Fiveable

🔒AP Cybersecurity Unit 1 Review

QR code for AP Cybersecurity practice questions

1.4 AI-Based Cybersecurity Attacks

1.4 AI-Based Cybersecurity Attacks

Written by the Fiveable Content Team • Last updated June 2026
Verified for the 2027 exam
Verified for the 2027 examWritten by the Fiveable Content Team • Last updated June 2026
🔒AP Cybersecurity
Unit & Topic Study Guides
Pep mascot

TLDR

AI does not invent brand new attacks. It makes old ones like phishing, impersonation, reconnaissance, and malware writing faster, cheaper, and far more convincing. To defend against AI-augmented attacks, you rely on layered habits: shared secrets with trusted people, multifactor authentication, keeping sensitive data out of public AI tools, and verifying AI output with reputable non-AI sources.

Pep mascot
more resources to help you study

Why This Matters for the AP Cybersecurity Exam

This topic builds your adversarial thinking, which is the core skill behind almost every question in AP Cybersecurity. You need to explain how adversaries use AI-powered tools to strengthen attacks and how people can protect against those attacks. Expect to identify the type of AI-based attack in a scenario (a cloned voice call, a flawless phishing email, a data-poisoned answer) and then recommend a specific, matching defense. The same vulnerability-threat-attack-mitigation reasoning shows up throughout Unit 1, so getting comfortable here pays off across the whole course.

Key Takeaways

  • AI augments existing attacks rather than creating new categories. The change is scale, quality, and speed.
  • Voice and image samples let adversaries build a digital avatar to impersonate someone by phone or video, which is riskier as voice-based authentication spreads.
  • Large language models help adversaries write natural-sounding phishing in any language, so bad grammar is no longer a reliable warning sign.
  • Adversaries can extract sensitive info from LLMs through crafted prompts and can poison training data by publishing false information online.
  • AI speeds up reconnaissance by scraping public profiles and helps even weak coders write or modify malware.
  • Core defenses: shared secrets, multifactor authentication, never feeding sensitive data to AI tools, and verifying AI output with trusted non-AI sources.

How Adversaries Use AI to Power Cyberattacks

AI does not create totally new categories of attacks. It supercharges old ones. Phishing, impersonation, reconnaissance, and malware writing have all existed for a long time. What changes with AI is the scale, quality, and speed at which adversaries can pull them off.

Voice and Video Deepfakes for Impersonation

Adversaries can take voice and image samples of a real person, often pulled from public sources like social media or videos, and feed them into AI tools to build a digital avatar. With a small amount of audio, a tool can clone someone's voice well enough to fool friends, coworkers, or family.

How this plays out:

  • An attacker calls an employee using a cloned version of an executive's voice and demands an urgent wire transfer.
  • A scammer calls a relative pretending to be a family member in trouble, using a voice clone built from public video clips.
  • On a video call, a deepfake avatar of a manager asks an employee to share login credentials or sensitive files.

This becomes a bigger deal as more organizations adopt voice-based authentication. If an adversary can clone your voice, the potential impact grows because that clone could be used to access systems protected by voice.

These specific incidents are applications of the concept, not required AP content. The required idea is that adversaries can use voice and image samples to impersonate a person and cause financial loss or the sharing of sensitive information.

AI-Generated Phishing Messages

For years, one easy way to spot a phishing email was bad grammar. Many phishing messages were written by attackers who were not native speakers of the target's language, so awkward phrasing was a giveaway.

That tell is mostly gone now. Adversaries use large language models (LLMs), which are AI systems trained on huge amounts of text, to write phishing messages that read as though a native speaker wrote them, in any target language. An attacker in one country can send a clean, natural message in a language they do not speak.

A modern AI-generated phishing email might:

  • Match the tone of a real coworker
  • Reference real projects pulled from a company's public website
  • Be personalized based on a public profile
  • Include zero grammar mistakes

The takeaway: you can no longer rely on weird wording as your main phishing filter.

Prompt-Based Extraction from LLMs

LLMs are trained on large datasets, and some also use what users type into them. Adversaries can craft prompts designed to pull sensitive information back out.

Two main sources of leaked info:

  1. Training data. Secure or sensitive information can come from the large data sets used to train the model, and a crafted prompt might get the model to repeat it.
  2. User input. If people enter confidential data into a tool that feeds input back into the model for continuous training, an adversary could later extract that data through targeted prompts.

This is why many organizations limit what employees can paste into public AI tools.

Poisoning LLM Training Data

LLMs learn from public content across the internet. Adversaries can exploit this by publishing or modifying websites to contain false information, hoping that content ends up in future training sets.

If enough false content shows up, the model may start repeating those falsehoods as if they were facts. The risky part is that the false output sounds confident and authoritative, so users may trust it. As an application: an attacker could spread fake instructions for resetting a password and an AI assistant might later repeat those steps to real users.

AI-Powered Reconnaissance

Before an attack, adversaries gather information about a target. This phase is reconnaissance. AI tools make it faster by scanning the internet to collect information posted on social media and public websites.

An attacker can use AI to:

  • Scrape public social media profiles quickly
  • Pull names of family members, school, job, and other details
  • Identify coworkers and a company's technology
  • Combine public posts into a detailed profile

The more an attacker knows about you, the more convincing their phishing message or impersonation attempt becomes. That is why oversharing online is a real security risk.

AI-Enhanced Coding Tools for Malware

AI coding assistants help developers write, debug, and review code. Adversaries use the same tools for the opposite purpose:

  • Writing new malware, even when the attacker is not a strong coder
  • Modifying existing application code to perform malicious activities
  • Scanning large codebases to find vulnerabilities (bugs that can be exploited)

This lowers the barrier to entry for cybercrime, which means more people can launch sophisticated attacks than before.

How to Protect Against AI-Augmented Attacks

These defenses are not fancy or expensive. Most are habits you can start using today.

Establish Shared Secrets with People You Trust

A shared secret is a word or phrase that only you and one other person know. If you get a strange call from someone claiming to be a relative asking you to send money, you can ask for the shared secret. A voice clone built from public videos will not know the answer.

This is one of the simplest defenses against voice deepfake scams, especially for families. Pick a word together that is not on social media and agree to use it in high-stakes situations.

Enable Multifactor Authentication (MFA)

Multifactor authentication (MFA) requires more than one type of proof to log in. The typical categories are:

  • Something you know (password, PIN)
  • Something you have (phone, security key)
  • Something you are (fingerprint, face, voice)

If a system only uses voice authentication and an attacker clones your voice, that alone could let them in. But if logging in also requires a code from your phone or a hardware key, the voice clone is not enough. MFA blocks many account takeovers, including ones that involve AI impersonation.

Don't Feed Sensitive Data to AI Tools

Treat any AI chatbot or assistant carefully. Some tools feed user input back into the model for continuous training, which means whatever you enter could be extracted later through targeted prompts.

Things you should not paste into a public AI tool:

  • Passwords or API keys
  • Customer or patient data
  • Internal company documents or source code
  • Social Security numbers or financial info
  • Private details about others

If your school or workplace offers an enterprise version of an AI tool with privacy protections, that is safer. With default consumer chatbots, assume anything you type might be stored.

Verify AI Output with Trusted Sources

LLMs sound confident even when they are wrong. They can repeat poisoned training data or be outdated. Carefully evaluate important information using reputable, stable, non-AI-based sources like:

  • Official government or organization websites
  • Established news outlets
  • Documentation from the actual software or service you are using

If an AI tool tells you the steps to reset your bank password, go to your bank's actual website to confirm. Treat AI output as a starting point, not a final answer.

How to Use This on the AP Cybersecurity Exam

MCQ

Match the scenario to the attack type and the right defense. If a question describes a flawless phishing email in perfect English from someone overseas, recognize that AI-generated phishing removes the "bad grammar" clue. If a scenario describes a cloned voice asking for money, the strongest answers usually involve a shared secret or MFA.

Explaining Attacks and Defenses

When asked to explain how adversaries use AI tools, name the specific technique (voice cloning, AI phishing, prompt-based extraction, data poisoning, AI reconnaissance, AI-assisted malware) and state the impact, such as financial loss or sharing of sensitive information. When asked about protection, pair each threat with a matching mitigation rather than listing random tips.

Common Trap

Watch for answers that claim AI creates entirely new attack categories. AI augments existing attacks. Also watch for the trap of relying on voice as a single authentication factor; that is exactly why MFA matters here.

Common Misconceptions

  • "AI invents new kinds of attacks." It mainly makes existing attacks faster, cheaper, and more convincing.
  • "Bad grammar always reveals phishing." AI can write natural-sounding phishing in any target language, so grammar is no longer a reliable filter.
  • "Voice authentication is secure by itself." A cloned voice can defeat voice-only authentication, which is why a second factor is important.
  • "It is fine to paste work info into a chatbot." Some tools use input for continuous training, and adversaries can craft prompts to extract that data later.
  • "If an AI tool sounds confident, it must be right." LLMs can repeat poisoned or outdated information, so verify with reputable non-AI sources.
  • "Data poisoning requires hacking the model." Adversaries can simply publish or change public websites so false information lands in future training sets.

Vocabulary

The following words are mentioned explicitly in the AP® course framework for this topic.

Term

Definition

AI-powered tools

Software systems that use artificial intelligence to automate and enhance cybersecurity tasks such as threat detection and response.

authentication factor

A method or piece of information used to verify a user's identity, such as a password, biometric data, or physical token.

digital avatar

A digital representation of a person created using AI-powered tools that leverage voice and image samples, enabling impersonation over phone or video calls.

generative AI

AI tools designed to create new content, such as text, images, or other data, based on patterns learned from training data.

large language models

AI systems trained on vast amounts of text data that can generate human-like text and understand language patterns.

malware

Malicious software designed to harm, exploit, or compromise computer systems and networks.

multifactor authentication

A security method that requires two or more different forms of verification to authenticate a user's identity, preventing unauthorized access even if one authentication factor is compromised.

phishing messages

Deceptive communications designed to trick recipients into revealing sensitive information or clicking malicious links.

prompt injection

A technique where adversaries craft specific prompts to extract secure or sensitive information from language models.

reconnaissance

The first phase of a cyberattack in which adversaries gather information about their target, often using openly available sources.

shared secrets

Confidential information or phrases known only to two parties that can be used to verify each other's identities in high-stakes situations.

training sets

Collections of data used to train AI models, including user input and large datasets that inform the model's responses.

voice authentication

A biometric authentication method that uses a person's unique voice characteristics to verify their identity and grant access to systems or accounts.

voice cloning

A technique used by adversaries to replicate a target's voice in order to bypass voice authentication systems and gain unauthorized access to accounts or systems.

voice impersonation

The use of AI-powered tools to mimic a person's voice in order to deceive others over phone or video communications.

vulnerability

Weaknesses or flaws in systems, applications, or configurations that can be exploited by attackers to compromise security.

Frequently Asked Questions

How do adversaries use AI to make phishing emails harder to detect?

Adversaries use large language models (LLMs) to write phishing messages that read as though a native speaker wrote them, in any target language. This removes the bad grammar and awkward phrasing that people have traditionally used to spot phishing, making AI-generated messages far more convincing.

What is a deepfake attack in AP Cybersecurity and why is it dangerous?

A deepfake attack uses AI tools to generate a digital avatar of a real person from existing voice and image samples, allowing an adversary to impersonate that person over a phone call or video call. This can lead to financial loss or the sharing of sensitive information, and the risk grows as more organizations adopt voice-based authentication.

What defenses protect against AI-based cyberattacks in AP Cybersecurity 1.4?

Key defenses include enabling multifactor authentication (MFA), establishing shared secrets with trusted people to verify identities, avoiding entering sensitive data into AI-powered tools, and verifying AI output using reputable non-AI sources. Each defense targets a specific AI-augmented threat, so pairing the right mitigation to the right attack type is important.

What is data poisoning and how do adversaries use it against AI systems?

Data poisoning happens when adversaries publish or modify public websites to contain false information, so that false content gets included in the training sets used to build LLMs. Once trained on that data, the model may repeat the false information as if it were fact, which is why verifying AI output with reputable non-AI sources is recommended.

How do adversaries use AI tools for reconnaissance and malware in AP Cybersecurity?

Adversaries can use AI-powered tools to scan social media and public websites, quickly building detailed profiles of targets to support more convincing attacks. They can also use AI-enhanced coding tools to write new malware, modify existing code for malicious purposes, or find vulnerabilities in large codebases, lowering the technical skill required to launch sophisticated attacks.

Pep mascot
Upgrade your Fiveable account to print any study guide

Download study guides as beautiful PDFs See example

Print or share PDFs with your students

Always prints our latest, updated content

Mark up and annotate as you study

Click below to go to billing portal → update your plan → choose Yearly→ and select "Fiveable Share Plan". Only pay the difference

Plan is open to all students, teachers, parents, etc
Pep mascot
Upgrade your Fiveable account to export vocabulary

Download study guides as beautiful PDFs See example

Print or share PDFs with your students

Always prints our latest, updated content

Mark up and annotate as you study

Plan is open to all students, teachers, parents, etc
report an error
description

screenshots help us find and fix the issue faster (optional)

add screenshot