1 Introduction

Cyberattacks have become increasingly frequent, impactful, and sophisticated over the past decade, thanks to artificial intelligence (AI) [1–3]. AI is a double-edged sword in cybersecurity [4]. Organisations can use AI to strengthen their cyber defences [5], but cybercriminals can also leverage AI to launch targeted attacks at unprecedented speed and scale, evading traditional, signature-based, detection measures [3]. The growing prevalence of AI-driven cyberattacks highlights the dual-edged nature of AI, which can be used to both improve and undermine cybersecurity [6]. This paper adopts Malatji’s [7] AI-in-cybersecurity taxonomy, which distinguishes between defensive AI, offensive AI, and adversarial AI, with adversarial AI considered a subcategory of offensive AI.

Defensive AI uses machine learning (ML) and other AI techniques to improve the security and resilience of computer systems and networks against cyberattacks [8, 9]. Offensive AI, or attacks utilising AI, refers to the employment or exploitation of AI for the purpose of carrying out malicious activities, such as developing new cyberattacks or automating the exploitation of existing vulnerabilities [4]. Adversarial AI, or the abuse and misuse of AI systems [10], on the other hand, refers to attacks that exploit vulnerabilities in AI systems to cause them to make incorrect predictions [11, 12]. This can be done by manipulating the input data to the AI system, or by poisoning the training data that the AI system was trained on [13]. Table 1 summarises the key differences between defensive, offensive, and adversarial AI according to [5, 6, 13–16].

Table 1 Key differences between defensive, offensive and adversarial AI

There is limited research on offensive and adversarial AI from a non-technical perspective, with the existing literature focusing primarily on the technological dimension of both defensive, adversarial and offensive AI. This highlights a need for more holistic research on AI in cybersecurity, considering the non-technical factors that can influence AI-driven threats. This paper uses a systematic literature review (SLR) to understand the current state of AI-driven cyberattacks, their motivations, mitigation strategies or defensive AI, and societal impact. The nuanced focus of the paper is primarily on offensive and adversarial AI, with adversarial AI considered a subcategory of offensive AI. The goal is to provide researchers, practitioners and society with a comprehensive framework to understand AI-driven cyberattacks to develop effective defensive AI mitigation strategies.

After all, the robustness and reliability of urban digital infrastructures are essential for sustainable cities and societies, given the growing reliance on technology in the digital age [17, 18]. Because AI-driven cyberattacks pose significant threats to these infrastructures [19, 20], a thorough understanding of their nuances is imperative for ensuring the resilience and sustainability of societal digital ecosystems. This will also ensure sustainable social and economic development [21]. To shed light on this challenge, the researchers posed the following questions:

  • what are the different types of AI-driven cyberattacks?

  • what strategies and techniques can be used to mitigate AI-driven cyberattacks?

  • what are the motivations of AI-empowered cyber attackers?

  • what are the potential societal impacts of AI-driven cyberattacks?

  • what framework can be used to understand AI-driven cyberattacks?

In answering these research questions through a SLR, several contributions to the field of AI in cybersecurity were made. We have developed a comprehensive classification of AI-driven cyberattacks, highlighted the current trends in defensive AI mitigation strategies, and explored the motivations of AI-empowered attackers. We have also examined the potential societal impact of AI-driven cyberattacks and developed a framework for understanding them. Our work further provides a holistic perspective on AI in cybersecurity, bridging the gap between technical aspects and broader strategic considerations. The research contribution for this SLR is summarised as follows:

  • comprehensive schema of AI-driven cyberattacks. We have identified and classified the different types of AI-driven cyberattacks based on the current state-of-the-art offensive and adversarial AI. This can serve as a basis for future research and help cybersecurity professionals better understand the threats they face (Sect. 4.1. Sect. 5.1)

  • defensive AI mitigation strategy trends for AI-driven cyberattacks: We have highlighted the current trends in defensive AI mitigation strategies (Sect. 4.2. Sect. 5.2).

  • insight into attacker motivations: We have explored the motivations and objectives of AI-empowered cyber attackers, providing insights into the 'why' of these attacks. This knowledge is essential for developing appropriate preventive measures (Sect. 4.3. Sect. 5.3).

  • analysis of potential societal impact: We have explored the potential societal impacts of AI-driven cyberattacks. This not only broadens the discussion for policymakers and the general public but also emphasises the need and significance of addressing these threats (Sects. 4.4. Sect. 5.4).

  • development of a comprehensive framework: We have proposed a framework to understand AI-driven cyberattacks, marking an academic and practical advancement. This framework has the potential to guide future research, provide a systematic approach to identifying and classifying threats, and help professionals develop effective response strategies (Sect. 5.5).

  • holistic view on AI in cybersecurity: By achieving all of five research objectives above, we have provided a holistic perspective on AI in cybersecurity, bridging the dominant technological dimension of AI in cybersecurity with the broader strategic considerations.

The researchers hope that these contributions would provide valuable insights for academics, policymakers, and practitioners to better understand and address AI cybersecurity threats and opportunities holistically. The rest of the paper is structured as outlined in Fig. 1.

Fig. 1
figure 1

Structure of the paper

The next section explores the background and literature survey in more depth, focusing on its relevance to the research aim of this paper.

2 Background and related works

Cyberattacks have become a persistent threat in the ever-changing landscape of digital interactions, dating back to the early days of interconnected computing systems [22, 23]. Over the decades, these attacks have evolved significantly, becoming more sophisticated and paralleling technological advancements [24–26]. The infusion of AI capabilities has been a pivotal moment in this evolution, enhancing the potency, scale, and accuracy of cyberattacks [2, 3, 20]. While existing scholarly inquiries have shed light on various aspects of AI-driven cyberattacks, there is still a significant gap in our understanding and classification of them, especially from inter- and multi-disciplinary perspectives [14, 27, 28]. In this section, we trace the history of cyberattacks and their evolution over time, examine how AI has been used to enhance cyberattacks, review existing research on AI-driven cyberattacks, and identify gaps in the current research that this paper aims to address.

2.1 The evolution of cyberattacks overtime

2.1.1 Origins of cyberattacks

In the early days of computer systems and networks, people were eager to explore the possibilities of this new technology [29]. This sometimes led to mischief on computer networks, as observed by Spafford [30]. This era also witnessed the proliferation of malicious software, such as viruses and worms [30]. The Morris Worm was a particularly notable example of this early form of cyberattack, demonstrating the potential for widespread damage and impact [31–33].

2.1.2 The 1990s—The birth of modern cybercrime

As the information revolution of the twenty-first century matured, the nature of hacking underwent a significant transformation [34, 35]. While initially dominated by hobbyists and enthusiasts, there was a discernible shift towards more organised and often malevolent activities, particularly with the emergence of criminal enterprises as central players in the cyber threat arena [36]. Concurrently, the spectrum of malicious software broadened [37, 37], with the introduction of Trojans and the early variants of [38, 39], highlighting the evolving sophistication and malicious intent behind cyberattacks [40].

2.1.3 The 2000s—When cybercrime became a business

The turn of the millennium marked a watershed moment in cybersecurity [41], with the rise of advanced persistent threats (APTs) and a surge in state-sponsored cyberattacks [42, 43]. Episodes such as Titan Rain exemplified this shift, showcasing the sophistication and coordination of these cyber-espionage campaigns [44, 45]. Further complicating the threat landscape, the emergence of the Zeus botnet highlighted the intricacies of organised cybercrime, revealing the elaborate structures and strategies used by malicious actors to achieve their objectives [24, 46].

2.1.4 2010s—The rise of sophisticated malware and ransomware

The next decade in cybersecurity saw the rise of highly targeted cyber operations using advanced malware, with Stuxnet as a prime example [43]. This intricate malware demonstrated the real potential for cyber-physical damage, exposing the vulnerabilities of industrial control systems to skilled adversaries [47, 48]. Simultaneously, ransomware campaigns like Petya and WannaCry shook the world [49]. These attacks not only disrupted countless systems but also highlighted the global threat posed by such malevolent software, emphasising the urgent need for robust cyber defences.

2.1.5 The 2020s—The cyber threat landscape expands exponentially

Recent cyber threats have exposed the nuanced vulnerabilities of our digital supply chains [50], as exemplified by the SolarWinds or Sunburst hack [51]. This incident revealed the multi-tiered intricacies of such attacks and the stealth and persistence with which adversaries can operate [52]. Furthermore, major breaches in recent years have served as grim reminders of the real-world consequences of cyberattacks. As analysed by [53], such attacks can disrupt critical services and infrastructure, necessitating a re-evaluation of cybersecurity paradigms to protect our increasingly interconnected ecosystems. A good demonstration of this is the May 2021 ransomware attack on Colonial Pipelines [54], a petroleum and oil pipeline company that originates in Houston, Texas, United States of America (USA), and carries gasoline and jet fuel mainly to the southeastern parts of that country [55]. According to the Cybersecurity and Infrastructure Security Agency (CISA) [56], a component of the USA Department of Homeland Security, a ransomware attack on Colonial Pipeline captured headlines around the world with pictures of snaking lines of cars at gas stations across the eastern seaboard and panicked Americans filling bags with fuel, fearful of not being able to get to work or get their kids to school. This was the moment when the vulnerability of our highly connected society became a reality and a kitchen table issue [56].

It is evident from the Colonial Pipeline ransomware attack, SolarWinds hack and other cyberattacks that the exponential expansion of our interconnected ecosystems has made it easier for attackers to find and exploit vulnerabilities [26, 55, 56]. Additionally, the rapid adoption of cloud services in the past decade has brought a paradigm shift, but not without new vulnerabilities [57]. Research studies such as those by Abdullayeva [58] have explored these emergent susceptibilities, proposing a new reference model for cybersecurity and resilience in cloud systems. Concurrently, the ubiquitous proliferation of Internet of Things (IoT) devices has further amplified the cyber threat matrix [59, 60]. As highlighted by Djenna et al. [61], such devices, while enhancing connectivity and automation, have also expanded the attack surface. Through their analysis of the Mirai botnet, Pan and Yamaguchi [62] also highlighted the challenges and vulnerabilities introduced by connected devices in the digital ecosystem.

2.2 AI's role in advancing cyberattack capabilities

2.2.1 Introduction to AI in cybersecurity

As we navigate the modern digital era, AI has emerged as a transformative tool, making significant inroads into various sectors, including healthcare, finance, supply chain, and agriculture. AI is a powerful tool that can be used for both defensive and offensive purposes in cybersecurity [6]. On the one hand, AI can be used by defenders to develop new and more effective ways to detect and prevent cyberattacks [63]. In other words, defenders are increasingly using AI tools to improve intrusion detection, anomaly identification, and other preventive measures, with the goal of proactively thwarting unauthorised access and malicious activities [60, 64]. On the other hand, AI can also be used by cyber criminals to develop new and more sophisticated attack vectors [65]. Thus, the growing symbiotic relationship between AI and cybersecurity, as explored by [2, 10, 26, 66]–[70], and many others, warrants closer scrutiny.

2.2.2 AI-driven cyberattacks

AI-driven cyberattacks are emerging as a major threat, as they are becoming more sophisticated and diverse [66]. At the time of writing this paper, it is not yet clear how this will affect the future of cyber crime and warfare. However, the potential for AI-driven cyberattacks has become a serious concern [28]. AI can provide a powerful toolkit for cyber adversaries [4], to enhance all types of conventional cyberattacks, including phishing, malware, password attacks, and even manipulation of AI models themselves [26, 67–69]. For example, AI techniques can be leveraged to create malware that can adapt to its environment, learn from its actions, and refine its methods to evade traditional detection mechanisms [7]. Polymorphic and metamorphic malware are stark examples of AI-enabled malware [71, 72]. These strains can self-alter their code to avoid signature-based detection and evolve in response to countermeasures, posing a significant challenge to cybersecurity defences [3, 72].

In addition, AI can make phishing attacks more effective [73], automate the generation of highly convincing fake websites and emails, making it more likely that people will fall for them. AI can also be used to create spear-phishing attacks, which are targeted at specific individuals or entities [20]. By analysing large datasets, attackers can customise their messages to the target’s personal or professional context, making them more likely to be successful [74]. AI is also making botnets more sophisticated by enabling them to launch more coordinated and targeted attacks, and with the possibility of unpredictable emergence and evolution [75]. Moreover, AI can make botnets more evasive, helping them circumvent traditional detection mechanisms more effectively [76]. These advancements highlight the changing dynamics of the cyber threats landscape [77, 78], where AI is becoming a force multiplier for both attackers and defenders [79]. These AI-driven cyber threats also pose a serious risk to privacy and security, and traditional cybersecurity mechanisms may not be able to keep up [74, 80–82]. Additionally, adversarial AI, which targets the vulnerabilities of AI models, is a distinct threat within the offensive AI umbrella [2, 10, 12, 70, 83].

AI-driven attacks can have a significant negative impact on society, including extended periods of systemic failures and downtime [84], disruption of emergency services potentially leading to loss of lives [21, 85], economic and financial losses [1, 86], social media manipulation potentially leading to political instability [80, 87], and the possibility of malicious botnets existing indefinitely, with unpredictable emergent characteristics and unlimited potential for evolution [75].

To combat AI-driven cyberattacks effectively, it is essential to understand the attack vectors, vulnerabilities, and motivations of the attackers. Various researchers have investigated this topic [7, 27, 49, 88, 89], revealing several common motivations that security professionals and organisations should be aware of. However, these motivations can vary depending on the threat actor and attack type [90]. For example, attackers may be motivated by financial gain, political or strategic goals, or the desire to cause harm [6, 89]. Understanding attacker motivations can also help incident response teams prioritise strategies, adapt response tactics, anticipate attack techniques, improve detection capabilities, and develop security countermeasures. This empowers response teams and professionals to mitigate the immediate impact of an attack and minimise future incidents [6, 27]. This growing complexity and diversification of AI-driven cyberattacks necessitate a thorough exploration to inform our understanding and response strategies.

2.3 Limitations of existing research on AI-driven cyberattacks

Most research on AI-driven cyberattacks focuses on their technical engineering aspects. This gap points to the need for a more holistic approach to studying AI’s malicious potential and societal impact, particularly in the context of understanding the current state of AI-driven cyberattacks, their motivations, mitigation strategies, and societal impact. Table 2 provides an overview of the authors, their paper’s main themes, and the gaps we identified in relation to our paper's research aim.

Table 2 Literature gaps related to AI-driven cyberattacks

With reference to Table 2, researchers like Mirsky et al. [4] explored the risks of AI-powered cyberattacks against organisations. The study showed how AI technologies can be used throughout the cyber kill chain to intensify attack capabilities. It also detailed 32 specific offensive AI capabilities, such as automation, campaign resilience, credential theft, exploit development, information gathering, social engineering, and stealth. The study included a threat ranking based on a survey of experts from academia, industry, and government. This provides actionable insights into how offensive AI impacts organisations. The study also forecasted future AI-driven threats, laying the groundwork for understanding emerging shifts in cyberattack strategies. While Mirsky et al. [4] provide a comprehensive analysis of the technical aspects and immediate organisational impact of AI-driven cyberattacks, their study lacks the motivations and broader societal impact of these attacks. Their work does not explore deeper the reasons why threat actors use AI, or the implications of these attacks on, for example, public policy and social behaviour.

Guembe et al. [3] explored the evolving landscape of AI-driven cyberattacks, examining how cybercriminals are leveraging AI technologies to enhance their offensive capabilities. The study reviewed existing literature and finds that most AI-driven techniques are used in the access and penetration stages of the modified cybersecurity kill chain. The authors also found that traditional cybersecurity measures are increasingly ineffective against AI-driven attacks due to their speed, complex decision-making, and multi-variant nature. The study concluded by calling for a re-evaluation and update of cybersecurity strategies, advocating for the adoption of AI-based countermeasures and investments in advanced, trustworthy AI frameworks. The research of Guembe et al. [3] focuses mainly on the technological aspects and offensive technical capabilities of AI-driven cyberattacks. However, there is a need for research that explores the broader societal, economic, and psychological dimensions of these attacks, as well as mitigation strategies beyond technical countermeasures.

Yamin et al. [14] explored a variety of AI-based attack scenarios, detailing the technical frameworks that enable these threats and potential countermeasures. They highlighted the complex landscape of AI development, noting that many AI researchers work in silos focused on their specialised fields, often neglecting broader social implications. The authors suggest that controlling the weaponisation of AI will require international compromises, advocating for checks and balances that prioritise global stability over national interests or political manoeuvring. The authors also express the difficulty of securing a global consensus for the ethical and secure development of AI, especially in the context of an ongoing arms race. While Yamin et al. [14] provide a comprehensive overview of technical aspects and call for international regulations, they do not extensively delve into the motivations behind AI-driven cyberattacks nor the societal impacts of these attacks.

Bout et al. [15] conducted a literature review on ML methods applied to attacks on IoT networks. They found that ML algorithms enhance existing attacks, enable new attacks, and open up new attack vectors. They also noted that ML-driven attacks could be further refined to reduce detection probability, but that datasets for developing such attacks are scarce. Their study aims to identify new vulnerabilities in order to pre-emptively bolster countermeasures, and it serves as a resource for those interested in developing solutions to thwart increasingly sophisticated ML-powered attacks in IoT environments. While Bout et al. [15] provide a comprehensive examination of ML methods used in attacks on IoT networks, their focus remains largely on the technological aspects, especially in the IoT context. Their work does not delve into the motivations behind these AI-driven cyberattacks, their broader societal impact, or the variety of mitigation strategies beyond technological countermeasures. This leaves a gap in understanding the multidimensional influences and consequences of AI-driven cyberattacks.

Oreyomi and Jahankhani [5] evaluated the challenges and opportunities of using AI and ML as decision tools for combating cyberattacks. They proposed a framework for autonomous cyber defence to tackle what they term autonomous intelligent malware. Their research highlighted the need for a standardised framework for countering automatically generated cyber threats, as well as the importance of organisational and user training in ensuring data security. They also raised concerns around the ethical and societal aspects of AI-based automated decision-making, particularly regarding algorithmic bias and the potential for AI systems to act independently of human control. The authors advocate for a combination of AI and human interaction for effective cyber defence. One gap evident in Oreyomi and Jahankhani [5] work is the limited exploration of the motivations behind AI-driven cyberattacks. Additionally, their focus is primarily on defensive strategies and ethical considerations, leaving a potential research void in the comprehensive understanding of the societal impact of AI-driven cyber threats.

Chakraborty et al. [28] examined the capabilities of AI in identifying and mitigating cyber threats in real-time. They found that AI, particularly ML algorithms, can rapidly analyse data and help human analysts focus on more nuanced aspects of cybersecurity. However, they also noted that AI cannot fully replace human expertise. In other words, AI is an assistive tool to human experts rather than a comprehensive solution to cybersecurity challenges. There is, however, very limited exploration of the societal and ethical implications of AI-driven cyberattacks and their mitigation strategies in Chakraborty et al. [28] work.

AL-Dosari et al. [6] investigated the role and challenges of AI in enhancing cybersecurity in Qatar's banking industry. They found that AI is essential for addressing web-based attacks, distributed denial-of-service (DDoS) attacks, know-your-customer checks, and fraud. However, they also identified several challenges, including:

  • operational challenges: a lack of skilled workers and compatibility with legacy systems.

  • AI as a weapon: AI can also be used to launch cyberattacks.

  • vulnerabilities in AI tools: existing AI tools have vulnerabilities that could be exploited.

  • lack of guidelines: there is a lack of comprehensive guidelines for secure AI implementation.

The authors concluded that more research is needed to explore these challenges in detail to inform policymaking. One potential gap in AL-Dosari et al. [6] research relevant to the aim of this paper is the lack of mitigation strategies for AI-driven cyberattacks, particularly those that address both the technical, societal, and ethical considerations. Another gap is in the area of motivations behind AI-driven cyberattacks, which appears to be less studied than the technical aspects.

Rosenberg et al. [13] provided a comprehensive review of the latest research on adversarial attacks on ML systems in cybersecurity. They characterised various adversarial attack methods based on their timing, the attacker's objectives, and capabilities. They also categorised how these adversarial methods are applied in defence and attack scenarios in cybersecurity. One notable contribution of the paper is its discussion of the unique challenges faced in implementing end-to-end adversarial attacks in cybersecurity. The authors concluded by proposing a unified taxonomy, while claiming to be the first to comprehensively address these challenges through their framework. While Rosenberg et al. [13] provided a taxonomy of adversarial attacks and defences in cybersecurity, they did not explore the broader motivations behind AI-driven cyberattacks or their societal impact. Additionally, their work did not examine the evolving dynamics of mitigation strategies in a real-world context. Our paper aims to fill these gaps by providing an integrated analysis that considers the motivations, societal consequences, and evolving nature of AI-driven cyberattacks and countermeasures.

Mahmud [91] investigated the dual-edged role of AI in business and firm management. AI can be used to augment performance and efficiency, but it can also be used to facilitate or inadvertently cause criminal activities, particularly in e-commerce and market manipulation. The paper addressed the lack of strong legislative frameworks for managing these AI-driven crimes and concluded by offering recommendations to tackle the regulatory challenges associated with they term ‘AI-Crime’ in business settings. While Mahmud [91] explored the criminal implications of AI in business contexts, they did not examine the motivations behind AI-driven cyberattacks, their societal ramifications, and the effectiveness of current mitigation strategies.

Mehtab and Mahmud [93] explored the multifaceted role of AI in the education sector, highlighting its positive and negative impacts. While acknowledging the benefits of AI in education, such as improved instructional quality and customised syllabi, the authors also raise concerns about the dark side of AI in fuelling cybercrimes against educational platforms. These crimes include hacks of distance learning systems, ransom attacks on school districts, and phishing scams targeting learners. They argue that the “new normal” of online education poses unique vulnerabilities, exacerbated by AI-driven cyberattacks that can profile and target victims at an unprecedented scale. The authors call for adaptive, robust regulations to both punish and prevent AI-driven crimes, underlining the pressing need for legal frameworks that can keep pace with the evolving landscape of AI technologies. While Mehtab and Mahmud [93] discussed the vulnerabilities and cybercrimes against educational platforms, their focus was largely on regulatory measures, rather than understanding the motivations behind such attacks or their broader societal impact.

Mathew [92] explored the dual role of AI in the rapidly evolving digital business and e-commerce landscape. The author argues that while AI techniques can significantly enhance cybersecurity measures by enabling automated and robust threat detection, they can also potentiate cybercriminal activities by providing advanced means for complex attacks. The study highlights the need for companies to balance their cybersecurity frameworks with the emerging risks, especially as ML becomes increasingly integral to both offense and defence in cybersecurity. There is, however, a notable gap in Mathew’s [92] study to understand the motivations behind AI-driven cyberattacks and their broader societal impact.

Fazelnia et al. [64] focused on the vulnerabilities in software systems that incorporate AI and ML. Recognising the growing appeal of these technologies to malicious actors, the paper proposed a framework for characterising attacks and weaknesses specific to AI-enabled systems. The framework also outlines mitigation techniques and defence strategies, aiming to guide software designers in developing resilient AI-enabled applications. The paper addresses both offensive and defensive aspects, providing a valuable toolset for understanding the attack surface and vulnerabilities in AI-enabled systems. While Fazelnia et al. [64] provide a framework to identify and reduce the vulnerabilities of AI-enabled systems, they do not explore the reasons or the effects of AI-driven cyberattacks on society. This creates a research gap about the incentives and the implications of these attacks.

Velasco [94] evaluated the applicability of existing international legal frameworks for combating cybercrime in the context of AI technologies. The paper also analysed ongoing policy initiatives from international organisations and considered the implications of AI policy making on the criminal justice system. In addition, the paper focused on current trends, such as the use of deepfakes, and proposed alternative strategies for creating effective policies to counter AI-enabled cybercrime. While Velasco [94] and Fazelnia et al. [64] focused on legal frameworks or technological vulnerabilities, respectively, there is a lack of comprehensive research that links these facets together, along with motivations and societal impact, within the rapidly evolving context of AI-driven cyberattacks and their countermeasures.

Choraś and Woźniak [10] explored the ethical implications of using AI in cybersecurity. They introduced the concept of "ethical adversarial attacks" (EAA), in which cybersecurity experts use adversarial methods to counter malicious AI algorithms and systems. The paper debates the ethics and legality of such practices, arguing that when used within regulatory frameworks, EAA could be a valuable tool for combating AI-driven cybercrime. While Choraś and Woźniak [10] provided valuable insights into the ethics of adversarial attacks against malicious AI algorithms, there is still a need to understand how these ethical considerations interact with the evolving landscape of AI-driven cyberattacks and their societal implications. Specifically, their work does not address the broader temporal dynamics of these attacks, the motivations behind them, or the societal impacts of using ethical adversarial attacks.

Blauth et al. [27] provided a comprehensive review and classification of the malicious use and abuse of AI systems in various sectors. They focused on a range of potential harms, including physical, psychological, political, and economic, and identified key vulnerabilities in AI models and various forms of AI-enabled and AI-enhanced attacks. These attacks range from integrity attacks and unintended AI outcomes to more specialised attacks like algorithmic trading and membership inference attacks. The authors proposed a taxonomy of these attacks and called for collaborative efforts among stakeholders to develop governance strategies and technical measures to enhance preparedness and resilience against these threats. However, they also acknowledge that their classification scheme may not be exhaustive and suggest further empirical study for validation. While Blauth et al. [27] provide a comprehensive taxonomy of AI-enabled and AI-enhanced attacks and vulnerabilities, their focus is largely on classification and governance strategies rather than motivations behind these attacks or their societal impact.

Yadav [95] explored the dual role of AI in cybersecurity and cybercrime, highlighting the challenges cybersecurity providers face in pre-empting vulnerabilities before malicious actors exploit them. The paper underscores the transformative impact of AI on cyber laws and legal systems, while also acknowledging its limitations. It explored the use of AI in daily life as well as its darker applications in criminal activities, such as data breaches and system exploitations. Overall, the paper provides a comprehensive overview of the evolving landscape of AI in the context of cybercrimes and legal frameworks. However, the paper lacks a deep exploration of the motivations behind AI-driven cyberattacks or their societal impact.

In their paper, Sen et al. [16] urge Management Information Systems (MIS) scholars to play a more significant role in applying AI and ML to cybersecurity challenges. The paper provided a comprehensive overview of current AI applications in cybersecurity, including malware identification, intrusion detection, and cybercrime prevention. It highlighted existing challenges, such as the lack of high-quality data for training ML models and the potential for AI/ML exploits. One notable gap in the work of Sen et al. [16] is the lack of discussion on the motivations behind AI-driven cyberattacks and their societal impact. While the authors delved into the technical aspects of the problem, they did not address the psychological or social dimensions that are relevant to our paper's aim.

The research studies discussed above have investigated many aspects of AI and its role in cybersecurity, including its potential benefits and risks. They have explored technical aspects, legislative frameworks, and even ethical considerations. However, there is a significant gap in our understanding of the motivations behind AI-driven cyberattacks and their broader societal impact. Moreover, existing studies often focus on either technical or legal aspects, leaving out the other complex layers. This gap in the literature motivated this study, which aimed to provide a multi-dimensional approach that integrates technical, societal, and psychological considerations. In the next section, we will outline our research method, which is designed to explore the motivations behind AI-driven cyberattacks, their societal impact, and the effectiveness of existing mitigation strategies.

3 Methods

3.1 Study approach

Most research on AI-driven cyberattacks focuses on their technical engineering aspects. This To understand the current state of AI-driven cyberattacks, their motivations, mitigation strategies, and societal impact, we conducted a SLR of AI in cybersecurity publications. An SLR is a valid research method for evaluating the state of knowledge on a particular topic, creating research agendas, identifying gaps in research, or simply discussing a particular matter [96]. We searched Scopus, Web of Science (WoS), and Google Scholar for journal articles, review papers, and conference papers published between 2021 and 2023. Our search string was “AI OR artificial intelligence AND cyberattacks OR cyber-attacks OR cybercrime OR cyber-crime.” We conducted the SLR search in February 2023, and Table 3 summarises the search.

Table 3 SLR process of the study

We screened all 397 titles in the Scopus database and found that over half of the AI in cybersecurity-related papers were about AI-driven intrusion detection, rather than AI-driven cyberattacks and/or cybercrime. We excluded two papers because they were not accessible in the Scopus database, either because they could not be found through the full text finder/view, or because we did not have subscription permissions through our research institutions. We excluded 357 papers and included 40 for further screening in the Scopus database. Similarly, most of the papers excluded after screening 1964 entries in the WoS database were about the application of AI in fields such as the medical sciences (medical AI or healthcare AI), human resources (HR) management (HR AI), ethics (ethical AI), finance (financial AI), education (educational AI), and other areas not directly related to AI-driven cyberattacks and/or cybercrime. We excluded 1942 papers and included 22 for further screening in the WoS database.

Because Google Scholar can find 93% of the citations found by WoS and 89% of the citations found by Scopus [97], we queried the Google Scholar database for ‘any type’ of article by using the following search strings in the advanced search window: with all of the words = “ai driven”; with the exact phrase = “cyber attack”, on second iteration with the exact phrase = “cyber attack” and on the third and last iteration with the exact phrase = “ai-driven cybercrime”; return articles dated between = “2021–2023”. This returned 14,400 entries for ‘ai driven cyber attack’), 9,340 for ‘ai driven cyberattack’ and 11,200 for ‘ai-driven cybercrime’ on February 15, 2023, all sorted by relevance. Like Scopus and WoS, most AI in cybersecurity-related papers in Google Scholar were about AI-driven intrusion detection than AI-driven cyberattacks and/or cybercrime. The Google Scholar search entry titles were then screened for relevance. Because the search entries are sorted by relevance, the screening process stopped when the titles ceased being relevant to the aim of the paper. In other words, not all 14,400, 11,200 and 9,340 entries were screened. After the Google Scholar screening, a total of 22 papers were included for the next screening process, which was abstract relevance.

Before the abstract screening process, duplicates were tested through Zotero from all three databases. It was found that there were a number of duplicate papers which were subsequently removed. This resulted in a total of 73 papers shortlisted for abstract screening and content scanning from both Scopus, WoS, and Google Scholar.

Google Scholar can find 93% of the citations found by WoS and 89% of the citations found by Scopus [97]. Therefore, we queried the Google Scholar database for 'any type' of article by using the following search strings in the advanced search window:

  • with all of the words = ”ai driven”

  • with the exact phrase = ”cyber attack”

  • with the exact phrase = ”ai-driven cybercrime”

We restricted the results to articles published between 2021 and 2023. This returned 14,400 entries for ‘ai driven cyber attack’, 9,340 for ‘ai driven cyberattack', and 11,200 for 'ai-driven cybercrime' on February 15, 2023, all sorted by relevance. Like Scopus and WoS, most AI in cybersecurity-related papers in Google Scholar were about AI-driven intrusion detection rather than AI-driven cyberattacks and/or cybercrime. We screened the Google Scholar search entry titles for relevance. We stopped screening when the titles ceased being relevant to the aim of the paper. In other words, we did not screen all 14,400, 11,200, and 9,340 entries. After the Google Scholar screening, we included a total of 22 papers for the next screening process, which was abstract relevance. Before the abstract screening process, we used Zotero to check for duplicates from all three databases. We found a number of duplicate papers, which we removed. This resulted in a total of 73 papers shortlisted for abstract screening and content scanning from both Scopus, WoS, and Google Scholar.

After abstract screening and content scanning, we excluded 55 papers from full review for various reasons. Some papers were not written in English, although the abstract was, which allowed them to pass through the “language = English” filter. We also excluded papers that were only abstracts with no content and papers that we could not access due to subscription restrictions. Therefore, using a SLR approach across multiple databases, we have curated a collection of 18 papers for our final review. These papers provide a comprehensive lens through which to understand the state of the field in AI-driven cyberattacks, including key issues such as motivations, mitigation strategies, and societal impacts. It is important to note that our study was paused from February 2023 to October 2023, so it is possible that relevant papers were published during this time.

3.2 Data collection

We used content analysis to extract data on the following four predefined themes:

  • types of AI-driven cyberattacks

  • motivations behind AI-driven cyberattacks

  • mitigation strategies against AI-driven cyberattacks

  • societal impact of AI-driven cyberattacks

This is because content analysis is a versatile research method for systematically interpreting textual or visual data. It is used in a wide range of disciplines, including the social sciences, media studies, and health research [98]. Content analysis thus allowed us to convert unstructured information into themed and structured raw data [99].

3.3 Data analysis

We used ChatGPT to categorise and classify the thematically extracted raw data (see Tables 4–8) according to the MITRE ATT&CK Framework. The MITRE ATT&CK Framework is a comprehensive and detailed knowledge base of adversary tactics and techniques used in real-world attacks [100]. It describes the actions that an attacker may take while operating within a network [101]. It is thus a valuable tool for organisations to understand and defend against cyberattacks [100, 101]. The MITRE ATT&CK Framework consists of the following stages and are contrasted against the cyber kill chain [102, 103], in Table 4:

Table 4 MITRE ATT&CK Framework alongside the cyber kill chain

These stages are not necessarily sequential, and attackers may skip or repeat stages depending on their objectives and the victim's environment [100]. By understanding the different stages of an attack, organisations can develop more effective security controls and detection mechanisms [100–103]. The MITRE ATT&CK Framework was used to interpret the themes in light of the literature surveyed in Sect. 2 of this paper. A detailed discussion of these interpretations is presented in Sect. 5. The first ChatGPT prompt was to analyse the raw textual data on AI-driven cyberattacks:

“We will provide you with thematically extracted textual data of AI-driven cyberattacks, including both offensive AI and adversarial AI attacks, for your analysis. Offensive AI attacks proactively target systems, networks, or data. Examples include autonomous malware deployment and AI-assisted phishing. Adversarial AI attacks are designed to deceive or exploit AI and machine learning systems. Examples include data poisoning and model evasion attacks. Your task is to identify patterns or recurring themes in this dataset, and to group them according to the MITRE ATT&CK Framework stages. The MITRE ATT&CK Framework consists of the following stages [list the stages and their descriptions here]. Adhere strictly to the provided dataset and refrain from responding until instructed.”

The second ChatGPT prompt involved analysing the raw textual data on mitigation strategies for AI-driven cyberattacks:

“We will provide you with thematically extracted textual data of mitigation strategies for AI-driven cyberattacks. Your task is to identify patterns or recurring themes in this dataset, and to group them into a comprehensive classification schema. Adhere strictly to the provided dataset and refrain from responding until instructed.”

The third ChatGPT prompt involved analysing the raw textual data on motivations behind AI-driven cyberattacks:

“We will provide you with thematically extracted textual data of motivations behind AI-driven cyberattacks. Your task is to identify patterns or recurring themes in this dataset, and to group them into a comprehensive classification schema. Adhere strictly to the provided dataset and refrain from responding until instructed.”

The last ChatGPT prompt involved analysing the raw textual data on potential societal impact of AI-driven cyberattacks:

“We will provide you with thematically extracted textual data of the potential societal impact of AI-driven cyberattacks. Your task is to identify patterns or recurring themes in this dataset, and to group them into a comprehensive classification schema. Adhere strictly to the provided dataset and refrain from responding until instructed.”

In the next section, we present our SLR findings to understand the current state of AI-driven cyberattacks, their motivations, mitigation strategies, and societal impact.

4 Review findings

In this section we aimed to present a nuanced understanding of the current landscape of AI-driven cyberattacks, including the motivations behind such attacks, the mitigation strategies available, and the broader societal implications. Through an in-depth analysis of 18 rigorously selected papers, we answered the five research questions of the paper.

4.1 Types of AI-driven cyberattacks

The paper's first research objective was to identify the different ways in which AI can be used to launch cyberattacks. The offensive AI (deploys AI techniques to attack computer systems and networks) and adversarial AI (maliciously exploits and/or attacks AI/ML systems and data) findings are presented in Table 5 and 6, respectively.

Table 5 Types of offensive AI cyberattacks
Table 6 Types of adversarial AI cyberattacks

Having outlined the landscape of both offensive AI and its specialised subset, adversarial AI, we now discuss the countermeasures and mitigation strategies that can be deployed to defend against these advanced threats. The subsequent section provides an in-depth analysis of various approaches to fortifying cyber defences against the onslaught of AI-driven cyberattacks.

4.2 Mitigation of AI-driven cyberattacks

The second research objective of this paper was to identify the strategies and techniques that can be utilised to mitigate AI-driven cyberattacks. The SLR revealed a growing body of research on defensive AI against AI-driven cyberattacks. In this section, we synthesised these findings, providing a comprehensive overview of the state-of-the-art approaches to safeguarding against the vulnerabilities introduced by offensive and adversarial AI. Table 7 summarises the strategies and techniques to combat AI-driven cybercrimes.

Table 7 Defensive AI strategies to combat offensive and adversarial AI

After outlining the various defensive AI strategies and techniques to mitigate the risks of AI-driven cyberattacks, it is equally important to explore the motivations behind these sophisticated attacks. Understanding the underlying motivations not only enhances our understanding of the threat landscape but also equips us to proactively address vulnerabilities before they can be exploited.

4.3 Motivation behind AI-driven cyberattacks

The third research objective of this paper was to establish the motivations of AI-empowered cyber attackers. Having outlined various strategies and techniques to mitigate the impact of AI-driven cyberattacks, it is now imperative to understand the motivations behind these sophisticated threats. The motivation behind AI-driven cyberattacks is an active area of research, and different studies have explored and investigated in this area [4, 16, 104, 105]. This section synthesised the findings of our SLR to outline the key driving forces behind such attacks. Leveraging extracted data from 11 of the 18 reviewed papers, we outline the key factors that motivate cyber attackers and reasons behind these attacks. Table 8 summarises the motivations of AI-empowered cyber attackers.

Table 8 Motivations of AI-empowered cyber attackers

After exploring the motivations behind AI-driven cyberattacks, we recognise the need to understand their potential impact on societal structures and individual lives. As we have identified the motivations, it is imperative to analyse their broader ramifications, which extend beyond the immediate targets of the attacks to affect society at large. The next section delves into these complexities, discussing the potential societal impacts of AI-driven cyberattacks as identified through our SLR.

4.4 Societal impact of AI-driven cyberattacks

The fourth research objective of this paper was to determine the potential societal impacts of AI-driven cyberattacks. Leveraging extracted data from the 18 reviewed papers, we outline the diverse ways in which these cyberattacks can devastate individuals and societal structures and systems. Table 9 summarises the potential societal impacts of AI-driven cyberattacks identified in our SLR.

Table 9 Societal impact of AI-driven cyberattacks

After presenting the study findings of the various types of AI-driven cyberattacks in Table 5 and 6, mitigation strategies in Table 7, motivations in Table 8, and societal impacts in Table 9, we now adopt a more interpretive lens. The following section synthesises these multifaceted findings, offering a cohesive understanding that discusses the implications of our SLR results to theory and practice. By doing so, we pave the way for a more comprehensive and actionable understanding of the intricate dynamics of AI in cybersecurity.

5 Discussions of the findings

In the previous sections, we systematically analysed the evolving landscape of AI-driven cyberattacks, covering their types, current trends in defensive AI mitigation strategies, motivations, and societal impacts. In this section we delve deeper into the implications of these findings. We synthesise the emergent themes to highlight their theoretical and practical significance. We critically engage with the collective insights to assess their bearing on current cybersecurity frameworks, ethical considerations, and policy directives. Additionally, we identify gaps in the existing body of knowledge, thereby highlighting compelling avenues for future research. Through this integrative discourse, we aim to contribute a nuanced understanding of the complex interplay between AI and cybersecurity, with the intent of informing better decision-making in both academic and applied contexts.

5.1 Implications of AI-driven cyberattacks

The first research objective of the study was to identify the different ways in which AI can be used to launch cyberattacks. In this section, we used ChatGPT to identify patterns and recurring themes in the Table 5 and 6 datasets and to group them according to the MITRE ATT&CK Framework stages. This grouping is shown in Fig. 2.

Fig. 2
figure 2

A schema of offensive AI attacks

Before discussing the analysed offensive AI data in Fig. 2, let's take note of the following:

  • The MITRE ATT&CK Framework stages in Fig. 3 are not necessarily sequential and attackers may skip or repeat stages of an attack, depending on their objectives and the victim's environment.

  • Some attack types can be categorised in multiple stages of the MITRE ATT&CK Framework, and their classification may vary depending on the context. For example, password stealing and password guessing can serve different roles in the cyberattack lifecycle. Attackers can use password stealing and password guessing to breach the initial security perimeter (initial access) or to elevate their privileges within an already compromised environment (privilege escalation). It is therefore important to consider the broader context of the offensive AI attacks when categorising them within the MITRE ATT&CK Framework.

  • None of the offensive AI attack types in the dataset in Table 5 could be classified under the lateral movement stage of the MITRE ATT&CK Framework.

Fig. 3
figure 3

A schema of adversarial AI attacks

The implications of the findings reflected in Fig. 2 are that AI-driven cyberattacks are becoming increasingly sophisticated and diverse [66], posing a serious challenge to defenders [106]. Attackers are using AI to automate and enhance all stages of the attack lifecycle, from initial access to evasion and impact [26, 69]. They are also exploiting a wide range of attack vectors, including phishing, malware deployment, password attacks, and AI model manipulation [67, 68]. This underscores the need for robust defences that can adapt to evolving attack techniques [23]. Defenders must therefore be aware of the latest AI-driven attack vectors and develop strategies to mitigate them [74]. Furthermore, the results show that offensive AI attacks pose a significant threat to privacy and security [11, 107]. This can further lead to data breaches, identity theft, and even manipulation of public opinion [80, 82]. The potential impact on individuals, organisations and societies is immense [74, 81].

Traditional cybersecurity measures may not be enough to defend against offensive AI attacks [26, 60, 108]. Therefore, there is a growing need for holistic defence strategies that combine traditional security practices with AI-driven threat detection and response capabilities [2, 50, 109]. Lastly, the “automated drones for criminal activity" attack type as mentioned in Table 5 does not seem to fit within the MITRE ATT&CK Framework's established categories. The MITRE ATT&CK Framework primarily focuses on cyberattack techniques and tactics within the digital realm [100, 101], and the use of physical drones for criminal activities may not align directly with this framework is thus missing in Fig. 2.

On the other hand, Adversarial AI attacks demonstrate that AI-powered systems have inherent vulnerabilities that must be addressed [83]. Adversarial AI and offensive AI are two types of cyber exploits that target computer systems and networks [12, 70]. As mentioned in the introduction section, offensive AI generally exploits vulnerabilities in all computer systems and networks, while adversarial AI manipulates and/or abuses, misuses, fools or misleads specifically AI models [2, 10, 70]. In this paper, adversarial AI attacks are a subcategory of offensive AI, but they are discussed separately because they are a unique and growing threat as categorised using the MITRE ATT&CK Framework in Fig. 3.

Like in the offensive AI scenario, before discussing the analysed adversarial AI data in Fig. 3, let’s take note of the following:

  • As in Fig. 2, The MITRE ATT&CK Framework stages in Fig. 3 are not necessarily sequential and attackers may skip or repeat stages of an attack, depending on their objectives and the victim’s environment.

  • Some attack types can be categorised in multiple stages of the MITRE ATT&CK Framework, and their classification may vary depending on the context.

  • Some attack types can fall into both the offensive and adversarial AI categories, depending on their objectives and methods. For example, data poisoning attacks can be considered offensive AI when they are used to gain access or manipulate systems and data, but adversarial AI when their primary purpose is to deceive or exploit AI systems themselves. The categorisation depends on the attacker's intent and the specific context of the attack.

  • None of the adversarial AI attack types in the dataset in Table 6 could be classified under the lateral movement, command and control, exfiltration, and impact stages of the MITRE ATT&CK Framework.

The analysis of adversarial AI cyberattacks in Fig. 3 has several implications for both theory and practical cybersecurity considerations. Adversarial AI is a growing and sophisticated threat landscape [71]. Attackers are using AI techniques to manipulate AI/ML systems, for example, trading/stock market manipulation, which can have serious consequences [27, 107]. This underscores the vulnerabilities inherent in AI systems, even advanced AI models. Robust security measures are therefore essential to mitigate the adversarial AI threat. As shown in Fig. 3 and previously in Table 6, adversarial AI attacks encompass a wide range of vectors, including data poisoning, evasion, model extraction, and property inference. This diversity makes it difficult to defend against such attacks comprehensively [5, 13, 64]. Like offensive AI, adversarial AI can also lead to privacy breaches and data security issues [70, 110]. For example, attackers can extract sensitive information or manipulate AI systems to gain unauthorised access to personal data [111, 112]. Ethical considerations in AI security are therefore essential, as adversarial AI raises questions about the responsible use of AI and the potential for misuse in various domains, such as surveillance and data manipulation [10, 113, 114].

Offensive AI and adversarial AI have several practical implications. Firstly, organisations should invest in AI-powered threat detection systems that can identify and respond to AI-driven attacks effectively [82, 115, 116]. This includes using ML algorithms to detect anomalous behaviour indicative of cyber threats, adversarial training, and model robustness checks [117]; [117–120]. Secondly, given the prevalence of phishing and social engineering attacks in the offensive AI dataset (see Table 5) and Fig. 2, Akinbowale et al. [1] and Tao et al. [104] emphasise that user training and awareness programs are crucial. The user training and awareness programs about the risks associated with these attacks and how to identify them can significantly reduce the attack surface. Thirdly, developers of AI models need to implement security best practices, including rigorous testing for vulnerabilities and adversarial attacks during the model development process ([10, 64, 119]. This includes threat modelling, vulnerability assessments, and secure coding practices specific to AI systems [121–123].

Fourthly, as AI-driven attacks can result in data breaches, organisations must ensure compliance with data protection regulations such as the Protection of Personal Information (POPI) Act in South Africa [124], the General Data Protection Regulation (GDPR) in the European Union (EU) [125], and the Health Insurance Portability and Accountability Act (HIPAA) specific to personally identifiable health information in the USA [126] to mitigate potential legal and financial repercussions. Moreover, organisations should focus on data validation, encryption, and access control to prevent data poisoning and unauthorised access of the AI/ML models [127, 128]. Lastly, policymakers and regulatory bodies should consider AI-specific security standards and regulations to ensure responsible AI development and deployment [129–132]. More on the mitigation strategies for AI-driven cyberattacks in Sect. 5.2.

By observing both Fig. 2 and Fig. 3, it is evident that the boundaries between offensive and adversarial AI attacks can sometimes blur, as some attacks can fall into both categories, depending on their objectives and methods. For example, ‘misinformation bots’ can spread fake news, d/misinformation or propaganda to attack the information space. This is a form of offense because the bots target people to change their opinions or cause harm. However, these bots can also be considered adversarial because they aim to deceive ML algorithms, such as sentiment analysis tools or fake news detectors, thereby undermining their effectiveness. Another example is AI capabilities for circumventing mobile security systems, or basically ‘evasion attacks’. These attacks are offensive because they target mobile systems, but they are also adversarial because they exploit vulnerabilities in AI-based security measures.

Several areas of future research exist for both offensive AI and adversarial AI:

  • adversarial AI defence: Developing effective defences against adversarial AI attacks is a pressing research area. This may include methods for identifying and mitigating model manipulation, misclassification, and poisoning attacks.

  • AI ethics: Exploring the ethical implications of offensive AI attacks, particularly in the context of AI-driven misinformation and public opinion manipulation, is important. This research can guide the development of ethical AI practices.

  • AI-enabled cyber threat intelligence: Leveraging AI for proactive threat intelligence, such as predicting AI-driven attack trends, can enhance cybersecurity preparedness.

  • behavioural analysis: Research on behavioural analysis of AI-driven attacks can lead to more accurate threat detection systems that can identify subtle deviations from normal behaviour.

  • human-AI collaboration: Investigating the potential for HAIC in cybersecurity, where AI assists analysts in identifying and responding to AI-driven threats, is an emerging area.

  • AI security education: Promoting AI security education and awareness is crucial. Research can focus on effective ways to educate AI practitioners and organisations about the risks and mitigation strategies related to offensive AI and adversarial AI attacks.

Having discussed the implications of offensive AI and adversarial AI, let's explore how these findings inform the development of mitigation strategies for AI-driven cyberattacks.

5.2 Trends in defensive AI mitigation strategies

The second research objective of the study was to explore the trends in mitigation strategies for AI-driven cyberattacks, as presented earlier in Table 7. In this section, we used ChatGPT to identify patterns and recurring themes in the Table 7 dataset and to group them accordingly. The themes that emerged from ChatGPT were validated through existing literature. Figure 4 provides an overview of current research trends on mitigation strategies for AI-driven cyberattacks.

Fig. 4
figure 4

A schema of defensive AI strategies

The size of the blocks in Fig. 4 shows that the technological dimension has the most mitigation strategies for AI-driven cyberattacks, compared to the non-technical dimensions. The classification of mitigation strategies for AI-driven cyberattacks in the proposed schema in Fig. 4 reveals several key theoretical implications. First, the schema provides a holistic understanding of the complex cybersecurity landscape [133], integrating a wide range of strategies that might otherwise appear disparate. This holistic approach facilitates more robust and coherent theory-building, effectively encapsulating technological, social (human), and regulatory considerations [134, 135]. Second, the inclusion of HAIC and education as distinct categories highlights the emergence of new theoretical paradigms. Specifically, it emphasises the need to explore the symbiotic relationship between human decision-making and AI functionalities [136]. This suggests an emphasis towards an integrated cybersecurity approach that champions both technological and human elements, expanding the theoretical scope of cybersecurity research. Finally, the prominence of regulatory and ethical guidelines [129–131] in the schema heralds a critical theoretical advancement. It posits that focusing solely on technological solutions is reductionist and fails to capture the multi-dimensional nature of cybersecurity. Instead, the schema advocates for a socio-technical approach [137] that encompasses legal and ethical considerations alongside technological solutions, offering a more nuanced and comprehensive theoretical lens for mitigating AI-driven cyberattacks.

In addition, the proposed classification schema in Fig. 4 has several practical implications, extending beyond theoretical considerations to actionable strategies for organisations. First, informed resource allocation decisions [138] can be facilitated by the schema. By identifying and categorising the myriad of available strategies, organisations can more judiciously allocate resources to technological solutions, human resource development, or legislative lobbying. Second, the schema's organised structure serves as a strategic roadmap [139], enabling stakeholders to prioritise cybersecurity focus areas. Whether the emphasis is on fostering international collaborations [14] or developing computational methods, the schema provides a structured approach to making more coherent and aligned strategic decisions.

Third, the schema shows that a holistic approach to cybersecurity is essential, engaging not only technical professionals but also a broader interdisciplinary team of legal advisors, ethical committees, and international partners [2, 50, 109]. This approach is reflected in recent legislation and initiatives, such as the USA's Algorithmic Accountability Act of 2019, the EU’s Artificial Intelligence Act, the IEEE's AI/Autonomous Systems initiative, and Africa’s initiatives as asserted by the Centre for Intellectual Property and Information Technology (CIPIT) law [14, 140–143]. For example, the USA's Algorithmic Accountability Act aims to make AI developers accountable, the EU's Artificial Intelligence Act regulates the development, deployment, and use of AI systems, and the IEEE's AI/Autonomous Systems initiative examines the potential for embedding ethics in the design process of AI systems. In Africa, most countries develop and regulate AI technologies through data protection laws, national AI strategies, or dedicated institutions. For instance, at least 46 African countries have adopted the United Nations Educational, Scientific and Cultural Organisation (UNESCO) recommendation on the Ethics of Artificial Intelligence [141]. These legislative and initiatives demonstrate the growing recognition of the need for a holistic approach to cybersecurity in the age of AI.

Finally, the classification schema has the potential to serve as a foundation for establishing key performance indicators (KPIs) to measure the effectiveness of various mitigation strategies. This creates an environment of accountability [14, 23] and fosters a culture of continuous improvement, enhancing the resilience and robustness of cybersecurity frameworks [144]. Analysis of the dataset in Table 6 therefore underscores the need for inter- and multi-disciplinary approaches [14, 27, 28], beyond technical solutions, to mitigate AI-driven cyberattacks, encompassing legal, ethical, and human factors.

Future research areas for AI-driven cyberattack mitigation include:

  • effectiveness assessment: Empirically assessing the effectiveness of various mitigation strategies against different types of AI-driven cyberattacks.

  • socio-technical models: Developing more comprehensive socio-technical models that integrate technical, human, and regulatory elements.

  • global vs local context: Exploring how global standards can be harmonised with local legislation and norms, considering the international cooperation category.

  • ethical and bias considerations: Focusing on the ethical considerations in deploying AI-driven cyber defence systems, given that AI systems are prone to biases.

  • longitudinal studies: Conducting longitudinal studies to track the changing efficacy of different strategies over time, as the cyber threat landscape is constantly evolving.

  • human factors in AI security: Researching the psychology of trust in AI systems, human error, and other human factors, given the significance of HAIC.

  • automated countermeasures: Developing and assessing automated countermeasures that adapt to evolving threats in real-time, a particularly nascent area of study.

  • ethical hacking: Exploring the role and limitations of ethical hacking practices such as red-teaming in improving AI/ML algorithms for malware detection.

Upon outlining the diverse strategies for mitigating AI-driven cyberattacks, it is imperative to examine the motivations behind them. Understanding the underlying incentives is crucial for developing more effective countermeasures and constructing a more comprehensive theory of AI-driven cyber threats. Therefore, we now turn our attention to the motivations behind AI-driven cyberattacks.

5.3 Motivations as drivers of AI-driven cyberattacks

Organisations must defend against AI-driven cyberattacks, a significant cybersecurity threat. Understanding the motivations and goals of these attacks is essential for effective defence [88, 89]. Building on the need to understand the driving forces behind AI-driven cyberattacks, this section explores the motivations behind these complex activities. To fulfil the third research objective of this paper, we used ChatGPT to analyse the dataset presented in Table 8, focusing on identifying patterns and recurring themes concerning attacker motivations. We further validated these themes through a rigorous review of existing academic literature. Figure 5 summarises these findings, providing a synthesised view of the motivations that inform current trends in AI-driven cyberattacks.

Fig. 5
figure 5

A schema of motivations behind AI-driven cyberattacks

Figure 5 proposes a classification schema that provides a comprehensive framework for understanding the motivations behind AI-driven cyberattacks. It identifies the key motivational and objective factors of AI-empowered cyber attackers by providing insights into the reasons for these attacks. The schema covers a wide range of motivational factors, including economic, political, ideological, personal, and psychological elements. It contributes to current cybersecurity studies by encompassing a broad range of motivations, from financial gain to causing psychological distress to human life. The schema emphasises the need for different disciplines to collaborate to address the multifaceted nature and motivations of AI-driven cyberattacks. This includes integrating economics, political science, and psychological health theories into cybersecurity discussions [6, 89, 93]. It is also important to note that the motivations behind AI-driven cyberattacks are not mutually exclusive, and attackers may have multiple motives simultaneously. Additionally, these motivations can evolve in response to technological advancements, geopolitical shifts, and the emergence of new opportunities or threats [27, 88, 89].

As a practical implication, the classification schema outlined in Fig. 5 can help organisations develop appropriate preventive measures against AI-driven cyberattacks by identifying and categorising the key factors of attackers' motivations. This enables organisations and stakeholders to take a more targeted and proactive approach to cybersecurity [6, 145]. The schema can also support professional teams and organisations in prioritising their efforts, tailoring their response strategies, assessing impact, gathering evidence, and improving post-incident analysis. This empowers them to detect, prevent, and respond to emerging threats more effectively and strengthen their overall resilience against similar threats [6, 27].

Future research projects may include:

  • Interdisciplinary approaches: How can we integrate different disciplines such as economics, psychology, and political science into AI-in-cybersecurity research?

  • Longitudinal studies: Conduct longitudinal studies to track changes in the key factors motivating AI-driven cyberattacks over time.

  • Quantitative metrics: Developing quantitative metrics to measure the motivational factors in each category would provide further insights.

  • AI security education: Research on effective ways to educate AI practitioners and organisations about the risks of AI-driven attacks and mitigation strategies based on key factor motivations would be beneficial.

  • Mitigation strategies: Investigating the effectiveness of existing mitigation and defence mechanisms against the key factor motivations categorised in this schema, including the use of AI for anomaly detection, behaviour analysis, and real-time response.

  • Ethical considerations: Investigating the ethical perspective of AI-driven attacks in the context of AI-driven motivations would provide further insights.

After outlining the motivations behind AI-driven cyberattacks, we now consider their broader ramifications. As we move to the next section, we will shift our focus from individual and organisational motivations to the overarching societal impact of AI-driven cyberattacks. This examination was aimed at providing a holistic understanding of how these attacks ripple through various layers of society, from economic structures to social norms.

5.4 Impact of AI-driven cyberattacks on society

This section explored the multi-dimensional societal impact of AI-driven cyberattacks, fulfilling our fourth research objective. Building on our previous discussions of the technologies, strategies, and motivations involved in these cyberattacks, we now expand the scope of our analysis to consider their broader societal ramifications. Using ChatGPT to perform textual analysis on the dataset in Table 9, we identified key patterns and recurring themes that exemplify the societal impact of these cyber activities. Further validation of these thematic clusters was achieved through a rigorous review of existing literature in the field. Figure 6 synthesises these findings, providing a comprehensive overview of how AI-driven cyberattacks could potentially reshape economic, political, and social landscapes.

Fig. 6
figure 6

A schema of the potential societal impact of AI-driven cyberattacks

The proposed classification schema in Fig. 6 provides a holistic framework for comprehending the societal impacts of AI-driven cyberattacks. It contributes towards current cybersecurity theories by encompassing a broad range of concerns, from economic disruptions to direct threats to human life. Furthermore, the schema also emphasises the need for inter- and multi-disciplinary approaches [14, 27, 28], advocating for the integration of political science, economics and public health theories into cybersecurity discussions. This invites the development of novel, interdisciplinary theoretical models that can holistically capture the multifaceted nature of AI-driven cyberattacks [81, 93]. Additionally, by highlighting categories such as “Human and Public Safety” and “Political and Social Stability,” the schema underscores the imperative for theoretical constructs that integrate human and societal factors [132] into the traditionally technology-focused field of cybersecurity. However, it is now widely accepted that technological mechanisms alone cannot adequately mitigate cyber risks [45], let alone AI-driven cyberattacks. This presents a compelling case for reorienting and broadening the scope of theoretical development in the study of AI-driven cyberattacks, mitigation strategies, motivations, and their societal impacts.

The practical implications of the classification schema outlined in Fig. 6 are that it can serve as a tool for governments and organisations to construct robust policies to counter the manifold impacts of AI-driven cyberattacks [129–131]. Its comprehensiveness allows for judicious resource prioritisation [138], empowering stakeholders to channel efforts and finances towards mitigating the most severe societal threats. Additionally, the schema advocates for public education as a cornerstone in building a societal defence against the multifaceted risks posed by such attacks. Equally significant is its utility for legal institutions, offering an extensive understanding that can inform the design of legislative frameworks [94, 95], thereby enhancing the specificity and efficacy of legal remedies and enforcement mechanisms. This multifaceted practical utility underscores the schema's vital role in shaping a cohesive and targeted response to the societal implications of AI-driven cyberattacks.

Potential areas for future research include:

  • interdisciplinary approaches: How can we integrate different disciplines like psychology, sociology, and economics into cybersecurity research?

  • longitudinal studies: Future research can aim to conduct longitudinal studies that track the changing patterns of societal impacts over time.

  • quantitative metrics: We can develop quantitative metrics to measure the societal impact in each category.

  • mitigation strategies: We can investigate the effectiveness of existing mitigation strategies against the societal impacts categorised in this schema.

  • ethical considerations: Due to the complex interplay of human life, economic vitality, and societal stability, research into the ethical dimensions of these attacks and their implications is another avenue for future work.

Having explored the diverse facets of AI-driven cyberattacks, including their types, mitigation strategies, underlying motivations, and potential societal impact, we will now synthesise these multidimensional insights to achieve the fifth research objective. The subsequent section therefore endeavours to construct a comprehensive framework that encompasses the first four research objectives, offering a holistic understanding of the dynamics and implications of AI-driven cyberattacks. This framework aims to serve as a cornerstone for both academic research and practical interventions in the cybersecurity domain.

5.5 AI Cybersecurity Dimensions (AICD) Framework

The culmination of this study is the AICD Framework, a comprehensive, multidimensional conceptual model that integrates insights from the four main research objectives: attack types, mitigation strategies, underlying motivations, and societal impact. The intention is to make the AICD Framework a foundational schema for academics, policymakers, industry professionals, and cybersecurity experts to understand, analyse and counteract the evolving landscape of AI-enabled cyber threats in a multidisciplinary approach. It is predicated on the idea that a multifaceted approach is essential to address the complex challenges posed by the convergence of AI technologies and cyberattacks [14, 27, 28, 93]. Figure 7 summarises the insights from the four main research objectives of this paper and presents them as the AICD Framework.

Fig. 7
figure 7

AI Cybersecurity Dimensions Framework

As the main contribution of the study, the AICD Framework is a comprehensive, multidimensional conceptual model that encapsulates the diverse dimensions of AI-driven cyberattacks. It draws insights from four primary research objectives: attack types, mitigation strategies, underlying motivations, and societal impact. The framework provides an integrated perspective for academics, policymakers, industry professionals, and cybersecurity experts, facilitating a holistic understanding of the dynamics and implications of AI-driven cyber threats.

The AICD Framework underscores the importance of a multidimensional approach to addressing the intricate challenges arising from the synergy of AI techniques and cyberattacks. It highlights the necessity for proactive interdisciplinary collaboration in both research and practical applications.

6 Conclusion

This paper explored the multifaceted dimensions of AI-driven cyberattacks, including their implications, strategies, motivations, and societal impacts. The research study culminated in the development of the AICD Framework, which provides a holistic view of this evolving threat landscape. The analysis of offensive AI cyberattacks revealed their intricate and dynamic nature, underscoring the need for adaptive, AI-infused defence mechanisms. Moreover, it emphasises ethical considerations surrounding the design, development, and deployment of AI in cybersecurity. As AI-driven attacks grow in sophistication, defenders must stay a step ahead. Adversarial AI cyberattacks on the other hand highlight the metamorphic nature of AI-centric threats, mandating proactive research and actionable measures to counteract them. As AI progresses, the types of adversarial challenges will shift, highlighting the need for continuous vigilance and innovation. This landscape necessitates a focus on robust defences, ethical AI security norms, and the wide-reaching implications of adversarial AI for cybersecurity and individual privacy.

The paper began by delving into the profound implications of AI-driven cyberattacks, highlighting their surge in prevalence and sophistication. This initial exploration laid the groundwork for understanding the gravity of the challenges posed by offensive AI and adversarial AI campaigns, calling for robust mitigation measures. The subsequent exploration of defensive AI mitigation strategies highlighted the dynamic arms race between attackers and defenders, emphasising the innovation, adaptability, and resilience required to counteract evolving threats. Motivations, often the undercurrents of any cyber campaign, were next examined. The exploration revealed various driving forces, ranging from economic incentives to ideological reasons, providing stakeholders with insights to craft targeted countermeasures. This emphasised that the motivations behind AI-driven cyberattacks are neither monolithic nor static, highlighting the fluidity and multiplicity of attacker objectives. Building upon individual and organisational motivations, the study widened its lens to understand the overarching societal ramifications of these cyber threats. It found that AI-driven cyberattacks have a profound ripple effect, influencing economic structures, political landscapes, and social norms. The authors argue that human-centric and non-technical dimensions need to be integrated into cybersecurity discussions, requiring a shift in the traditionally tech-centric paradigm to a more inclusive and interdisciplinary approach.

The AICD Framework integrates these diverse facets to provide a comprehensive overview of AI-driven cyberattacks. The framework can inform academic research and guide practical interventions, bridging the knowledge-practice gap. The convergence of AI and cyberattacks therefore presents new challenges and opportunities for cybersecurity. As AI-driven threats evolve, so we must evolve our understanding, strategies, and frameworks. This paper underscores the need for collaborative, interdisciplinary efforts to address these challenges and seize the opportunities. The AICD Framework serves as a beacon for future research and interventions. We hope that the scholarly community, policymakers, and industry leaders will find value in the insights presented in this study and galvanise collective action to secure our cyber future.