Threat actors are increasingly rejecting mainstream artificial intelligence (AI) models in favor of lesser-known open-source alternatives because commercial safeguards are making popular tools unreliable for cyberattacks. According to ReliaQuest's 2026 annual report on AI-powered cybercrime, criminals view models like Claude, Grok, and ChatGPT as too restrictive for their purposes, prompting a strategic pivot toward open-weight systems that offer greater control and fewer ethical guardrails.

What Are Criminals Saying About Mainstream AI Models?

The shift reflects growing frustration on dark web forums where attackers discuss their tooling preferences. ReliaQuest documented forum posts from cybercriminals expressing exasperation with commercial models. One post stated that GPT models were "unusable for a long time now," while another, discussing the latest iterations, noted that "even the smartest model will be useless for our purposes if you can't bypass its restrictions". These complaints reveal that safety features built into frontier models are actively disrupting criminal workflows, making them less attractive than alternatives.

The restrictions appear to be working as intended, but not in the way defenders might hope. Rather than deterring attackers, they're simply redirecting them toward different tools. Jailbreak prompts still circulate on criminal forums, but ReliaQuest's research shows that these workarounds reduce consistency and interrupt workflows, making commercial models less reliable for sustained offensive operations.

Which Open-Source Models Are Criminals Adopting Instead?

Threat actors are consolidating around open-weight models including Qwen, Dolphin, and Mistral. While these systems may not match the performance of frontier models at the highest end, criminals view them as more predictable and easier to run locally without relying on a cloud provider to maintain a session. Local control matters significantly because it makes sessions harder to interrupt midway through a task, giving attackers greater operational stability.

Forum users describe a deliberate trade-off in which lower-tier models are accepted because they are seen as more stable for offensive or quasi-offensive work. This preference signals a maturation in how threat actors approach AI as operational infrastructure. Rather than chasing the most powerful model available, they're optimizing for reliability, cost, and control.

How Are Criminals Using AI Across Attack Workflows?

AI is not creating entirely new forms of cyberattack; instead, it's making familiar tactics faster to execute, cheaper to run, and harder to detect. ReliaQuest identified six primary ways AI is embedded in intrusions today:

• Phishing at Industrial Scale: AI lowers the barrier to entry for cybercriminals by enabling mass generation of phishing pages and lures, allowing campaigns to be launched, adjusted, and repeated at speed. ReliaQuest observed AI-assisted campaigns generating clusters of 30 to 40 device-code phishing domains simultaneously.
• Malicious Tools Produced Faster: AI generates key components like web shells and credential harvesters, as well as varying or padding code to frustrate static analysis. In one example, AI-assisted web shells were deployed in 60 seconds, demonstrating how automation reduces the time attackers need to move from preparation to execution.
• Social Engineering Polish: AI erases the typos, awkward phrasing, poor grammar, and clumsy design that used to be telltale signs of phishing, making fraudulent communications far more convincing.
• Identity Fabrication: AI makes North Korean worker fraud easier to scale and harder to spot thanks to rapid development of fake profiles and convincing deepfakes for meetings and interviews.
• Initial-Access Acceleration: AI moves targets from interaction to compromise via AI-generated obfuscation in ClickFix attacks and AI-assisted pages in device-code phishing campaigns.
• AI-Branded Tools as the Lure: Attackers trick users into running malicious installation commands or extensions disguised as Claude or other branded downloads, exploiting trust in well-known AI brands.

The central theme across all these applications is that AI "consistently enabled these operators to achieve more, faster, with less effort," according to ReliaQuest. Threat actors are treating AI as operational infrastructure, something to buy, tune, and slot into existing workflows.

What Should Security Teams Do to Counter This Shift?

Security teams don't need an entirely new strategy built around AI as a category, but AI does change the pace of attacks. ReliaQuest recommends that organizations focus on strong fundamentals, defense-in-depth, and AI and automation wherever operationally possible to match the new pace. Here are the key defensive priorities:

• Behavioral Detection: Use behavioral detection across endpoint, identity, network, and cloud, especially after access is granted, to catch AI-accelerated post-compromise activity.
• Automated Containment: Automate containment to keep pace with machine-speed attacks, since human response times can no longer match the velocity of AI-enabled intrusions.
• User Retraining: Retrain users on the full range of what AI can fake, including voice, video, profile photos, and polished text, and require out-of-band verification for sensitive requests such as installs, approvals, and payments.
• Threat Research Investment: Invest in threat research to track the volume and timing patterns that AI-scaled campaigns create, helping identify emerging attack trends before they reach your environment.
• External Intelligence: Use external threat intelligence to spot AI-enabled tradecraft before it reaches your environment and route it to the right teams for rapid response.

The broader challenge is that AI risk spans cybersecurity, supply chain, geopolitics, and regulation, leaving most organizations without a single owner for the full picture. This governance gap means that defensive strategies must be coordinated across multiple teams and departments.

Why Does This Matter for Financial Institutions?

The financial sector faces particular urgency in responding to AI-accelerated threats. At the Seventh Annual State-of-the-Field Conference on Cyber Risk to Financial Stability, hosted by the New York Federal Reserve, speakers emphasized that AI tools mean attackers can discover and exploit vulnerabilities in seconds rather than hours or days. This velocity shift has enabled attackers to evade defense systems and target critical financial infrastructure nodes with precision, marking a shift from indiscriminate to surgical disruption.

"AI has changed the game of cybersecurity, making it cheaper, faster and easier than ever for threat actors to do real damage to large organizations," said Brian Murphy, Founder and Chief Executive Officer of ReliaQuest.

Brian Murphy, Founder and Chief Executive Officer, ReliaQuest

The velocity of AI-enabled attacks has exceeded human response capacity, making AI-assisted defense necessary for financial institutions. Speakers identified credential compromise, third-party exposure, and deepfake-enabled fraud as the most immediate and underappreciated attack vectors. The challenge is particularly acute for mid-tier financial firms, which are more likely to hire vendors who promise to do things faster or cheaper, opening themselves to risks that larger, more scrutinized institutions have already addressed.

The shift toward open-source AI models among cybercriminals represents a maturation in the threat landscape. Rather than relying on commercial tools with built-in safeguards, attackers are building a more resilient, distributed infrastructure for offensive operations. For defenders, this underscores the urgency of moving beyond prevention-focused strategies and investing in resilience, rapid detection, and automated response capabilities that can match the speed and scale of AI-accelerated attacks.