Russian AI-Driven Cyberattacks Escalate Against Europe

The article explicitly mentions AI systems being used to automate cyberattacks, which are causing or have the potential to cause disruption to critical infrastructure and harm to communities. The involvement of AI in the development and use of these cyberattacks is direct and pivotal. The harm includes increased speed and scale of attacks, creation of convincing phishing and deepfake content to bypass security, all of which are consistent with harms defined under AI Incidents. The warning about the Mythos AI model's capabilities and restricted access further supports the assessment of ongoing or imminent harm. Hence, the event meets the criteria for an AI Incident rather than a hazard or complementary information.

The event involves the use of AI systems by malicious actors to conduct cyberattacks that disrupt critical infrastructure and harm communities, fulfilling the criteria for an AI Incident. The AI system's use in automating and scaling attacks directly contributes to the harm. Although there is mention of potential future risks from the Mythos model, the main narrative centers on actual ongoing harm caused by AI-enabled cyberattacks. Therefore, this is classified as an AI Incident rather than a hazard or complementary information.

The event involves the use of AI systems by Russian hackers to conduct cyberattacks that have already caused or are causing harm to European targets, including potential harm to critical infrastructure and communities. The AI systems are used in the development and execution of these attacks, automating tasks that previously required manual effort, thus increasing the scale and speed of harmful activities. The article describes realized harms (cyberattacks) facilitated by AI, meeting the criteria for an AI Incident rather than a hazard or complementary information.

The article explicitly states that AI is used by Russian hackers to partially automate cyberattack processes, increasing their tempo and scale, which directly leads to harm through cyberattacks on European targets. The harm includes potential disruption to critical infrastructure and security, fitting the definition of an AI Incident. The mention of AI tools like Mythos that can find software vulnerabilities further supports the AI system's role in enabling these attacks. Although cybersecurity experts also use AI defensively, the primary focus is on the malicious use causing harm, which takes precedence in classification.

The event involves the use of AI systems in cyberattacks that have already impacted European institutions and organizations, constituting direct harm to critical infrastructure and communities. The partial automation of attacks and the use of advanced AI models to exploit vulnerabilities demonstrate AI system use leading to realized harms. The mention of generative AI facilitating phishing and deepfakes further supports the presence of AI-driven harms. Therefore, this qualifies as an AI Incident due to the direct and ongoing harm caused by AI-enabled cyberattacks.

The involvement of AI systems is explicit, as AI is used to automate and speed up cyberattacks, generate phishing and deepfake content, and exploit vulnerabilities. These activities constitute direct or indirect harm to critical infrastructure and communities, fulfilling the criteria for an AI Incident. The mention of the Mythos AI model and its potential misuse also indicates a plausible future risk, but since harm is already occurring, the primary classification is AI Incident. The report is a warning and assessment from a security agency, indicating real and ongoing harm from AI-enabled cyberattacks.