Episode 83

full
Published on:

29th Oct 2025

How Cybercriminals are using AI - and How to Defend Against It

What happens when the dark side gets its hands on cutting-edge AI and why might even seasoned defenders find themselves playing catch-up?

Welcome back to Razorwire, where I’m joined by Oliver Rochford and Richard Cassidy to discuss how criminals are using AI, what's actually working and how the threat landscape is changing. We explore how adversaries are using AI, what’s actually working in the wild and how professionals can prepare for the unsettling pace of change.

Summary:

We discuss AI-powered phishing, deepfakes in recruitment and self-evolving malware. The conversation moves beyond the classic image of lone hackers, unveiling an economy of cybercrime with advanced automation, international collaboration and ruthless incentives. The real tension lies in whether AI is simply sharpening existing attack tools or if we’re on the brink of something genuinely new and autonomous. We dissect economic shifts in attack and defence and raises questions about resilience, readiness and just how quickly the future may arrive.

3 Key Talking Points:

  • AI in current attacks: Discover how attackers are already automating phishing, password cracking and social engineering at scale, with some criminal campaigns boasting success rates that would have been unthinkable without AI.
  • Deepfakes and infiltration: Hear real cases of attackers using AI-generated identities and language tools to pass job interviews and access company systems, including documented North Korean operations.

  • The autonomy debate: Join the debate over whether we’re seeing the emergence of fully autonomous AI attacks or just more sophisticated versions of existing threats,  and what it means for risk management and defending against a fast-paced, well-funded adversary.

Ideal for any cybersecurity professional looking for sharp perspectives and real-world examples on the present and future impact of AI in the hands of attackers. 



The New Question for Cybersecurity:

"We don't need to ask anymore, ‘Do we have good security?’ What we have to say, and what the question should be is, ‘Are we resilient when AI is being used against us? And how do we do that from a technology perspective?’ And there's no one answer."

Richard Cassidy



Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen



In this episode, we covered:

  • AI as the New Adversary Learn how criminals are using advanced AI tools to make cyber threats less predictable and harder to control.
  • Phishing Supercharged by AI Discover why AI-generated phishing campaigns achieve significantly higher success rates than traditional attempts and what makes them harder to spot.
  • Deepfakes and Recruitment Fraud Hear how attackers use deepfakes and voice-changing technology to impersonate job candidates and infiltrate organisations under false identities.
  • Automation and Evolving Malware Explore the debate around whether malware can autonomously adapt and rewrite itself, reducing the need for human hackers to intervene directly.
  • Limits of Current AI Threats Understand why truly autonomous, intelligent cyber attacks aren't widely observed in the wild yet, despite AI amplifying certain attack vectors.
  • Economic Shift in Cybercrime See how AI has lowered costs and barriers to entry for cybercriminals, allowing attacks to scale rapidly without nation-state resources.
  • Social and Psychological Impacts Consider how AI's rapid advancement is outpacing society's ability to adapt, leading to new forms of manipulation and radicalisation.
  • Defence Strategies Lagging Behind Find out why most defensive tools still rely on older methods and haven't matched the sophistication of AI-powered attacks.
  • Importance of Cyber Resilience Learn why resilience measures like robust backup, disaster recovery and regular risk assessments are now critical as AI heightens attack speed and scale.
  • Ethics, Regulation and the Future Race Examine how the race to adopt AI technologies by criminals and corporations alike is happening without adequate regulation or ethical boundaries.





Resources Mentioned 


Connect with your host James Rees


Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.


Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.


LinkedIn: Razorthorn Security

YouTube: Razorthorn Security

TikTok: Razorwire Podcast

Twitter:   @RazorThornLTD

Website: www.razorthorn.com


All rights reserved. © Razorthorn Security LTD 2025

All Episodes Previous Episode

Listen for free

Show artwork for Razorwire Cyber Security Insights

About the Podcast

Razorwire Cyber Security Insights
Real conversations helping cybersecurity professionals sharpen their insights, strategy & leadership skills.
Cybersecurity is evolving — and so should you. Razorwire brings the open conversations that give you the edge.

Welcome to the Razorwire podcast — your resource for practical advice, expert insights, and real-world conversations on cybersecurity, information security (InfoSec), risk management, governance, security leadership, human factors, and industry trends.

Our mission is to help you build a stronger cybersecurity career while supporting a dynamic, agile community of professionals committed to continuous improvement.

Each episode brings you actionable advice and real experiences from your host, James Rees — an information security specialist with over 25 years of experience — and from a range of respected guests across the cybersecurity industry. Together, we explore everything from technical strategies and compliance challenges to security culture, communication skills, and leadership development.

James Rees is the founder of Razorthorn Security, providing expert consultancy and testing services to a wide range of organisations, including many Fortune 500 companies. His practical, no-nonsense approach helps organisations manage cybersecurity risks effectively while strengthening resilience.

The Razorwire podcast is designed for cybersecurity professionals who want to stay ahead, sharpen their skills, and confidently respond to the challenges of today's evolving threat landscape. We believe collaboration is key to stronger security — and Razorwire gives you the conversations that help you achieve it.

For more information about us, or if you have questions you'd like discussed on the show, email podcast@razorthorn.com or visit www.razorthorn.com.