UK universities find AI is not yet turbo-charging cybercriminals

TL;DR:

  • A joint study by the University of Edinburgh, Strathclyde and Cambridge has analysed 100 million posts from underground cybercrime forums and concluded that AI is not yet delivering meaningful capability uplift to most cybercriminals.
  • AI’s main observable contribution to cybercrime so far is in pattern-hiding (evading detection) and social-media bot networks running misogynistic harassment and fraud schemes — not large-language-model-assisted exploit development.
  • The finding directly contradicts the “AI is supercharging cybercrime” narrative that has dominated 2025-2026 UK threat-briefing material, and pairs with the AISI cyber-capability data published this week to give UK security leaders a calibrated rather than alarmist picture.

The research methodology is unusual in scale. Dr Ben Collier of Edinburgh’s School of Social and Political Science led a team using machine learning and manual sampling across the 100 million posts, tracking experimentation patterns from ChatGPT’s November 2022 release onwards. The headline finding — that most cybercriminals lack the skills or resources to drive real innovation with AI tools — challenges the framing that has driven much of the UK threat-intelligence market.

Where AI is and is not helping criminals

The team identifies a clear capability split. AI-assisted coding tools help cybercriminals who are already skilled at coding, with productivity gains rather than barrier-to-entry reductions. For lower-skilled criminals, AI tools have not opened up new attack categories. The exceptions are social engineering — where bot farms can scale outreach — and content-manipulation harassment, which depends on volume rather than sophistication.

Safety mechanisms on major chatbots are doing meaningful work, the study finds. But evidence is emerging that criminal communities are starting to manipulate the outputs of mainstream chatbots — a finding that aligns with AISI’s own work this month on prompt-injection and jailbreaking in frontier models. The threat is not “AI handed criminals new capability”; it is “criminals are learning to weaponise safety failures in deployed AI systems”.

UK angle: don’t panic, but watch the defenders

Collier’s message to industry is calibrated: “don’t panic yet”. The immediate danger is companies and the public adopting poorly-secured AI systems themselves and exposing themselves to new attack surfaces — the same point the King’s Speech package this week implicitly accepted by including the Cyber Security and Resilience Bill alongside AI regulation. For UK security leaders, the practical signal is to deprioritise “AI-enabled threats” speculation in roadmaps and prioritise hardening of own-deployed AI systems.

Looking forward

The study sits in productive tension with AISI’s own finding this week that autonomous AI cyber capability is doubling every 4.7 months. Both can be true: frontier-model capability is genuinely accelerating, but criminal adoption is constrained by the skill, infrastructure and risk-appetite gaps the UK universities have documented. The window before the two curves intersect is the planning horizon UK CISOs should use.