Speaker
Description
Digital technologies are entangling cyber risk, digital infrastructure, and governance. This paper argues that AI-enabled cybercrime is best understood as a transformation of the cybercrime ecosystem rather than merely as a set of new technical tactics. It draws on UC Berkeley’s “AI-Enabled Cybercrime: Exploring Risks, Building Awareness, and Guiding Policy Responses” initiative, supported by the Center for Long-Term Cybersecurity (CLTC) and the Berkeley Risk and Security Lab (BRSL), which combines foresight-based scenario planning with empirical tabletop exercises (TTXs) and broader expert engagement (workshops, interviews, surveys).
Empirically, the paper synthesizes observations from three convenings: the kickoff tabletop exercise at UC Berkeley (December 2024), the Singapore tabletop exercise (October 2025) and the Tel Aviv exercise (December 2025). Participants from government, critical infrastructure, industry, and academia conducted stress tests of AI-generated malware, deepfake-enabled fraud, and accelerated attack chains. The TTXs explored responses ranging from initial breach investigation to disruption scenarios affecting energy, transport, and water systems.
Across the exercises, participants described AI as increasing the “speed, scale, and sophistication” of familiar criminal motives (money, leverage, access) while lowering technical barriers and reinforcing an underground “marketplace” model in which specialized actors coordinate (e.g., access brokers, ransomware negotiators, deepfake vendors). Yet the decisive constraints were institutional and societal: teams debated roles, decision rights, and reporting lines before technical evidence could be validated; communications strategy had to balance transparency against rumor and escalation risks; leaders also emphasized human accountability even when using AI to triage large data volumes.
The paper concludes with a resilience-by-design agenda relevant to European security studies and practice: decision models for action under uncertainty, more straightforward public-private responsibility sharing for critical digital dependencies, and crisis-communication doctrines that protect public trust while preserving rights.
| If you are submitting an Open Panel proposal, have you included all four abstracts in attachment? | No, I am submitting a Closed Panel abstract |
|---|---|
| Would you like to be considered for travel funding through the NetSec COST Action? | Yes |
| Are you a member of the NetSec Management Committee? | No |
| What discipline or branch of humanities or social sciences do you identify yourself with? | Security Studies |
| Which of the following best describes your stage of the career? | Associate Professor |
| In which country is your home institution? | Israel |
| What is your gender? | Female |