AI ransomware panic – exposing the inflated “80%” claim

Published: 3 November 2025
Last updated: 4 November 2025
A red face with "AI" in his eye.
Image by Cybernews

An MIT-linked paper was shamelessly associated with a claim that 80% of ransomware is powered by AI, without explaining what AI was actually doing.

Top cybersecurity expert Marcus Hutchins exposed the paper, written by MIT Sloan’s CAMS program and the vendor Safe Security, as being highly exaggerated and “baseless.”

Posting on his LinkedIn, Hutchins mentioned that the vendor-sponsored piece, which was light on academic rigor but heavy on grammatical errors and repetitive statements, claiming the paper was factually inaccurate.

ADVERTISEMENT

In fact, Hutchins himself was quite convinced that AI had not been deployed by some of the threat actors it mentioned.

Many of the threat actors they cited as ‘using AI’ were ones I personally tracked as part of my day job and can testify did not use AI.

It seems to be a case of the boy who cried wolf in cases like this, much like with the em dash (—) when we often call each other out for using AI, often without any inspection.

And ironically enough, “at least they didn't use AI to write or proof-read their paper. The claims & citations though...I'm not so sure.” Hutchins pondered.

Using a random number generator is not AI

The fear-mongering in the 31-page report is best highlighted with the 2017 WannaCry cyberattack, which affected over 300,000 unpatched computers worldwide (encrypting entire data systems and demanding Bitcoin payments in ransom) – which it claims was AI-powered.

Apparently, WannaCry using a random number generator to generate random IP addresses, then attempting to exploit them, is considered “AI,” pointed out Hutchins.

ADVERTISEMENT

As Cybernews previously revealed, the process of human intervention in these attacks was human-led and meticuolous. Also, by claiming on the front-page of the report that 80% of ransomware attacks are AI-driven, you’d hope for a degree of accuracy on the particulars.

The company behind the paper is Safe Security, who would have an ulterior motive in co-authoring the paper, especially when their main concern is all about ramping up the use of AI in cybersecurity. It is highly possible that Safe Security funded the publishing of this paper, Hutchens suggested.

And the response from cybersecurity experts among the LinkedIn community was frustration, especially when AI hype overshadows legitimate threats.

“Even IF every attack were AI-powered, that doesn’t make AI the best defense.” speculated Adam Maruyama, cyber & AI risk thought leader. And “this whole paper is a masterclass in academic malpractice” from Hutchins himself, claiming that "at least they didn't use AI to write or proof-read their paper"

As AI deepfakes and adversarial machine learning (teaching AI the wrong thing) can be utilized to wage a cyberattack, it’s also important not to discredit the tangible threat of highly skilled threat actors out there.

Since the original post, the paper appears to have been deleted.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT