A recent study conducted by researchers from Cambridge, Edinburgh, and Strathclyde challenges the notion that artificial intelligence (AI) is transforming hackers into “supercharged criminals.” Instead, the researchers assert in their newly published academic paper that hackers primarily leverage AI tools such as ChatGPT for generating spam and illicit images.
The study, entitled “Stand-Alone Complex or Vibercrime?,” was released on Arxiv in March, authored by Jack Hughes, Ben Collier, and Daniel Thomas. The aim of the paper is to examine how “underground cybercrime” is incorporating artificial intelligence, contrasting these findings with assertions from cybersecurity vendors.
“We present one of the first mixed-methods empirical studies into the early patterns of GenAI adoption within the cybercrime underground,” stated the researchers.
The research team scrutinized 97,895 forum threads published following ChatGPT’s launch in November 2022. These threads were mined from the Cambridge Cybercrime Centre’s CrimeBB dataset, focusing on underground and dark web forums. Utilizing topic modeling techniques, they performed a thorough analysis of 3,203 threads, engaging ethnographically with the forum communities.
The findings revealed that an overwhelming 97.3% (or 95,292 of 97,895 forums) of the threads were categorized as “other,” indicating they did not involve AI in criminal activities, while a mere 1.9% delved into vibe coding tools.
Further analysis showed that posts regarding “Dark AI” products—typically marketed as jailbroken LLMs—were primarily centered around users seeking free access and voicing frustrations about non-functional AI tools. Notably, one developer of a popular Dark AI service eventually admitted it was a mere marketing scheme.
“Dark AI generated significant cybersecurity headlines, alongside promotional narratives from cybersecurity firms. The forums reflected a plethora of requests for free access, including tools like WormGPT and AI products for penetration testing, such as the commercial iteration of the open-source project WhiteRabbitNeo,” the report stated. “Discussion on the effectiveness of these tools for automation in cybercrime, malware development or coding assistance was scarce in our dataset.”
Another section of the research referenced a report from Anthropic, dated August 2025, which indicated that Claude Code was employed in a “vibe hacking” extortion scheme targeting 17 organizations across sectors like healthcare and government. However, the Cambridge team did not identify such a trend across the broader underground landscape.
In their analysis, AI coding assistants were found to be utilized in much the same way as by mainstream developers: serving as autocomplete tools and replacements for traditional coding help for adept programmers. The research noted that those with less skill often relied on pre-existing scripts for their effectiveness.
“AI-assisted coding acts as a double-edged sword. It may accelerate development but also heightens risks, including insecure code and vulnerabilities within the supply chain,” a user remarked in one of the forums studied.
“The use of AI… is not significantly different from how hacker communities operated before—particularly, with users mainly reusing others’ code with minimal changes and those genuinely interested in learning utilizing it for non-criminal software projects,” the researchers elaborated.
Is AI Actually Assisting Criminals?
Another intriguing finding revealed that scammers are employing LLMs for spamming activities, especially as advertising revenues face decline. Romance scammers, in particular, have harnessed AI tools for deceitful purposes, including voice cloning and image generation.
The study also uncovered disturbing trends in the market for nude image generation services. One operator openly advertised: “I can create nude images of any girl with AI… 1 Picture = $1, 10 Pictures = $8, 50 Pictures = $40, 90 Pictures $75.”
However, the researchers noted that this does not constitute sophisticated cybercrime; it represents the same low-margin, high-volume operations traditionally associated with the spam industry, just now utilizing automated tools.
In conclusion, the study suggests that AI is not being leveraged to instigate widespread turmoil within cybercrime. Rather, it is predominantly “substituting existing methods of code reusing, error checking, and cheat sheet consultation, mainly for conventional software development aspects tied to cybercrime.”
For complete research details, refer to this link.
To ensure artificial intelligence (AI) operates effectively within legal parameters amidst growing challenges, it must integrate with an enterprise blockchain system that guarantees data quality and ownership—ultimately safeguarding data while ensuring its immutability. Explore CoinGeek’s insights on this emerging technology for more information on why enterprise blockchain will serve as the foundation for AI.
Watch | Can we trust AI? How blockchain and IPv6 could fix accountability
