An informal study by KnowBe4 revealed that 55% of security professionals engage in risky online activities at work, which can damage an organization’s security as the risky behaviors themselves.
Cybercriminals are using generative AI chatbots for malicious purposes such as phishing, social engineering, exploiting vulnerabilities, and creating malware. FraudGPT and DarkBERT are two such AI-powered bots, with the latter being a “dark version” of Google’s conversational generative AI chatbot. Netenrich discovered the emergence of FraudGPT, an AI bot focused on business email compromise phishing campaigns. The tool is being sold on various dark web marketplaces and Telegram and can craft spear phishing emails, create cracking tools, and more. The subscription fee for FraudGPT starts at $200 per month and goes up to $1,700 per year. The trend of generative AI chatbots is growing, making it easier for less capable threat actors to execute advanced social engineering attacks and expand their operations to other regions.
Why do we care?
The ecosystem of criminals is so robust that they can sell tools to one another. Just let that sink in.
Do as I say, not as I do. That’s not a good look for security professionals. If you aren’t willing to do it yourself, you shouldn’t expect your customers or teams to do it. I’d challenge to take a good hard look at what’s reasonable in organizations and focus on doing the simple things well.

