AI-revolution powering cybercriminals

The era of cybercriminals taking days to plan and execute attacks is over.

At Sydney's Cloudflare Immerse Event on September 4, 2025, cybersecurity expert Matt O'Kane revealed how artificial intelligence has transformed the criminal underworld into a lightning-fast threat machine.

His presentation, titled "Days to Minutes," opened with a chilling statistic: Cloudflare observed an attempted exploitation of a new zero-day vulnerability just 22 minutes after its proof-of-concept was published online.

The AI revolution in cybercrime

O'Kane's analysis of 2025 cybercriminal trends painted a picture of criminals leveraging artificial intelligence to supercharge their operations against businesses.

The traditional multi-day planning cycles that once gave security teams precious time to prepare and respond have been obliterated by AI-enhanced attack capabilities.

"We thought we had time to detect cybercriminals, time to respond, time to prepare. Well, we were wrong,” warned O’Kane.

“Today, that multi-day delay has compressed to hours.”

Smarter attacks, less work

Modern AI-powered ransomware operators have evolved beyond brute-force encryption tactics.

Additionally, cyber criminals are now operating as businesses with services like ‘tech’ support.

Instead of laboriously encrypting entire systems, they now employ sophisticated deception stealing selective data while fabricating evidence of more extensive breaches.

This psychological warfare approach maximises impact while minimising effort, a hallmark of AI-optimised criminal operations.

The criminal intelligence network

O'Kane outlined how today's AI-enhanced attackers source their intelligence through three increasingly sophisticated levels:

• Public exploitation: Leveraging openly disclosed vulnerabilities

• Dark web networks: Accessing criminal marketplaces for tools and intelligence

• Advanced research: Conducting original reverse engineering and utilising insider knowledge

Fighting fire with fire

Drawing parallels to historical threats like "diskettes of doom “a colloquial term for Distributed Denial of Service (DDoS) attacks where criminals flood target networks with overwhelming traffic from multiple sources.

O'Kane emphasised that the businesses faces an unprecedented challenge.

He maintained his firm stance against ransom payments, arguing they fuel the AI arms race by funding criminal innovation.

As AI continues to evolve, O’Kane’s message is clear, the window for detection and response isn’t measured in days anymore: it’s measured in minutes.