Cybercrime Doesn't Reinvent Itself. It Optimizes.

"Criminals want an easy life. That's the entire point of being a criminal in the first place." - Robert McArdle, Director of Cybercrime Research at TrendAl

After two decades watching cybercriminals operate, Robert McArdle has arrived at a counterintuitive conclusion: the technology changes constantly, but the criminals barely change at all. The smartphones, the cloud, the AI revolution—each wave reshapes the attack surface without fundamentally altering the criminal playbook. The business model adapts. The humans behind it largely do not.

McArdle, who leads two global threat research teams at Trend AI (formerly Trend Micro) after 18 years with the company, joined host Eli Woodward on the Future of Threat Intelligence podcast to talk through exactly that: how to think like a criminal researcher, what AI is actually doing to the threat landscape, and why agentic systems may eventually force law enforcement to rethink what an infrastructure takedown even means.

Three Rules Explaining Cybercriminal Business Operations

McArdle's team doesn't just track malware, they track criminals too. And criminals are remarkably consistent. Understanding how they evaluate new technology comes down to three rules of thumb.

1. Criminals prioritize operational ease. The core objective of cybercrime is to generate high margins with minimal friction. Any technology that adds complexity without improving returns gets ignored.
2. Current returns suppress architectural pivots. Right now, ransomware pays so efficiently that it actively stifles the adoption of alternative monetization streams. Threat actors have no economic incentive to field-test novel exploitation paths when their existing baseline continues to yield predictable returns.
3. Cybercrime is evolutionary, not revolutionary. Criminal networks do not burn down operational infrastructure to rebuild around a new technology wave. They dial up what's working and gradually strip out whatever friction they encounter.

The Internet of Things (IoT) wave illustrated this economic calculus perfectly. While some security researchers predicted alarmist scenarios involving ransomware on smart TVs or compromised consumer appliances, threat actors looked at the exposed perimeter and simply saw Linux-based computers. Ransoming an end-user television does not scale—the victim can simply bypass the threat with a factory reset. However, standardizing those exact same hijacked IoT endpoints into a silent proxy layer or a Distributed Denial of Service (DDoS) botnet scales perfectly. The criminal calculus was focused on high volume and operational ease, not novel execution.

The Falling Barrier to Entry and Technical Asymmetry

A critical challenge for modern security teams is the distinct asymmetry in how lowering entry barriers impacts attackers versus defenders.

On the adversary side, automated tooling has shifted the technical bell curve upward. An entry-level operator today can execute infrastructure scans and deploy malware frameworks with the same velocity as a mid-tier threat actor a decade ago. Open-source tools, credential marketplaces, and automated exploitation scripts have raised the operational ceiling for low-skilled actors.

On the defensive side, the dynamic inverts. As enterprise environments become increasingly complex—spanning multi-cloud environments, decentralized integrations, and unmonitored software dependencies—the baseline knowledge required to hunt threats increases exponentially. Security teams frequently struggle with entry-level pipeline development because active job descriptions demand complete fluency across Windows internals, Linux endpoints, cloud configurations, and automated penetration testing simultaneously. Criminal ecosystems have built fluid pipelines for low-skilled actors; the defensive industry has inadvertently built a compliance gate that demands a unicorn footprint before an analyst can enter a Security Operations Center (SOC).

What AI Is Actually Doing to Malware (and What It Isn't)

The conversation surrounding AI-generated malware remains quite saturated. Practitioners must separate how threat actors use Large Language Models (LLMs) as development utilities from how they embed automated logic inside active payloads.

The use of AI as an engineering accelerant is happening at scale. Just as defensive engineers use automation to debug scripts, threat actors feed raw keyloggers, credential stealers, and command-and-control (C2) configurations into jailbroken LLMs to iterate software variations. This code optimization introduces an unexpected forensic fingerprint: malware samples associated with Eastern European or Chinese threat clusters now occasionally surface with grammatically flawless English within the internal code comments.

Conversely, embedding live LLM execution logic directly inside malware payloads remains rare, driven by structural engineering constraints:

• Kill-Switch Vulnerability: Querying an external model requires routing traffic through an Application Programming Interface (API) key. This creates an immediate defensive kill-switch; major cloud providers can identify anomalous key utilization and revoke access instantly.
• Non-Deterministic Constraints: LLMs are structurally non-deterministic. If an operator instructs an automated utility to parse a target network configuration one hundred times, the model will return slight structural variances across those responses. For threat hunters and malware operators alike, predictable, rigid execution is mandatory. An exploitation framework that cannot guarantee exact command-and-control behavior fails at scale.

The near-term evolution centers on geography and jurisdiction. Threat actors are shifting their jailbroken development wrappers away from Western hosting providers toward models managed within non-cooperative jurisdictions, utilizing platforms like Alibaba’s Qwen or localized alternative instances. These systems are highly capable for software development, but the primary advantage is geopolitical: law enforcement cooperation collapses, and defenders lose the ability to issue cross-border takedown requests.

Agentic AI and the Industrialization of Cybercrime

If AI-generated malware is the near-term concern, agentic AI is the structural shift. And McArdle argues the criminal implications are more significant than most defenders currently appreciate.

While automated code generation is an incremental threat, agentic AI represents a fundamental infrastructure shift. Agentic models—where specialized, single-task micro-models are directed by a central orchestrator—scale exponentially rather than linearly. When a threat operation integrates a new automated parsing agent into its pipeline, that agent does not operate in a vacuum; it dynamically communicates capability data across every other node in the network.

This infrastructure is poised to transform high-stakes fraud execution, specifically within industrial-scale financial romance scams. Soon, automated orchestrators will handle the relationship lifecycle across weeks, analyzing target behavior, generating contextual text, and only alerting a human controller at the exact millisecond the target is primed. This will shift fraud from a manual campaign to an automated utility targeting hundreds of thousands of endpoints simultaneously.

The downstream implication for law enforcement and Incident Response (IR) teams is profound. If an adversary pipeline becomes 75% autonomous, the individuals running the campaign stop acting as operators and start functioning as silent investors in an automated cash-generation network. Arresting a principal coordinator no longer halts active exploitation; the code continues to query target ports and siphon credentials independently. Defensive strategies must invert: teams must focus on rendering the underlying infrastructure unusable first, treating physical attribution as a secondary objective. The cryptographic private keys controlling the orchestrator are now as valuable as the actor holding them.

For Defenders: AI Software Is Just Software

When security leadership asks how to defend against unapproved AI tools proliferating across corporate networks, the answer remains grounding: treat autonomous applications exactly like legacy software risk.

An unauthorized AI agent communicating with an external LLM is, from a network detection perspective, identical to any other unmanaged software installation. It generates an unknown process footprint, communicates with untrusted external IP addresses, and establishes connections across persistent sockets. A robust defensive stack built around deep network monitoring, behavioral telemetry, and structured access control retains its visibility regardless of the internal logic of the payload.

The critical variable changed by automation is velocity. Defensive engineering teams can no longer rely on manual verification workflows to track application usage when software variations deploy within minutes. The solution requires adopting the same protocol principles natively: utilizing structured telemetry access to automate quarantine workflows, ensuring that when an anomalous connection fires, the asset is isolated before an analyst ever opens the alert queue.

The Bigger Picture

Treating threat actors as rational economic actors who operate based on return on investment yields highly accurate threat forecasts. The AI era doesn't create new criminals. It makes existing criminal business models more efficient, more scalable, and harder to disrupt through traditional endpoint security controls alone.  

The full conversation covers vulnerability discovery at scale using Trend AI's agentic research platform, the underground economy for criminal reputation vetting, and how CTI publication practices may need to evolve in an era where APT reports can be fed directly into Large Language Models to accelerate malware development.

Listen to the full episode of the Future of Threat Intelligence Podcast with Robert McArdle, Director of Forward-Looking Threat Research, Trend AI, HERE.