AI Threat Report: How Artificial Intelligence Is Used Across Illicit Communities

A finance employee joins a video call with their CFO and several colleagues. The request is routine. The faces match. The voices sound authentic. Minutes later, $25 million is transferred—only to be discovered later that every participant on the call, except one, was AI-generated.

Techniques behind incidents like this—synthetic video, voice cloning, scripted interactions—are now being discussed openly in the same environments where threat actors exchange tools and methods. In May 2026 alone, Flashpoint analysts identified more than 2.9 million posts discussing artificial intelligence in the context of illicit activity.

This volume reflects a larger shift: Artificial Intelligence (AI) is now deeply embedded across cybercrime ecosystems, heavily influencing fraud, impersonation, social engineering, and access operations. It alters how malicious content is generated, how identities are replicated, and how automated workflows are executed and refined over time.

To track this evolution, our monthly AI Threat Report analyzes primary source communities across forums, marketplaces, and chat services. By isolating the tactics, tools, and operational patterns shaping malicious AI use, our latest data reveals an aggressive focus on prompt-sharing, jailbreak methods, and alternative models that lack standard moderation controls.

AI Activity Volume and What It Represents

Flashpoint analysts identified 2,910,012 posts discussing AI and criminal activities in May 2026. This marks a sharp upward trajectory from April, which saw 2,328,958 posts.

The underlying activity was concentrated around a familiar set of use cases:

• Identity verification bypass
• Fraud enablement and scripting
• Impersonation through synthetic media
• Prompt-sharing and jailbreak workflows

However, threat actor priorities shifted this month. Discussions tied to custom malicious LLM development declined. Instead, hackers focused heavily on usability—specifically, how to bypass safeguards, generate more reliable outputs, or move activity onto platforms perceived as less restrictive. References to alternative models and prompt collections appeared more frequently, alongside requests for jailbreak methods and phishing-oriented outputs.

This points to a mature stage of adoption. The focus is less on building entirely new infrastructure and more on improving the reliability, portability, and ease of use of existing workflows. Threat actors are exchanging prompts, reposting working methods, and refining outputs through direct feedback—allowing the same underlying techniques to circulate across communities with only minor variations.anges between platforms or communities.Looking across April activity helps identify which methods continue to generate demand, where threat actors are adapting around platform restrictions, and which workflows remain active across multiple environments.

Where AI Activity Is Concentrated

While AI-related chatter remained concentrated on a small handful of platforms, the overall distribution shifted noticeably this month.

Telegram accounted for the absolute majority of observed activity, with Reddit, GitHub Gist, Pastebin, 4chan, Mastodon, and Discord seeing significantly lower volumes.

The massive Telegram volume highlights its role as a heavily saturated distribution layer. Threat actors frequently spam messages across channels for maximum exposure, making it a primary marketplace for prompts, jailbreak methods, fraud tooling, and service advertisements.

Throughout the month, the same offers and workflows appeared repeatedly across different channels, often tweaked based on user feedback or platform updates. Meanwhile, alternative platforms served more targeted roles:

• GitHub Gist and paste sites hosted scripts and technical supporting material.
• Underground forums supported reputation building and long-form technical discussions.
• Discord and Reddit communities centered around specific models, prompt collections, or jailbreak workflows.

Because these environments remain interconnected, techniques introduced in one community frequently reappear elsewhere the moment they prove to produce reliable outputs or successfully evade moderation controls.inue to gain traction and which techniques are becoming more broadly operationalized.

AI-Enabled Fraud and Identity Verification Bypass

Flashpoint analysts observed a massive surge in identity evasion activity in May, recording 1,784,716 posts advertising or discussing Know Your Customer (KYC) bypass methods—including deepfake-enabled verification workflows.

This activity was highly concentrated across Telegram channels dedicated to identity fraud, with posts consistently advertising:

• Synthetic video generation designed to mimic live verification behavior.
• Voice cloning and scripted interaction prompts.
• Bundled “KYC bypass kits” tailored to specific onboarding systems.

Some offerings included step-by-step guidance on adapting responses for specific financial platforms. Others promoted end-to-end combinations of synthetic video, matching fraudulent documentation, and AI-generated scripts to fully automate impersonation attempts.

This activity connects directly to the broader access ecosystem. Stolen credentials, session tokens, and phishing infrastructure are increasingly combined with AI-enabled impersonation within the same operational workflows. For security teams, this means verification systems, onboarding processes, and account recovery layers are being actively tested and systematically targeted.the same environments where these methods are exchanged and improved.

Malicious LLM Usage and Prompt-Based Workflows

Discussions tied to malicious or unrestricted LLM usage focused heavily on jailbreak methods, prompt-sharing, and access to alternative models perceived as less restricted than mainstream platforms. Threat actors continue to rely on unrestricted models to generate phishing links, build harmful code, or craft offensive media.

The underground market centers on usability and output reliability, with frequent references to:

• Jailbreak prompts designed to bypass safety guardrails.
• Phishing and fraud-oriented prompt collections.
• Step-by-step instructions for generating specific malicious outputs.
• Requests for prompts tailored to social engineering campaigns.

Many of these prompts are shared in active, living collections that include updates and troubleshooting channels. When a prompt stops working or a platform introduces new restrictions, users exchange feedback and roll out updated versions within hours.

This behavior reinforces how prompt engineering has developed into its own service layer across illicit communities. The emphasis remains on accessibility, portability, and ease of use rather than custom, ground-up model development, accessibility, portability, and ease of use rather than custom model development.

Operational Patterns and What Holds Across Sources

Across monitored sources, threat actors consistently prioritize four operational requirements: reliability of outputs, ease of reuse, the ability to bypass safeguards, and seamless compatibility with existing fraud infrastructure.

The recycling of tools is highly visible in how content moves between platforms. A jailbreak prompt shared in a chat room quickly appears on a forum with revised wording or additional instructions. A phishing workflow posted to a forum is copied into a paste site and redistributed through Telegram channels.

This creates a tight feedback loop. Discussions focus heavily on which prompts require the least adjustment before use. Ultimately, AI-enabled cybercrime methods are maturing not through sudden technical breakthroughs, but through constant repetition, minor iteration, and rapid distribution across connected communities.

What Security Teams Should Take Away

The underground activity tracked this month shows how artificial intelligence is being operationalized in environments where techniques are developed, tested, and shared long before they surface in the wild.

Because these methods are structured for easy deployment, they require very little modification to move from a forum discussion into an active attack vector. For security teams, the priority must be maintaining direct visibility into how these methods are evolving. Understanding which techniques are actively in circulation is the only way to build earlier detection and more focused defenses at the control layer.

If you want to see how this activity maps to your environment, request a demo.