想象一家公司醒来后发现新闻报道称其遭受了重大数据泄露。细节具体、技术性强且极具说服力,但泄露并未发生。语言模型从零开始生成了整个故事,填充了看似合理的细节。在公司弄清楚真相之前,信誉良好的媒体已经采纳了该报道并请求置评。几小时内,公司就得动员通讯团队来应对这一虚构事件。
第二类事件始于真实背景。某公司多年前曾遭受过真实的泄露,当时已有广泛报道。事件早已解决结案,但当原始报道媒体重新设计网站、更新URL和时间戳后,搜索引擎将这些旧文章作为新内容重新索引。AI新闻聚合器捕获到信号并将其标记为正在发展的突发新闻,迫使公司不得不重新应对一个多年前已处理完毕的事件。由于可能造成的潜在损害,研究人员并未披露这些事件的完整细节,但已确认事件确实发生过。
第三类事件引入了新维度。某网络安全刊物报道了一起导致英国公司损失近十亿英镑的商业邮件诈骗。文中引用了一位知名安全研究人员的话,但现实中该研究人员并未接受采访。AI生成了引言并充满信心地将其归于他名下,刊物则将其作为事实发表。这三类案例共同揭示了一种大多数组织尚未准备好应对的威胁:AI已经发展出凭空捏造极具说服力的安全事件的能力,其具备的技术细节和虚构来源足以触发全面的危机响应。
A company wakes up to a news story claiming it has suffered a major data breach. The details are specific, technical and convincing. But the breach didn’t happen. No systems were compromised. No data was taken. A language model generated the entire story, filling in plausible details from scratch. And before the company can figure out what’s going on, a reporter at a reputable outlet picks up the story and requests comment. Within hours, the company is drafting statements and mobilizing its communications team to address a fictional event.
A second incident begins with something real. Years earlier, a company had suffered a genuine breach that received wide media coverage. The incident was investigated, resolved and closed. Then one of the outlets that originally reported on it redesigned its website. Old articles received new URLs and updated timestamps, and search engines re-indexed them as fresh content. AI-powered news aggregators picked up the signal and flagged it as a developing story. The company found itself fielding inquiries about an incident that had been resolved years before.
[Ed. note: The authors are withholding full specifics about the incidents because full disclosure could cause harm, yet CyberScoop confirmed with the authors that the incidents did in fact take place].
A third incident introduces yet another dimension. A cybersecurity publication ran a story about a business email compromise attack that cost a UK company close to a billion pounds. The article quoted a well-known security researcher, yet in reality, he had not spoken to the publication. AI generated the quotes, assigned them to him with full confidence, and the publication ran them as fact.
Together, these three cases expose a threat that most organizations have yet to prepare for. AI has developed the ability to fabricate convincing security incidents from nothing, complete with technical detail, named sources, and enough credibility to trigger full-scale crisis responses. Any organization that treats this as a distant or theoretical problem risks learning the hard way just how fast AI-generated fiction can become a real-world emergency.
The assumption that no longer holds
Cyber crisis response has always been built on a simple premise: something real happens, then you respond. That premise is breaking. AI systems now generate, amplify, and validate claims before security teams have confirmed anything. Once a narrative enters the ecosystem, it can be ingested into threat intelligence feeds, risk scoring platforms, and automated workflows. Fiction becomes signal.
For security teams, this creates a new class of false positive. Not a noisy alert from a misconfigured tool, but a fully formed external narrative that appears credible. A hallucinated breach can trigger internal investigations, executive escalation, and defensive actions. Time and resources get diverted toward disproving something that never happened.
Worse, it can influence real attacker behavior. Thr
