Emerging Threats in Cybersecurity: The Rise of Adversarial AI
Cyber threats have entered a new era, driven by the increasing weaponization of adversarial artificial intelligence (AI). Unlike traditional attacks that rely heavily on human operators, these new AI-powered campaigns can autonomously execute complex attack chains, from reconnaissance and exploitation to lateral movement and ransom negotiation, at scale and with unprecedented precision.
Our latest research, in collaboration with Cybersecurity at MIT Sloan (CAMS, located at MIT’s Sloan School of Management), reveals that adversarial AI is now responsible for automating over 80% of ransomware operations. These systems dynamically adapt their tactics in real time, identify and prioritize high-value targets, assess the financial posture of victims, and even carry out tailored ransom communications with minimal human oversight.
But the threat doesn’t stop at ransomware. The SAFE/CAMST Working Paper documents a 60% surge in AI-driven phishing schemes and deepfake-enabled fraud in 2024 alone. These developments signal a broader shift in the cyber threat landscape, where intelligent, self-directed systems increasingly outpace traditional defense mechanisms.
For an in-depth analysis, you can access the full working paper here: SAFE/CAMS Working Paper (PDF).
The SAFE/CAMS Working Paper presents empirical evidence that adversarial AI now underpins most ransomware campaigns, automating reconnaissance, exploitation, and ransom negotiation with minimal human oversight. The analysis of over 2,800 incidents highlights a critical shift: threat actors are rapidly operationalizing AI to scale and adapt their attacks in real-time. At the same time, defenders remain constrained by slower adoption cycles. The paper underscores the urgent need for AI-integrated cyber defense strategies that are proactive, adaptive, and intelligence-driven.
Data-Driven Insights: Compiled Datasets and Research Continuity
To support the findings detailed in this paper, we compiled an extensive dataset that tracks ransomware incidents. This data has been systematically organized and maintained in the SAFE Threat Center, allowing for granular analysis of attack patterns, evolving AI tactics, and threat actor behaviors.
Recognizing the rapid evolution of AI-powered cyber threats, our research remains an ongoing initiative. We continuously ingest new data and refine our models to ensure that our insights reflect the latest threat landscape developments. This dynamic approach is critical for staying ahead of adversaries who leverage AI to adapt in real time.
Threat Monitoring and Analysis at SAFE
Recognizing the operational blind spots faced by most cybersecurity and cyberrisk teams, often exacerbated by fragmented tooling and siloed data, SAFE developed a Threat Center, a unified intelligence and analysis hub within the SAFE One cyber risk management platform. This hub addresses the challenges of limited threat visibility and the lack of actionable prioritization by centralizing threat telemetry and dynamically mapping it to an organization’s risk surface.
This integrated approach empowers security teams with the clarity, speed, and contextual intelligence necessary to transition from reactive defense to proactive cyber risk management.
How SAFE Enhances First-Party and Third-Party Risk Assessments
As adversarial AI increases the speed and sophistication of cyberattacks, organizations need a defense strategy that adapts just as quickly. Traditional risk models, which rely on static assumptions, are no longer sufficient. To stay ahead, organizations must rely on dynamic threat intelligence that reflects real-world activity. This is where SAFE’s Dynamic Threat Event Frequency (TEF) plays a critical role.
TEF quantifies how likely a specific threat actor is to target an organization, industry, or geography using a particular initial attack method within a 12-month period. TEF is updated daily using live telemetry, observed TTPs (tactics, techniques, and procedures), and shifts in adversary behavior.
This live signal ensures SAFE users always operate on up-to-date risk scoring factors. When TEF rises for a given threat actor, associated risk scenarios are recalculated in real-time. For instance, an increase in Lockbit’s ransomware activity via External Application Exploitation can cause its TEF to spike, immediately raising the modeled risk across all affected organizations.
These TEF changes directly trigger new or revised risk scenarios in the SAFE platform. Scenarios like:
- LockBit – Ransomware with Data Exfiltration – External Application Exploitation
- LockBit – Ransomware with Data Exfiltration – Remote Service Exploitation
- LockBit – Ransomware with Data Exfiltration – Credential Stuffing
Each of these is tied to live adversary behavior and dynamically modeled against your organization’s control maturity and asset exposure.
Enabling AI-Powered Risk Management for a Resilient Digital Future
As cyber threats grow more intelligent, faster-moving, and AI-driven, the burden on defenders has never been greater. Traditional security models—reactive, siloed, and manually intensive—simply can’t keep pace. That’s where SAFE comes in.
With the release of Threat Center, SAFE now gives security leaders a comprehensive, near-real-time view of threat events and attacker behavior tied directly to their organization’s security controls maturity. Our Threat Research team analyzes and enriches these updates daily, feeding into dynamic risk scenarios that reflect current attacker tactics, techniques, and motivations. When combined with our cyber and financial risk quantification engine, organizations can confidently answer the question: “What’s our actual cyber risk exposure today, and what can we do about it?”
SAFE brings all of this together into one unified platform, turning risk management from a compliance checkbox into a strategic business enabler. Whether you’re trying to secure your enterprise or assess the digital risk of your third-party ecosystem, SAFE provides the clarity, speed, and intelligence to stay one step ahead of adversaries.
Ready to Turn Threat Intelligence into Business Advantage?
Discover how SAFE’s Threat Center and AI-driven cyber risk quantification can help your organization build true resilience—internally and across your vendor landscape.
Explore SAFE’s Third-Party Risk Management capabilities
Read how SAFE is transforming cyber risk management
The future of cyber risk management is proactive, data-driven, and AI-powered. The question is—are you ready?
Learn more: Schedule a demo of the SAFE One cyber risk management platform
SUBSCRIBE TO WEEKLY BLOG NEWSLETTER
SHARE THE PAGE
