Skip to main content
MIT AI Risk Initiative
BackCyberattacks
Home/Risks/Li et al. (2025)/Cyberattacks
Exclusion
Disclosure

Cyberattacks

A Closer Look at the Existing Risks of Generative AI: Mapping the Who, What, and How of Real-World Incidents

Li et al. (2025)

SourceDOI
Sub-category
Risk Domain
4Malicious Actors & Misuse
4.2Cyberattacks, weapon development or use, and mass harm

Using AI systems to develop cyber weapons (e.g., by coding cheaper, more effective malware), develop new or enhance existing weapons (e.g., Lethal Autonomous Weapons or chemical, biological, radiological, nuclear, and high-yield explosives), or use weapons to cause mass harm.

"Generative AI facilitating the damage, disruption or destruction of a third-party system and/or its components via malfunction, cyberattacks, etc"

EntityWho or what caused the harm

Human

Due to a decision or action made by humans

AI system

Due to a decision or action made by an AI system

Other

Due to some other reason or is ambiguous

IntentWhether the harm was intentional or accidental

Intentional

Due to an expected outcome from pursuing a goal

Unintentional

Due to an unexpected outcome from pursuing a goal

Other

Without clearly specifying the intentionality

TimingWhether the risk is pre- or post-deployment

Pre-deployment

Occurring before the AI is deployed

Post-deployment

Occurring after the AI model has been trained and deployed

Other

Without a clearly specified time of occurrence

Other risks from Li et al. (2025) (40)

Autonomy

5.2 Loss of human agency and autonomy
OtherOtherOther

Autonomy > Impersonation / identity theft

4.3 Fraud, scams, and targeted manipulation
HumanIntentionalPost-deployment

Misinformation Harms

3.1 False or misleading information
AI systemOtherPost-deployment

Representation and Toxicity

1.0 Discrimination & Toxicity
AI systemUnintentionalPost-deployment

IP / copyright / personality / rights loss

4.3 Fraud, scams, and targeted manipulation
HumanIntentionalPost-deployment

Autonomy / agency loss

5.2 Loss of human agency and autonomy
OtherOtherOther
View all 40 risks from this paper →