What Makes Us Vulnerable to AI-Enabled Cyber Attacks

Artificial Intelligence (AI) is rewriting the rules of cybersecurity, and not in our favor! AI-enabled cyber attacks are capable of causing far greater damage than traditional attacks carried out by human hackers (Guembe, Azeta, Misra, Osamor, Fernandez-Sanz, and Pospelova 2022). This next generation of cyber threats is not constrained by human limitations. Instead, AI-generated attacks are weaponized to cause far-reaching and potentially exponential damage that extends well beyond a single data leak or network intrusion.

Unlike static malware, AI-enabled cyber attacks learn as they go, adapting, analyzing, and improving with every engagement (Guembe et al. 2022). This “smart” capability expands the weaponization potential of AI, transforming it from a neutral tool into a powerful force multiplier. The same technology that organizations use to innovate and protect can be turned against them with devastating effects.

AI Makes Cyber Crime More Accessible

The technology required to launch an AI-enabled cyber attack is increasingly accessible. While traditional hacking demanded significant technical skill, AI-enabled attacks often do not (Zucca and Fiorinelli 2025).

Amateur hackers can now deploy AI to strike at networks, even if they lack coding expertise. For instance, tools such as WormGPT and FraudGPT — available on the dark web — can generate malicious code, write phishing emails, and even simulate human conversation to manipulate victims (Amer 2025). The result? A dramatically lowered barrier to entry for global cybercrime and terrorism.

AI also provides enhanced data analytics and predictive insights, enabling attackers to harvest and weaponize massive amounts of information about target populations. With AI’s ability to identify human patterns, fears, and behaviors, cyber attacks become not only more scalable but also more personalized. Policymakers, leaders, and security professionals must understand these evolving tactics and the uniquely human vulnerabilities they exploit.

The Cognitive Battlefield

While much of cybersecurity focuses on technical defenses - firewalls, encryption, and access controls - fewer discussions address the human mind as an attack surface. Yet the cognitive state of those targeted often determines whether an attack succeeds or fails.

Humans vary in susceptibility: one individual might easily spot a phishing attempt, while another, under stress or distraction, may fall for it. As AI advances, so do its capabilities to exploit these human factors, turning cognition itself into the newest front line of cyber warfare.

AI in Action: The Zelensky Deepfake

In 2022, an AI-generated deepfake of Ukrainian President Volodymyr Zelensky appeared online, showing him allegedly urging citizens to surrender to Russian forces (BBC Monitoring 2022). This video circulated widely across social media - a clear example of AI weaponization in the information environment.

For audiences already fatigued by conflict, anxious about Ukraine’s defense capabilities, or primed by prior disinformation, the fake video seemed plausible. Without AI, such a realistic and precisely targeted piece of content would have been impossible to produce or distribute at scale.

Effective AI-enabled cyber attacks depend on deep knowledge of target populations - their beliefs, emotions, and information ecosystems (Habgood-Coote 2023). Without AI, a video is just a video. With AI, a fake video becomes a psychological weapon.

The extensive analytical and generative capabilities of AI allow adversaries to create hyper-targeted campaigns against specific individuals, groups, or organizations (Basit, Zafar, Liu, Javed, Jalil, and Kifayat 2021). By mining data from social media, public records, and online behavior, AI constructs messages that resonate with a target’s existing fears, values, and biases - maximizing impact and believability.

How AI Exploits Human Cognition

There are many reasons why the human brain is vulnerable to hacking. Here are three potential contributing variables:

• Cognitive Bias: People interpret new information through the lens of what they already believe (Luo, Liu, Yang, and Xu 2023). For instance, an individual convinced that Ukraine is losing the war would be far more likely to accept a deepfake of Zelensky urging surrender as real. AI systems collect and analyze such beliefs, allowing attackers to design manipulations that fit seamlessly into existing worldviews.

• Heuristic Decision-Making: When under pressure, people rely on mental shortcuts instead of deliberate reasoning. Phishing emails marked as “urgent” exploit this vulnerability, prompting action before reflection (Valerică, Floredana, and Sabina-Cristiana 2025). AI can fine-tune such attacks using behavioral data, increasing the likelihood of a successful breach.

• Motivated Reasoning: People tend to accept information that aligns with their group identity or prior experiences (Gomez 2019). AI-generated content that mimics an organization’s tone or appears to come from a trusted leader can easily bypass critical scrutiny - leveraging loyalty as a cognitive vulnerability.

Human cognition is an integral part of cybersecurity. AI’s capacity for large-scale data analysis and content generation enables it to manipulate thought processes in ways that traditional cyber attacks could not.

Conclusion

AI-enabled cyber attacks are transforming the nature of digital conflict. Defense mechanisms once focused solely on technology are no longer sufficient against adversaries who can weaponize human psychology.

The inclusion of human cognition in the cyber battlefield introduces complex new vulnerabilities - ones that can’t be patched with software updates. As AI continues to evolve, so will its ability to target the human element.

Understanding how AI-enabled attacks exploit cognitive and emotional vulnerabilities is essential for developing more effective defense strategies. In the 21st century, the front lines of cybersecurity are not just digital - they’re psychological.

Sources:

Amer, Lawrence. “AI in Cyber Security: A Dual Perspective on Hacker Tactics and Defensive Strategies.” Cyber Security 8, no. 3 (2025): 198–213. https://doi.org/10.69554/CLXC9075.

Basit, Abdul, Maham Zafar, Xuan Liu, Abdul Rehman Javed, Zunera Jalil, and Kashif Kifayat. 2021. “A Comprehensive Survey of AI-Enabled Phishing Attacks Detection Techniques.” Telecommunication Systems 76 (1): 139–54. https://doi.org/10.1007/s11235-020-00733-2.

BBC Monitoring Former Soviet Union. “Briefing: Zelensky Deepfake Shared on Social Media.” March 17, 2022.

Guembe, Blessing, Ambrose Azeta, Sanjay Misra, Victor Chukwudi Osamor, Luis Fernandez-Sanz, and Vera Pospelova. 2022. “The Emerging Threat of AI-Driven Cyber Attacks: A Review.” Applied Artificial Intelligence 36 (1): 1–34. https://doi.org/10.1080/08839514.2022.2037254.

Gomez, Miguel Alberto N. 2019. “Sound the Alarm! Updating Beliefs and Degradative Cyber Operations.” European Journal of International Security 4 (2): 190–208. https://doi.org/10.1017/eis.2019.2.

Habgood-Coote, Joshua. 2023. “Deepfakes and the Epistemic Apocalypse.” Synthese 201 (3): 103.

Luo, Chang, Juan Liu, Tianjiao Yang, and Jinghong Xu. 2023. “Combating Disinformation or Reinforcing Cognitive Bias: Effect of Weibo Poster’s Location Disclosure.” Media and Communication 11 (2): 88–100. https://doi.org/10.17645/mac.v11i2.6506.

Valerică, Greavu-Şerban, Constantin Floredana, and Necula Sabina-Cristiana. 2025. “Exploring Heuristics and Biases in Cybersecurity: A Factor Analysis of Social Engineering Vulnerabilities.” Systems 13 (4): 280. https://doi.org/10.3390/systems13040280.

Zucca, Maria Vittoria, and Gaia Fiorinelli. 2025. “Regulating AI to Combat Tech-Crimes: Fighting the Misuse of Generative AI for Cyber Attacks and Digital Offenses.” Technology and Regulation 2025: 247–62. https://doi.org/10.71265/23nqtq40.