Majority of Orgs Hit by AI Cyber-Attacks as Detection Lags

Most (87%) security professionals have reported that their organization has encountered an AI-driven cyber-attack in the last year, with the technology increasingly takes hold, according to a new report by SoSafe.

The new SoSafe 2025 Cybercrime Trends report also noted that 91% of all security experts anticipate a significant surge in AI-driven threats over the next three years.

The World Economic Forum’s Global Cybersecurity Outlook 2025 cited a 223% increase in the trade of deepfake-related tools on dark web forums between Q1 2023 and Q1 2024.

The SoSafe study of 500 global security professionals, as well as 100 SoSafe customers across 10 countries, noted that detection of these attacks is still a challenge, with only 26% expressing high confidence in their detection abilities.

Despite this, 96% of respondents recognized the importance of detecting AI-based attacks.

Andrew Rose, CSO, SoSafe, commented, “AI is dramatically scaling the sophistication and personalization of cyber-attacks. While organizations seem to be aware of the threat, our data shows businesses are not confident in their ability to detect and react to these attacks.”

How AI is Leveraged in Cyber-Attacks

Obfuscation techniques, such as AI-generated methods to mask the origins and intent of attacks, were cited as the top concern by 51% of security leaders.

The research also noted that AI is also enabling multichannel attacks which blend tactics across email, SMS, social media and collaboration platforms.

Over the past two years, 85% of 95% of cybersecurity professionals agree they’ve noticed an increase in this style of attack.

“Targeting victims across a combination of communications platforms allows them to mimic normal communication patterns, appearing more legitimate,” said Rose. “Simplistic email attacks are evolving into 3D phishing, seamlessly integrating voice, videos or text-based elements to create AI-powered, advanced scams.”

SoSafe also noted that the in-house adoption of AI is inadvertently expanding organizations’ attack surfaces, subjecting themselves to new innovative attacks such as data poisoning and AI hallucinations.

The survey found that 55% of businesses have not fully implemented controls to manage the risks associated with their in-house AI solutions.

SoSafe noted that AI does have the potential to be “transformational” in cybersecurity defense via employee training, correlating security alerts and automating code corrections.

“While AI undoubtedly presents new challenges, it also remains one of our greatest allies in protecting organizations against ever-evolving threats. However, AI-driven security is only as strong as the people who use it. Cybersecurity awareness is critical. Without informed employees who can recognize and respond to AI-driven threats, even the best technology falls short. By combining human expertise, security awareness and the careful application of AI, we can stay ahead of the curve and build stronger, more resilient organizations,” said Niklas Hellemann, CEO of SoSafe.