Deepfake attacks represent just one frontier in a threat landscape that has fundamentally shifted. AI has collapsed the barrier between intent and capability, democratizing cybercrime in ways security teams are only beginning to understand.

What used to require technical sophistication, cultural knowledge, and significant resources now requires only motivation. From lone scammers to nation-state operators, every category of threat actor is leveraging AI to scale their operations—and organizations need to understand the full spectrum to defend against what's coming.

This article draws on insights from the webinar "The Adversary's New Assistant: Weaponizing AI Chatbots".

Deepfake attacks use AI-generated synthetic media—audio, video, or images—to impersonate real people. Unlike traditional phishing that relies on text-based deception, these attacks exploit the human tendency to trust what we see and hear.

A convincing video call with a "CFO" or a voicemail from a "trusted vendor" can bypass the skepticism users apply to emails, making deepfake attacks particularly effective for high-value fraud.

The most significant shift in the threat landscape isn't a new attack technique—it's accessibility. Previously, executing sophisticated attacks required years of technical training, language fluency, and operational infrastructure. That barrier has effectively disappeared.

As Piotr Wojtyla, Head of Threat Intelligence and Platform at Abnormal AI, explained during the webinar: "As long as you want to do something now, you're enabled to do it. Which pretty much puts a lot of people who previously were not in the place to really carry out attacks—now as long as they have the intent, they have the capability to do so as well."

This democratization operates across the entire threat spectrum. Basic attackers who previously lacked the skills to craft convincing phishing emails can now generate thousands of unique, well-written messages in minutes. Criminal marketplaces offer "Social Engineering as a Service" packages—complete with AI-generated content, voice synthesis, and deepfake video generation—for less than $100 per month. Tools like FraudGPT and WormGPT, built specifically for malicious purposes, remove the guardrails that legitimate AI platforms attempt to enforce.

At the more sophisticated end, eCrime groups are operationalizing AI across their entire workflow. Leaked communications from the Blackbasta ransomware group reveal operators using AI for troubleshooting malware, rewriting code, and scaling their operations. Nation-state actors—including Iranian, Russian, and North Korean groups—are leveraging LLMs for target reconnaissance, parsing stolen data, and developing AI-powered social engineering campaigns.

The most immediate impact of generative AI on the threat landscape is the elimination of traditional detection signals. Grammar errors, awkward phrasing, cultural missteps—the tells that security training taught users to spot—have vanished.

Large language models produce fluent, contextually appropriate text in any language. A single AI system can generate thousands of unique, personalized phishing messages per hour while maintaining quality that human operators could never achieve at scale. Each message can reference specific job responsibilities, current projects, local events, or recent business activities.

But attackers aren't just using AI to write better emails. They're exploiting legitimate platforms to bypass security controls entirely. Tools like Gamma AI and Canva—designed for presentations and design—are being weaponized to host phishing content. An email arrives from the legitimate platform inviting the recipient to view a shared document. Because it originates from a trusted service, it passes through secure email gateways without triggering alerts. The actual phishing lure lives inside the document, one click removed from the inbox where users have been trained to be vigilant.

This technique exploits a fundamental gap in security training. Users scrutinize emails but don't apply the same suspicion to documents hosted on platforms they trust.

Beyond text, AI has enabled identity attacks that were previously impossible. Deepfake frauds—synthetic audio and video that convincingly impersonate real people—have moved from theoretical concern to operational reality.

The most striking documented case involved a Hong Kong-based company that lost $25 million after an employee was convinced to transfer funds during what appeared to be a video call with the company's CFO. The call featured convincing deepfake video of multiple executives, all of whom were synthetic. The employee, believing they were following legitimate instructions from leadership, processed multiple wire transfers before the fraud was discovered.

Voice cloning attacks are becoming similarly sophisticated. In the UK, banks have launched campaigns explicitly telling customers that the bank will never call them—because voice synthesis has made phone-based impersonation too reliable for attackers.

North Korean operatives have successfully used AI to infiltrate Western companies through job applications. Cultural gaps and unfamiliarity with casual conversation—questions like "What do you do on weekends?"—would previously expose them during interviews. AI compensates for these gaps entirely. The models, trained predominantly on Western data, produce culturally appropriate responses that allow operatives to pass interviews and secure positions at legitimate organizations.

Inma Martinez, AI scientist and global chair for GenAI and Agentic AI projects at GPAI, framed the broader implication: "Not very capable bad actors were able to do much. And thanks to these tools, you have North Korean hackers applying for IT jobs in North America."

The threat landscape now spans from opportunistic scammers to sophisticated nation-state operations—and every category is AI-enabled. Defending against this spectrum, including deepfake attacks, requires recognizing that traditional detection methods are fundamentally inadequate.

Legacy email security relies on known indicators of compromise: malicious attachments, suspicious URLs, blacklisted senders. AI-generated attacks contain none of these signals. They're text-based, they originate from legitimate platforms or compromised accounts, and they're crafted to appear completely normal within existing communication patterns.

The only viable detection paradigm is behavioral AI—systems that establish baselines of normal activity and identify deviations. Understanding what "known good" looks like for an organization—how employees communicate, how vendors interact, what legitimate requests contain—makes it possible to surface anomalies even when specific attack techniques have never been seen before.

This isn't optional. Organizations that hesitate to deploy AI-powered defense are creating an ever-widening gap between attacker capability and defensive posture. The tools available to threat actors will only become more powerful and more accessible. Matching that evolution requires AI-native security that learns and adapts as quickly as the threats do.

The era of static rules and signature-based detection is over. What replaces it must understand human behavior deeply enough to protect humans from the attacks that now exploit them.

Deepfakes exploit trust in audio and video: Unlike text-based phishing, deepfake attacks bypass skepticism by impersonating people through synthetic media that looks and sounds authentic.

High-value targets face the greatest risk: Deepfake fraud typically targets wire transfers and executive impersonation—the Hong Kong case resulted in $25 million in losses from a single fake video call.

Criminal marketplaces sell deepfake capabilities: "Social Engineering as a Service" packages—including voice synthesis and deepfake video—cost less than $100 per month.

Behavioral AI is the only viable defense: Traditional detection methods rely on known indicators that AI-generated attacks don't contain—only baseline analysis can surface anomalies in communication patterns.

See how behavioral AI detects deepfake attacks and threats across the full attack spectrum. Request a demo to learn how Abnormal protects your organization.