AI-Driven Cyberattacks Cause Major Harm in Germany

The article explicitly states that AI is used to enhance cybercriminal activities, such as generating more convincing phishing emails, which have resulted in real cyberattacks causing substantial economic damage and disruption to critical infrastructure (e.g., Deutsche Bahn). This fits the definition of an AI Incident because the development and use of AI systems have directly led to harms including economic loss and disruption of critical infrastructure. The article also mentions ongoing law enforcement responses but focuses primarily on the realized harms and AI's role in them, not just potential future risks or responses, so it is not Complementary Information or an AI Hazard.

The article explicitly mentions AI as a tool used by cybercriminals to enhance their attacks, such as generating flawless multilingual phishing emails and websites that deceive victims. The harms described include significant financial losses, attacks on critical infrastructure, and violations of security, which fall under harm to property, communities, and potentially human health. The AI system's use in these attacks is a direct contributing factor to the harms. Hence, the event meets the criteria for an AI Incident rather than a hazard or complementary information.

The article explicitly mentions AI's role in lowering technical barriers for cybercriminals and enhancing attack methods, which implies AI system involvement. The harms described (financial losses, disruption to public services) are real and ongoing, but they are aggregated and not tied to a specific AI system failure or misuse event. The focus is on the general threat landscape and policy responses rather than a discrete AI Incident or a plausible future AI Hazard. Hence, it fits the definition of Complementary Information, providing important context and updates on AI-related cybercrime without reporting a new incident or hazard.