Global Report: 83% of Ethical Hackers Confront AI-Driven Attacks

The event involves AI systems used by malicious actors to conduct cyber attacks, which have directly led to harm in the form of cybersecurity breaches and threats to digital assets. The article details that 83% of ethical hackers have experienced AI-driven attacks, indicating realized harm. Therefore, this qualifies as an AI Incident because the development and use of AI systems have directly contributed to harm to organizations and individuals' digital security, fitting the definition of harm to communities and property (digital assets).

The event involves the use of AI systems by malicious actors to conduct cyber-attacks, which directly leads to harm in the form of cybersecurity breaches and associated costs. The report documents that these AI-driven attacks are occurring and impacting organizations, fulfilling the criteria for an AI Incident due to realized harm caused by AI-enabled cyber threats.

The article involves AI systems in the context of cybersecurity threats and defenses, with AI-driven attacks being a significant concern. However, it does not describe a concrete event where AI use or malfunction has directly or indirectly caused harm. The harms discussed are potential or ongoing in a general sense but not tied to a specific incident. The report serves as complementary information by providing data, insights, and recommendations about AI-related cybersecurity risks and responses, rather than reporting a new AI Incident or AI Hazard.

The article explicitly discusses AI-driven cyber attacks that are currently occurring and causing harm to organizations and cybersecurity professionals, such as increased phishing success rates and exploitation of vulnerabilities. The involvement of AI systems in the development and use of these attacks is clear, and the harms include financial losses and security breaches, which fall under harm to property and communities. Since the harms are realized and directly linked to AI-enabled attacks, this meets the criteria for an AI Incident rather than a hazard or complementary information. The article is not merely about potential risks or responses but documents ongoing AI-driven harms.

The article discusses the prevalence and impact of AI-driven cyberattacks based on survey data and expert analysis, but it does not describe a concrete event where an AI system's development, use, or malfunction directly or indirectly caused harm. It focuses on the evolving threat landscape and the need for improved incident response, which is informative and contextual but does not constitute a new AI Incident or AI Hazard. Therefore, it is best classified as Complementary Information, as it enhances understanding of AI's role in cybersecurity threats and defenses without reporting a specific incident or hazard.

The article explicitly mentions AI-driven cyber attacks, including AI-generated phishing emails with higher success rates, indicating the use of AI systems by malicious actors to cause harm. The harms include successful cyber attacks leading to data breaches and security incidents, which constitute injury to organizations and potentially individuals. The involvement of AI in the development and use of these attack methods directly leads to realized harm, fulfilling the criteria for an AI Incident. The report's focus on current, ongoing impacts rather than potential future risks or responses further supports this classification.

The article discusses the impact of AI on cybersecurity broadly, including statistics on AI-driven attacks and organizational preparedness. It does not report a particular incident where an AI system directly or indirectly caused harm, nor does it describe a specific event where AI use could plausibly lead to harm. Instead, it provides complementary information about the cybersecurity ecosystem, the dual-use nature of AI, and the challenges faced by professionals. Therefore, it fits the definition of Complementary Information as it enhances understanding of AI-related risks and responses without reporting a new incident or hazard.

The article discusses a report that highlights AI-enabled cyber threats and trends based on a survey of cybersecurity professionals. However, it does not detail any particular AI system causing harm or any event where AI use has directly or indirectly led to harm. Nor does it describe a specific plausible future harm event. Instead, it provides contextual information and awareness to the cybersecurity community, which fits the definition of Complementary Information as it supports understanding and response to AI-related risks without reporting a new incident or hazard.