Reading view

AI Threat Report: How Artificial Intelligence Is Used Across Illicit Communities

Blogs

Blog

AI Threat Report: How Artificial Intelligence Is Used Across Illicit Communities

A monthly analysis of how artificial intelligence is used in illicit communities, based on Flashpoint proprietary intelligence and direct visibility into real threat actor environments.

SHARE THIS:
Default Author Image
June 23, 2026

A finance employee joins a video call with their CFO and several colleagues. The request is routine. The faces match. The voices sound authentic. Minutes later, $25 million is transferred—only to be discovered later that every participant on the call, except one, was AI-generated.

Techniques behind incidents like this—synthetic video, voice cloning, scripted interactions—are now being discussed openly in the same environments where threat actors exchange tools and methods. In May 2026 alone, Flashpoint analysts identified more than 2.9 million posts discussing artificial intelligence in the context of illicit activity.

This volume reflects a larger shift: Artificial Intelligence (AI) is now deeply embedded across cybercrime ecosystems, heavily influencing fraud, impersonation, social engineering, and access operations. It alters how malicious content is generated, how identities are replicated, and how automated workflows are executed and refined over time.

To track this evolution, our monthly AI Threat Report analyzes primary source communities across forums, marketplaces, and chat services. By isolating the tactics, tools, and operational patterns shaping malicious AI use, our latest data reveals an aggressive focus on prompt-sharing, jailbreak methods, and alternative models that lack standard moderation controls.

AI Activity Volume and What It Represents

Flashpoint analysts identified 2,910,012 posts discussing AI and criminal activities in May 2026. This marks a sharp upward trajectory from April, which saw 2,328,958 posts.

The underlying activity was concentrated around a familiar set of use cases:

  • Identity verification bypass
  • Fraud enablement and scripting
  • Impersonation through synthetic media
  • Prompt-sharing and jailbreak workflows

However, threat actor priorities shifted this month. Discussions tied to custom malicious LLM development declined. Instead, hackers focused heavily on usability—specifically, how to bypass safeguards, generate more reliable outputs, or move activity onto platforms perceived as less restrictive. References to alternative models and prompt collections appeared more frequently, alongside requests for jailbreak methods and phishing-oriented outputs.

This points to a mature stage of adoption. The focus is less on building entirely new infrastructure and more on improving the reliability, portability, and ease of use of existing workflows. Threat actors are exchanging prompts, reposting working methods, and refining outputs through direct feedback—allowing the same underlying techniques to circulate across communities with only minor variations.anges between platforms or communities.Looking across April activity helps identify which methods continue to generate demand, where threat actors are adapting around platform restrictions, and which workflows remain active across multiple environments.

Where AI Activity Is Concentrated

While AI-related chatter remained concentrated on a small handful of platforms, the overall distribution shifted noticeably this month.

Telegram accounted for the absolute majority of observed activity, with Reddit, GitHub Gist, Pastebin, 4chan, Mastodon, and Discord seeing significantly lower volumes.

The massive Telegram volume highlights its role as a heavily saturated distribution layer. Threat actors frequently spam messages across channels for maximum exposure, making it a primary marketplace for prompts, jailbreak methods, fraud tooling, and service advertisements.

Throughout the month, the same offers and workflows appeared repeatedly across different channels, often tweaked based on user feedback or platform updates. Meanwhile, alternative platforms served more targeted roles:

  • GitHub Gist and paste sites hosted scripts and technical supporting material.
  • Underground forums supported reputation building and long-form technical discussions.
  • Discord and Reddit communities centered around specific models, prompt collections, or jailbreak workflows.

Because these environments remain interconnected, techniques introduced in one community frequently reappear elsewhere the moment they prove to produce reliable outputs or successfully evade moderation controls.inue to gain traction and which techniques are becoming more broadly operationalized.

AI-Enabled Fraud and Identity Verification Bypass

Flashpoint analysts observed a massive surge in identity evasion activity in May, recording 1,784,716 posts advertising or discussing Know Your Customer (KYC) bypass methods—including deepfake-enabled verification workflows.

This activity was highly concentrated across Telegram channels dedicated to identity fraud, with posts consistently advertising:

  • Synthetic video generation designed to mimic live verification behavior.
  • Voice cloning and scripted interaction prompts.
  • Bundled “KYC bypass kits” tailored to specific onboarding systems.

Some offerings included step-by-step guidance on adapting responses for specific financial platforms. Others promoted end-to-end combinations of synthetic video, matching fraudulent documentation, and AI-generated scripts to fully automate impersonation attempts.

This activity connects directly to the broader access ecosystem. Stolen credentials, session tokens, and phishing infrastructure are increasingly combined with AI-enabled impersonation within the same operational workflows. For security teams, this means verification systems, onboarding processes, and account recovery layers are being actively tested and systematically targeted.the same environments where these methods are exchanged and improved.

Malicious LLM Usage and Prompt-Based Workflows

Discussions tied to malicious or unrestricted LLM usage focused heavily on jailbreak methods, prompt-sharing, and access to alternative models perceived as less restricted than mainstream platforms. Threat actors continue to rely on unrestricted models to generate phishing links, build harmful code, or craft offensive media.

The underground market centers on usability and output reliability, with frequent references to:

  • Jailbreak prompts designed to bypass safety guardrails.
  • Phishing and fraud-oriented prompt collections.
  • Step-by-step instructions for generating specific malicious outputs.
  • Requests for prompts tailored to social engineering campaigns.

Many of these prompts are shared in active, living collections that include updates and troubleshooting channels. When a prompt stops working or a platform introduces new restrictions, users exchange feedback and roll out updated versions within hours.

This behavior reinforces how prompt engineering has developed into its own service layer across illicit communities. The emphasis remains on accessibility, portability, and ease of use rather than custom, ground-up model development, accessibility, portability, and ease of use rather than custom model development.

Operational Patterns and What Holds Across Sources

Across monitored sources, threat actors consistently prioritize four operational requirements: reliability of outputs, ease of reuse, the ability to bypass safeguards, and seamless compatibility with existing fraud infrastructure.

The recycling of tools is highly visible in how content moves between platforms. A jailbreak prompt shared in a chat room quickly appears on a forum with revised wording or additional instructions. A phishing workflow posted to a forum is copied into a paste site and redistributed through Telegram channels.

This creates a tight feedback loop. Discussions focus heavily on which prompts require the least adjustment before use. Ultimately, AI-enabled cybercrime methods are maturing not through sudden technical breakthroughs, but through constant repetition, minor iteration, and rapid distribution across connected communities.

What Security Teams Should Take Away

The underground activity tracked this month shows how artificial intelligence is being operationalized in environments where techniques are developed, tested, and shared long before they surface in the wild.

Because these methods are structured for easy deployment, they require very little modification to move from a forum discussion into an active attack vector. For security teams, the priority must be maintaining direct visibility into how these methods are evolving. Understanding which techniques are actively in circulation is the only way to build earlier detection and more focused defenses at the control layer.

If you want to see how this activity maps to your environment, request a demo.

Request a demo today.

The post AI Threat Report: How Artificial Intelligence Is Used Across Illicit Communities appeared first on Flashpoint.

  •  

Flashpoint’s Top 5 Predictions for the 2026 Threat Landscape

Blogs

Blog

Flashpoint’s Top 5 Predictions for the 2026 Threat Landscape

Flashpoint’s forward-looking threat insights for security and executive teams, provides the strategic foresight needed to prepare for the convergence of AI, identity, and physical security threats in 2026.

SHARE THIS:
Default Author Image
December 2, 2025

As the global threat landscape accelerates its transformation, 2026 marks an inflection point requiring defensive strategies to fundamentally shift. The volatility observed in 2025 has paved the way for an era soon to be defined by AI-weaponized autonomy, information-stealing malware, systemic instability of public vulnerability systems, and the complete convergence of digital and physical risk.

Flashpoint offers a unique window into these complexities, providing organizations with the foresight needed to navigate what lies ahead. Drawing from Flashpoint’s leading intelligence and primary source collections, we highlight five key trends shaping the 2026 threat landscape. These insights aim to help organizations not only understand what’s next but also build the resilience needed to withstand and adapt to emerging challenges.

Prediction 1: Agentic AI Threats Will Weaponize Autonomy, Forcing a New Defensive Standard

2026 will see continued evolution of AI threats, with future attacks centering on autonomy and integration. Across the deep and dark web, Flashpoint is observing threat actors move past experimentation and into operational use of illegal AI. 

As attackers train custom fraud-tuned LLMs (Large Language Models) and multilingual phishing tools directly on illicit data, these AI models will become more capable. The criminal intent shaping their misuse will also become more sophisticated. Additionally, 2026 will see a greater marketplace for paid jailbreaking communities and synthetic media kits for KYC (Know Your Customer) bypass.

These advancements are enabling criminals to move beyond simple tools and engage in scaled, autonomous fraud operations, leading to two major shifts:

  1. Agentic AI is becoming the true flashpoint: Threat actors will be using agentic systems to automate reconnaissance, generate synthetic identities, and iterate on fraud playbooks in near real-time. In this SaaS ecosystem, AI will help attackers leverage subscription tiers and customer feedback loops at scale.
  2. The attack surface will shift to focus on AI Integrations: Organizations are increasingly plugging LLMs into live data streams, internal tools, identity systems, and autonomous agents. This practice often lacks the same security vetting, access controls, and monitoring applied to other enterprise systems. As such, attackers will heavily target these integrations, such as APIs, plugins, and system connections, rather than the models themselves.

The ubiquity of automation has dramatically increased attack tempo, leaving many security teams behind the curve. While automation can replace repetitive tasks across the enterprise, organizations must not make the critical mistake of substituting human judgement for AI at the intelligence level.

This is paramount because a critical threat in 2026 is Agentic AI autonomy weaponized against soft targets—API integrations and identity systems. The only winning defense will be human-led and AI-scaled, prioritizing purposeful use to keep organizations ahead of this exponential risk.

Josh Lefkowitz, CEO at Flashpoint

These evolving AI threats will force a fundamental shift in defensive strategies. Defenders will have to shift to deploying systems around AI rather than trust them on their own.

Prediction 2: Identity Compromise via Infostealers Will Become the Foundation of Every Attack

Infostealers will become the entry point, the data broker, the reconnaissance layer, and the fuel for everything that comes after a cyberattack. This shift is already in motion and is accelerating rapidly: in just the first half of 2025, infostealers were responsible for 1.8 billion stolen credentials, an 800% spike from the start of the year. However, 2026 will redefine the malware’s role, making its most valuable output being access, rather than disruption.

Infostealers will become the upstream event that powers the rest of the attack chain. Identity and session data will be increasingly targeted, since it gives attackers immediate access into victim environments. Ransomware, fraud, data theft, and extortion will simply be downstream ways to monetize.

This upstream approach defines the new reality of the attack chain, which is already operational. Nearly every major stealer strain Flashpoint observes now exfiltrates the following:

  • Autofill PII (personable identifiable information)
  • Saved addresses
  • Phone numbers
  • Internal URLs
  • Browsing history
  • Cloud app tokens

An organization’s attack surface is no longer just composed of their own networks. It is the entire digital identity of their employees and partners. This new reality requires security teams to take a new approach. Instead of attempting to block attacks, they must proactively detect compromised credentials before they are weaponized. This will be the difference between reacting to a data breach and preventing one.

The infostealer economy has fully industrialized the attack chain, making initial compromise a low-cost commodity. Multiple security incidents in 2025 tie back to credentials found in infostealer logs. This reality has underscored the critical importance of digital trust—specifically, verifying who can access what resources. For 2026, identity is the perimeter to watch, and security teams must proactively hunt for compromised credentials before they’re weaponized.

Ian Gray, Vice President of Intelligence at Flashpoint

Prediction 3: CVE Volatility Will Force Redundancy in Vulnerability Intelligence

The temporary funding crisis at CVE in April 2025 and the subsequent CISA stopgap extension through March 2026 exposed the systemic fragility of a centralized vulnerability intelligence model. With the future of the CVE/NVD system hanging in the balance, 2026 will be defined by the urgent need for redundancy and diversification in vulnerability intelligence.

In today’s vulnerability intelligence ecosystem, nearly every organization’s vulnerability management framework relies on CVE and NVD—including its “alternatives” such as the EUVD (European Union Vulnerability Database). The CVE system has grown into a critical global cybersecurity utility, relied upon by nearly all vulnerability scanners, SIEM platforms, patch management tools, threat intelligence feeds, and compliance reports. A complete shutdown of CVE would result in a widespread loss of institutional infrastructure.

The next generation of security needs to be built on practices that are resilient, diversified, and intelligence-driven. It should be focused on providing insights that can be used to take action such as threat actor behavior, likelihood of exploitation in the wild, relevance to ransomware campaigns, and business context. Security teams will need to leverage a comprehensive source of vulnerability intelligence such as Flashpoint’s VulnDB that provides full coverage for CVE, while also cataloging more than 100,000 vulnerabilities missed by CVE and NVD.

Prediction 4: Executive Protection Will Remain a Critical Challenge as Cyber-Physical Threats Converge

The continued blurring of lines between cyber, physical, and geopolitical threats will elevate the risk to organizational leadership, turning executive protection into a holistic intelligence function in 2026. The rise of information warfare combined with physical world convergence means the threat to key personnel is no longer purely digital.

In the aftermath of the tragic December 2024 assassination of United Healthcare’s CEO, Flashpoint has seen the continued circulation and glorification of “wanted-style posters” of executives in extremist communities. Additionally, Flashpoint has seen nation-state actors participate, using espionage and influence to target high-value individuals.
Organizations must adopt an integrated approach that connects insights from threat actor chatter and a wealth of other OSINT sources. This fusion of intelligence is essential for applying frameworks to ensure the safety of leadership and key personnel.

Prediction 5: Extortion Shifts to Identity-Based Supply Chain Risk

2025 was marked by several large-scale extortion campaigns, demonstrating how the threat landscape is rapidly evolving. Ransomware operations have shifted into a straight extortion play. Flashpoint has observed a surge in new entrants to the ransomware market, accompanied by a decline in the quality and decorum of ransomware groups.

Furthermore, vishing campaigns attributed to “Scattered Spider” have highlighted weaknesses in identity, trust, and verification. Campaigns from “Scattered LAPSUS$ Hunters” have also exposed vulnerabilities in third-party integrations. These attacks culminated in extortion, showcasing that modern attacks will target trusted users and trusted applications for initial access, and will forgo ransomware in place of data access.

As this shift continues into 2026, threat actors will increasingly focus their efforts on exploiting human behavior and identity systems. Instead of attempting to spend resources on breaking network perimeters, attackers will instead socially engineer employees to gain access to corporate systems at scale. This change in TTPs will undoubtedly greatly increase supply chain risk, especially for third parties.

Charting a Path Through an Evolving Threat Landscape with Flashpoint Intelligence

These five predictions highlight the transformative trends shaping the future of cybersecurity and threat intelligence. Staying ahead of these challenges demands more than just reactive measures—it requires actionable intelligence, strategic foresight, and cross-sector collaboration. By embracing these principles and investing in proactive security strategies, organizations can not only mitigate risks but also seize opportunities to enhance their resilience.

As the threat landscape continues to rapidly evolve, staying informed and prepared are critical components of risk mitigation. With the right tools, insights, and partnerships, security teams can navigate the complexities ahead and safeguard what matters most.

Request a demo.

The post Flashpoint’s Top 5 Predictions for the 2026 Threat Landscape appeared first on Flashpoint.

  •  
❌