For the price of Netflix, crooks can now rent AI to run cybercrime
(2026/01/20)
- Reference: 1768912329
- News link: https://www.theregister.co.uk/2026/01/20/group_ib_ai_cycercrime_subscriptions/
- Source link:
Cybercrime has entered its AI era, with criminals now using weaponized language models and deepfakes as cheap, off-the-shelf infrastructure rather than experimental tools, according to researchers at Group-IB.
In its latest whitepaper, the cybersec biz argues that AI has become the plumbing of modern cybercrime, quietly turning skills that once took time and talent into services that anyone with a credit card and a Telegram account can rent.
This isn't just a passing fad, according to Group-IB's numbers, which show mentions of AI on dark web forums up 371 percent since 2019, with replies rising even faster – almost twelvefold. AI-related threads were everywhere, racking up more than 23,000 new posts and almost 300,000 replies in 2025.
[1]
According to Group-IB, AI has done what automation always does: it took something fiddly and made it fast. The stages of an attack that once needed planning and specialist hands can now be pushed through automated workflows and sold on subscription, complete with the sort of pricing and packaging you'd expect from a shady SaaS outfit.
[2]
[3]
One of the uglier trends in the report is the rise of so-called Dark LLMs – self-hosted language models built for scams and malware rather than polite conversation. Group-IB says several vendors are already selling them for as little as $30 a month, with more than 1,000 users between them. Unlike jailbroken mainstream chatbots, these things are meant to stay out of sight, run behind Tor, and ignore safety rules by design.
Running alongside the Dark LLM market is a booming trade in deepfakes and impersonation tools. Group-IB says complete synthetic identity kits, including AI-generated faces and voices, can now be bought for about $5. Sales spiked sharply in 2024 and kept climbing through 2025, pointing to a market that continues to grow.
[4]
There's real damage behind the numbers, too. Group-IB says deepfake fraud caused $347 million in verified losses in a single quarter, including everything from cloned executives to fake video calls. In one case, the firm helped a bank spot more than 8,000 deepfake-driven fraud attempts over eight months.
[5]Akamai CEO wants help to defeat piracy, reckons he can handle edge AI alone
[6]Broker who sold malware to the FBI set for sentencing
[7]Ingram Micro admits summer ransomware raid exposed thousands of staff records
[8]Microsoft taps UK courts to dismantle cybercrime host RedVDS
Group-IB found that scam call centers were using synthetic voices for first contact, with language models coaching the humans as they go. Malware developers are also starting to test AI-assisted tools for reconnaissance and persistence, with early hints of more autonomous attacks down the line.
"From the frontlines of cybercrime, we see AI giving criminals unprecedented reach," said Anton Ushakov, head of Group-IB's Cybercrime Investigations Unit. "Today it helps scale scams with ease and hyper-personalization at a level never seen before. Tomorrow, autonomous AI could carry out attacks that once required human expertise."
From a defensive point of view, AI removes a lot of the usual clues. When voices, text, and video can all be generated on demand with off-the-shelf software, it becomes much harder to work out who's really behind an attack. Group-IB's view is that this leaves static defenses struggling.
In other words, cybercrime hasn't reinvented itself. It has just automated the old tricks, put them on subscription, and scaled them globally – and as ever, everyone else gets to deal with the mess. ®
Get our [9]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aW-0wf2A38S0UGJNH_lbHAAAA0w&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aW-0wf2A38S0UGJNH_lbHAAAA0w&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aW-0wf2A38S0UGJNH_lbHAAAA0w&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aW-0wf2A38S0UGJNH_lbHAAAA0w&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2026/01/20/akamai_ceo_tom_leighton_piracy_interview/
[6] https://www.theregister.com/2026/01/19/iab_sentencing/
[7] https://www.theregister.com/2026/01/19/ingram_micro_ransomware_affects/
[8] https://www.theregister.com/2026/01/15/microsoft_uk_courts_redvds/
[9] https://whitepapers.theregister.com/
In its latest whitepaper, the cybersec biz argues that AI has become the plumbing of modern cybercrime, quietly turning skills that once took time and talent into services that anyone with a credit card and a Telegram account can rent.
This isn't just a passing fad, according to Group-IB's numbers, which show mentions of AI on dark web forums up 371 percent since 2019, with replies rising even faster – almost twelvefold. AI-related threads were everywhere, racking up more than 23,000 new posts and almost 300,000 replies in 2025.
[1]
According to Group-IB, AI has done what automation always does: it took something fiddly and made it fast. The stages of an attack that once needed planning and specialist hands can now be pushed through automated workflows and sold on subscription, complete with the sort of pricing and packaging you'd expect from a shady SaaS outfit.
[2]
[3]
One of the uglier trends in the report is the rise of so-called Dark LLMs – self-hosted language models built for scams and malware rather than polite conversation. Group-IB says several vendors are already selling them for as little as $30 a month, with more than 1,000 users between them. Unlike jailbroken mainstream chatbots, these things are meant to stay out of sight, run behind Tor, and ignore safety rules by design.
Running alongside the Dark LLM market is a booming trade in deepfakes and impersonation tools. Group-IB says complete synthetic identity kits, including AI-generated faces and voices, can now be bought for about $5. Sales spiked sharply in 2024 and kept climbing through 2025, pointing to a market that continues to grow.
[4]
There's real damage behind the numbers, too. Group-IB says deepfake fraud caused $347 million in verified losses in a single quarter, including everything from cloned executives to fake video calls. In one case, the firm helped a bank spot more than 8,000 deepfake-driven fraud attempts over eight months.
[5]Akamai CEO wants help to defeat piracy, reckons he can handle edge AI alone
[6]Broker who sold malware to the FBI set for sentencing
[7]Ingram Micro admits summer ransomware raid exposed thousands of staff records
[8]Microsoft taps UK courts to dismantle cybercrime host RedVDS
Group-IB found that scam call centers were using synthetic voices for first contact, with language models coaching the humans as they go. Malware developers are also starting to test AI-assisted tools for reconnaissance and persistence, with early hints of more autonomous attacks down the line.
"From the frontlines of cybercrime, we see AI giving criminals unprecedented reach," said Anton Ushakov, head of Group-IB's Cybercrime Investigations Unit. "Today it helps scale scams with ease and hyper-personalization at a level never seen before. Tomorrow, autonomous AI could carry out attacks that once required human expertise."
From a defensive point of view, AI removes a lot of the usual clues. When voices, text, and video can all be generated on demand with off-the-shelf software, it becomes much harder to work out who's really behind an attack. Group-IB's view is that this leaves static defenses struggling.
In other words, cybercrime hasn't reinvented itself. It has just automated the old tricks, put them on subscription, and scaled them globally – and as ever, everyone else gets to deal with the mess. ®
Get our [9]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aW-0wf2A38S0UGJNH_lbHAAAA0w&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aW-0wf2A38S0UGJNH_lbHAAAA0w&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aW-0wf2A38S0UGJNH_lbHAAAA0w&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/research&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aW-0wf2A38S0UGJNH_lbHAAAA0w&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2026/01/20/akamai_ceo_tom_leighton_piracy_interview/
[6] https://www.theregister.com/2026/01/19/iab_sentencing/
[7] https://www.theregister.com/2026/01/19/ingram_micro_ransomware_affects/
[8] https://www.theregister.com/2026/01/15/microsoft_uk_courts_redvds/
[9] https://whitepapers.theregister.com/
Re: carry on offshoring
MyffyW
Interestingly both JLR and M&S are examples of companies that used* to look after their staff. A regular shopfloor or factory-floor job at either used to garner respect and even a degree of envy.
[*yes, I know, long ago, before Tech Bros. And the Dark Times]
AI: Good for Crimes
breakfast
Much like Crypto before it, AI has been hyped to the moon and back by weirdo grifters and multinational corporations, but it turns out that it's most useful for scams.
Looking forward to discovering how Quantum* can be used for generating new kinds of spam and malware.
* You know the kind of people who like Linked In are going to just call it "Quantum" because they have no idea what quantum computing is and just need the next nail to hang their scams and hyperbole off.
carry on offshoring
as ever firms will carry on sending work offshore with international teams and 3rd party suppliers who never meet each other, fire staff randomly & pay so little the staff don't care *cough* TCS *cough*
a well integrated, well paid fully staffed team , whether it be IT, marketing, finance, the shop staff etc are relaxed, well paid & not over worked & far less likely to fall for this shit!
Personally I have zero sympathy for firms that have accelerated their outsourcing & offshoring while at the same time whining like little kids about "3rd party risk" & "lack of staff loyalty" . what will it take for firms to realise that the long term cost of well paid motivated staff is lower than £2 billion loss for JLR & £500 million odd for M&S!