AI deepfakes used in 27% of cyberattacks on US executives

Thumbnail Image

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.

A GetApp survey found that 72% of US senior executives faced cyberattacks in the last 18 months, with AI-generated deepfakes used in 27% of cases, leading to identity and financial fraud. Despite rising threats, 37% of firms lack specialized cybersecurity training for leadership, prompting calls for targeted protection.[AI generated]

Why's our monitor labelling this an incident or hazard?

The article explicitly mentions AI-generated deepfakes being involved in 27% of attacks targeting senior executives, indicating AI systems are used maliciously to cause harm. The harms described include identity fraud and financial fraud, which are violations of rights and harm to individuals. Since these harms have occurred and AI systems played a pivotal role, this qualifies as an AI Incident rather than a hazard or complementary information.[AI generated]
AI principles
AccountabilityPrivacy & data governanceRobustness & digital securityTransparency & explainabilityRespect of human rightsSafety
Industries
Digital securityFinancial and insurance servicesBusiness processes and support services
Affected stakeholders
WorkersBusiness
Harm types
Economic/PropertyReputationalHuman or fundamental rights
Severity
AI incident
Business function:
ICT management and information securityHuman resource management
AI system task:
Content generation

Articles about this incident or hazard

Thumbnail Image

72 percent of executives targeted by cyberattacks

2024-08-19
BetaNews
Why's our monitor labelling this an incident or hazard?
The article explicitly mentions AI-generated deepfakes being involved in 27% of attacks targeting senior executives, indicating AI systems are used maliciously to cause harm. The harms described include identity fraud and financial fraud, which are violations of rights and harm to individuals. Since these harms have occurred and AI systems played a pivotal role, this qualifies as an AI Incident rather than a hazard or complementary information.
Thumbnail Image

72% of cybersecurity leaders faced a cyberattack in last 18 months

2024-08-19
Security Magazine
Why's our monitor labelling this an incident or hazard?
The involvement of AI-generated deepfakes in cyberattacks constitutes the use of AI systems in a way that has directly led to harm, specifically identity fraud and targeted cyberattacks against cybersecurity leaders. This fits the definition of an AI Incident because the AI system's use has directly contributed to violations of security and personal harm. The report describes realized harm rather than potential harm, so it is not merely a hazard or complementary information.
Thumbnail Image

Why C-suite leaders are prime cyber targets

2024-08-22
IT Security News - cybersecurity, infosecurity news
Why's our monitor labelling this an incident or hazard?
The involvement of AI-generated deepfakes in cyberattacks targeting executives constitutes the use of AI systems in malicious ways that have directly led to harm or risk of harm. Since these attacks have occurred and caused harm or risk, this qualifies as an AI Incident under the framework, as the AI system's use is directly linked to violations of security and potential harm to persons or organizations.
Thumbnail Image

Survey finds 72% of US executives targeted by cybercriminals in past three months

2024-08-20
Tech Monitor
Why's our monitor labelling this an incident or hazard?
The event explicitly involves AI-generated deepfakes used in cyberattacks targeting senior executives, leading to realized harms including identity fraud and financial fraud. The AI system's use in generating deepfakes is a direct contributing factor to these harms, fulfilling the criteria for an AI Incident. The article describes actual harm occurring due to AI-enabled malicious activity, not just potential or future risks, and thus it is not merely a hazard or complementary information. The involvement of AI in causing harm to individuals and organizations through cybercrime fits the definition of an AI Incident under the OECD framework.
Thumbnail Image

72% of Senior Executives Targeted by Cyberattacks in the Last 18 Months - Global Security Mag Online

2024-08-19
Global Security Mag Online
Why's our monitor labelling this an incident or hazard?
The article explicitly mentions AI-generated deepfakes being used in a significant portion of cyberattacks targeting senior executives, leading to realized harms such as identity fraud and financial fraud. The AI system's use in generating deepfakes directly contributes to these harms, fulfilling the criteria for an AI Incident. The harms are materialized and linked to the AI system's use in malicious activities, not merely potential or speculative. Hence, the classification as AI Incident is appropriate.