenders exploiting existing platforms and the more resource-intensive ambition to craft tailored capabilities for illicit ends.
Why this matters: practical implications
- The study applies a diffusion of innovation framework combined with thematic analysis to chart an early stage of AI adoption among cybercriminals. That approach helps identify not just isolated experiments but patterns of interest and hesitation that could presage wider adoption.
- By documenting both misuse of legitimate tools and creation of bespoke models, the paper highlights two distinct challenges for defenders: stopping opportunistic abuse of available AI services, and detecting and disrupting specialized, criminally oriented AI development.
- Because the authors frame their findings to inform action, the paper "offers practical insights for law enforcement and policymakers" on where attention and resources might be focused as AI-related threats evolve.
The conversations captured in the dataset show a community at a crossroads: intrigued by AI’s promise to amplify reach and speed, yet constrained by doubts about reliability, profit impact, and exposure. That ambivalence matters for defenders as much as the experiments do — it creates windows of opportunity to intervene before experimentation becomes mainstream.
As AI tools proliferate, watching the online conversations of motivated adversaries provides an early-warning posture. But evidence from these forums also suggests that simply observing interest is not enough: countermeasures must account for two simultaneous trends — the repurposing of legitimate AI services and the emergence of bespoke criminal models. Which of those will mature first, and which will inflict greater damage, remains an open question — one the paper raises without answering.
The study offers a timely reminder that technological change unfolds in the messy space between capability and adoption. For technologists, policymakers, and law enforcement, the lesson is practical: monitor the early signals, distinguish curiosity from capability, and prepare responses for both opportunistic abuse and tailored criminal innovation. Who moves faster — defenders or the innovators of illicit AI — could shape cybersecurity for years to come.
https://www.schneier.com/blog/archives/2026/04/how-hackers-are-thinking-about-ai.html




