AI-Enhanced Phishing Attacks Cause Surge in Cybersecurity Incidents Globally

The event clearly involves AI systems being used maliciously to conduct phishing attacks, which directly harm individuals and organizations by stealing sensitive information (harm to persons and communities). The AI's role is pivotal as it enables more sophisticated, personalized, and effective phishing campaigns, increasing the scale and impact of cyberattacks. Since the harm is occurring and documented with statistical evidence, this qualifies as an AI Incident rather than a hazard or complementary information.

The event involves the use of AI systems (e.g., ChatGPT and AI-based phishing tools) in the malicious development and use of cyberattacks that have directly led to realized harms such as data breaches, ransomware attacks, financial losses, and disruption of organizational operations. These harms fall under violations of rights and harm to property and communities. Therefore, this qualifies as an AI Incident because the AI system's use is pivotal in causing these harms, not merely a potential or future risk.

The report explicitly states that AI systems (like ChatGPT and similar) are being used by malicious actors to create more effective phishing attacks and malware, which have already caused widespread harm to organizations. This meets the definition of an AI Incident because the development and use of AI systems have directly led to realized harms (cyberattacks, phishing, malware infections) affecting health of organizations, their operations, and potentially individuals. The event is not merely a warning or potential risk but documents ongoing harm, so it is classified as an AI Incident.

The article explicitly states that generative AI systems such as ChatGPT are being leveraged by malicious actors to enhance phishing attacks, which have materially increased and affected over 90% of organizations. The AI system's involvement is in the use phase, where it is used by attackers to generate more convincing phishing emails, leading to realized harm through increased cyberattacks. This meets the criteria for an AI Incident because the AI system's use has directly led to harm (cybersecurity breaches and associated impacts) to organizations and their stakeholders.

The report details how AI systems, including generative AI like ChatGPT, are actively used by malicious actors to enhance phishing attacks and create malware, leading to direct harm such as data breaches, financial losses, and operational disruptions. The involvement of AI in the development and use of these cyberattacks is clear and the harms are realized and widespread, meeting the criteria for an AI Incident. The event is not merely a warning or potential risk (AI Hazard), nor is it a response or update to a past incident (Complementary Information). It is also not unrelated, as AI systems are central to the described harms.

The event involves the use of generative AI systems in the creation and orchestration of malware and phishing attacks, which have directly led to a substantial increase in cyberattacks causing harm to organizations and potentially individuals. Since the AI system's use has directly contributed to realized harm (a surge in attacks and widespread impact), this qualifies as an AI Incident under the framework.

The article explicitly states that generative AI systems like ChatGPT are being leveraged by malicious actors to enhance phishing attacks, which have already caused substantial harm to organizations globally. The harms include data loss, financial extortion via ransomware, and operational disruptions, all linked directly to the use of AI in cyberattacks. This meets the definition of an AI Incident as the AI system's use has directly led to harm to groups of people and property (organizations' data and assets).

The event involves the use of AI systems (generative AI like ChatGPT and similar technologies) by attackers to conduct phishing and other cyberattacks, which have directly caused harm to organizations by compromising their security and data. This fits the definition of an AI Incident because the AI system's use has directly led to harm (a) injury or harm to persons or groups (through data breaches and security compromises), and (e) other significant harms (cybersecurity breaches impacting organizations). The article describes realized harm rather than potential harm, so it is not an AI Hazard. It is not merely complementary information because the main focus is on the ongoing AI-enhanced attacks causing harm, not on responses or updates. Therefore, the classification is AI Incident.

The event describes the use of AI systems (generative AI like ChatGPT and malicious AI tools) by cybercriminals to conduct phishing and malware attacks that have already caused harm to organizations, including data loss and financial damage. This fits the definition of an AI Incident because the AI system's use has directly led to harm (data breaches, financial losses, disruption). The report provides concrete evidence of realized harm rather than just potential risk, so it is not merely an AI Hazard or Complementary Information. Therefore, the classification is AI Incident.

The event involves the use of generative AI systems by malicious actors to create malware and conduct phishing attacks, which have directly caused harm to organizations worldwide. This fits the definition of an AI Incident because the AI system's use has directly led to harm (data loss, financial damage) and disruption. The report highlights realized harms, not just potential risks, and thus it is not merely a hazard or complementary information. The AI involvement is explicit and central to the harm described.