Ddos 
Artificial intelligence is now a part of everyday life, making the fight to keep it safe more critical than ever. In its February 2026 “Disrupting Malicious Uses of AI” report, OpenAI exposes a wide range of digital threats—from state-sponsored influence campaigns to automated romance scams. This update reveals a concerning trend: AI is no longer just a luxury for bad actors; it is becoming a core part of how they operate.
The most significant disruption involves a ChatGPT account linked to Chinese law enforcement. The user was caught documenting and planning what they termed “cyber special operations” (网络特战)—a large-scale, resource-intensive effort to silence critics and suppress dissent both at home and abroad.
According to OpenAI, “This effort appears to be large-scale, resource-intensive and sustained, engaging at least hundreds of staff, thousands of fake accounts across scores of platforms, and the use of locally-deployed AI models.”
The actor even attempted to use ChatGPT to plan an influence operation targeting the Japanese Prime Minister. While OpenAI’s models refused to assist, internal reports suggested the operation went ahead anyway, utilizing other tools and locally-deployed Chinese AI models like DeepSeek and Qwen.
In Operation “Date Bait,” a network likely based in Cambodia used a mix of manual prompting and automated chatbots to entrap young men in Indonesia.
These scams follow a predictable, three-step psychological trap:
- The Ping (Cold Contact): Using AI to generate engaging ads or messages.
- The Zing (Generate Emotion): Building a fake romantic connection.
- The Sting (Extract Money): Pressuring the victim for “VIP tasks” or “hotel deposits.”
The sophistication of these criminal enterprises is high. One scammer even asked ChatGPT for tax advice, self-identifying their occupation simply as “scammer.” In other cases, AI was used to generate “kill” values—the estimated maximum amount of money that could be extracted from a victim before they were blocked.
Beyond state actors and scammers, OpenAI disrupted clusters linked to the Russian-origin “Rybar” network. This operation functioned as a “content farm,” using AI to generate batches of social media comments to create an artificial impression of grassroots support—a tactic known as “astroturfing.”
In Argentina, a campaign dubbed “Trolling Stone” used AI to generate articles and comments defending an alleged “cult leader” and attacking the reputation of Rolling Stone Argentina. OpenAI notes that the AI’s success often depended on the “popularity of the accounts which did the posting,” rather than the content itself.
Perhaps the most cynical discovery was Operation “False Witness,” where scammers posed as fake law firms and even the FBI’s Internet Crime Complaint Center (IC3). They used AI to generate professional-sounding legal advice to target people who had already been scammed, offering to “recover” their lost funds for a fee.
OpenAI found that: “A subset of scam accounts also used our models to create deceptive materials intended to bolster credibility. This included fake attorney registration records and fake bar association membership cards.”
While the use of AI is a common thread, OpenAI emphasizes that it is just one part of a larger toolkit. The success of these operations still relies heavily on traditional social engineering, paid advertisements, and existing social media influence.
“This underscores the importance of studying the nature of threat actors and the ways in which they behave, as well as the content they generate,” the report concludes.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
