AI automates the entire course of hacker attacks. Years of “science” replaced by technology
In 2024, over 627,000 cases were recorded in Poland. reports of violations of the security of IT systems. That's 60 percent. more than in 2023, when nearly 391,000 were reported. Cybercriminals are using increasingly advanced attack techniques, including those using artificial intelligence. Recently, there has been a lot of talk about vibe hacking, which, due to the level of automation and speed of operation, may pose a serious threat to our cybersecurity.
– Vibe hacking is the latest cyber attack technique, which in short means that no advanced coding is needed, only prompting.. Cybersecurity and cybercrime are being democratized at this point, primarily because what once required years of study and interdisciplinary teams can now be done by humans using artificial intelligence, which will execute malicious code for them and much more – Ewelina Wachulec, senior engineering manager at Dell Technologies, tells the Newseria agency. – First of all, this means a completely different scale and speed of hacker attacks, because artificial intelligence automates their entire course, from beginning to end. This means that we are more exposed to their effects, that these campaigns will be effective and that we will lose sensitive data or be subjected to ransom demands.
According to Anthropic's “Threat Intelligence Report: August 2025,” the research team identified an operation called GTG-2002 that marks a new stage in the use of artificial intelligence, including coding agents, in cybercrime, known as vibe hacking. The idea is to instruct AI to generate code used to attack or bypass security measures. In the analyzed case, the perpetrators used Anthropic's coding tool to automate activities related to the preparation and execution of attacks. Within a month, they attacked 17 different organizations, including those in the government, healthcare, emergency services and religious institutions. Analysts point out that artificial intelligence played the role of not only an advisor, but also an active operator.
– We have an example from July 2025, when a publicly available model was used to hack 17 organizations and steal confidential data. However, the good news is that these models are secured and that there is full cooperation of both technology creators, security services and cybersecurity departments. In my opinion, it is currently impossible to apply a widely and widely available model to vibe hacking or to a cyber attack, and it was possible until recently. So it's a race – hackers' methods are developing, but so are defense methods – emphasizes Ewelina Wachulec.
Artificial intelligence is also used in other types of attacks. The report of the Government Plenipotentiary for Cybersecurity for 2024 predicts that in the years 2025-2026 there will be more campaigns in Polish cyberspace in which fraudsters will use AI to generate a false voice and image. The study “Poles' attitudes towards cybersecurity 2025” prepared by the Warsaw Banking Institute together with the Polish Bank Association shows that 23 percent Poles consider deepfakes to be the greatest threat on the Internet. Through them, investment hoaxes can be carried out, e.g. in cryptocurrencies.
– We do not have data on who is most often the target of attacks using artificial intelligence. However, this is a very interesting thread because she doesn't make the same decisions as humans. It simply looks for security vulnerabilities automatically. Artificial intelligence is not interested in who is being attacked, it simply ruthlessly and automatically searches for vulnerabilities and vulnerabilities, prepares attack patterns and attacks – explains the Dell Technologies expert.
At least one cybersecurity incident
The KPMG “Cybersecurity Barometer” report shows that last year 83 percent Polish companies recorded at least one cybersecurity incident. That's 16 percentage points. more than a year earlier. The scale of cyberattacks is leading to greater business focus on digital security. The use of artificial intelligence to support IT departments ranks second among the most common areas of AI use in companies – indicated by 34%. respondents using this technology in their organizations. Only 13 percent declared that it applies it directly in the area of cybersecurity, which, according to the authors of the report, may result from staff shortages and still limited financial resources, despite the systematic increase in investments.
– I believe that our companies have the tools to defend against cybercrime, because the topic of cybersecurity is not new. Only the scale of these attacks and access to them are changing. It is a constant race because we have access to the same technology on both sides. However, I would like to strongly emphasize that we are not keeping up with education and awareness of these threats, notes Ewelina Wachulec.
The ESET and DAGMA IT Security report “Cyberportrait of Polish business 2025” shows that 1/5 of employees rate their cybersecurity competences highly. Every third person admits that he believed the deepfake content he saw.
– We need knowledge about cybercrime attack patterns, because otherwise we will not be able to defend ourselves against them. At the same time, if it is supported by the detection of such attack attempts, they will be blocked – says a Dell Technologies expert. – We need to be aware that such technologies exist, that public models have blocked their use for evil purposes, but there is an underground where models are created for such purposes. Both in the business environment, companies and in our own homes, we need to know how to protect ourselves and we need this knowledge much more.
Digital education and healthy use of the Internet
Data from the report “Poles' attitudes towards cybersecurity 2025” show that approximately 30 percent Polish residents are of the opinion that teachers should shape young people's awareness of safe and healthy use of the Internet by introducing mandatory digital education classes. 28 percent respondents, however, believe that children should have an example of appropriate digital attitudes at home and learn the balance between the offline and online worlds.
– We need education at every level. Schools should educate what deepfake and voice cloning are, and that the voice you hear on the other side of the monitor will not necessarily be a person with good intentions, emphasizes Ewelina Wachulec. – We should invite public education to this issue and talk about it in companies. We should not keep this knowledge only in cybersecurity and tech defense teams, but we should educate in every possible field, very broadly, also inside companies.
He adds that even if knowledge about current threats is high, it must be constantly updated. This is an example of vibe hackingwhich is a new type of threat.
