To hear some in cyber tell it, we should, by now, be drowning in sophisticated phishing attacks and deepfakes, driven by criminals making more use of GenAI. But this does not appear to have come to pass, or at least not yet. British journalist and author Jamie Bartlett, speaking from London in early April, says criminals are in the same position as most legitimate businesses. “They have recognised the potential of AI to help them in the way they do business, but they are still struggling to work out precisely how to do that.”

But that could change, and Bartlett estimates there’s a window of between 12 to 18 months, by which time he expects to see the deployment of very high-quality deepfake phishing attacks. When a darknet market is taken down by authorities, he says, it typically takes between six and 12 months for it to be rebuilt and relaunched.