AI-powered cybercrime tools have surged across dark web marketplaces in recent months, with underground posts mentioning the technology rising from 38 in December to 1,486 in February, according to research cited at Infosecurity Europe.
At the conference on June 2, a ransomware research expert said experience in government had shown that tackling cyber threats has become a major national security challenge. The speaker warned that keyboard-driven attacks from thousands of miles away continue to create serious fear and disruption.
Dark Web Markets Shift Toward AI Tools
Researchers had already mapped a cybercrime underground dependent on supply chain specialisation, efficiency and division of labour. They then analysed 4,000 entries, 77 Telegram channels, 20 dark web forums and five specialised underground markets to understand the impact of AI-powered tools.
The findings showed a sharp rise in posts mentioning the technology, increasing by more than 3810 percent from December to February. These services also showed signs of a more sophisticated marketplace, with automated distribution, freemium options and tiered pricing.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
What Cybercriminals Are Selling
Cybercrime actors on these forums and marketplaces are selling tools that fall broadly into four categories. These include weaponised large language models, which can be AI models secretly retrained for malicious purposes, illegal versions of legitimate tools with rules and safety limits removed, or new systems built from scratch.
Another category is AI-enabled identity fraud, including voice and video deepfakes for BEC, KYC bypass and selfie-check recognition systems. One tool was shown to have a 92 percent success rate at bypassing KYC platforms and had gained such market recognition on the dark web that criminals were reportedly hunting for pirated copies.
AI-augmented malware and infrastructure are also being sold, moving beyond text generation to support live operational use. One example cited was an AI-powered call center supporting 25 languages, trained on more than 150,000 calls and capable of producing ambient call center background noise to reassure victims. Jailbroken and stolen AI services make up another major category, with stolen ChatGPT accounts reportedly starting at 10 cents.
Defenders Urged to Adapt Fast
The low financial barrier to entry has made access to cybercrime tools “virtually zero,” with freemium tools widely available. Telegram bot-driven distribution automates sales, customer service, notifications and order tracking, while multiple channels provide redundancy if one route is disrupted.
Against this backdrop, organisations were urged to prepare on four fronts. They must defend against low-capability actors while facing pressure from sophisticated groups, rebuild awareness around phone calls as a primary attack vector, prepare for rapid AI-accelerated attacks and improve coordination across public and private sectors.
The warning also placed responsibility on AI model makers, payment processors and hosting infrastructure providers to cooperate with defenders. Researchers said the same intelligence work that reveals how these markets operate also shows where they are vulnerable, giving defenders a meaningful and actionable advantage.
