What it is: These attacks try to get an AI to help with serious online crime. That includes stealing company secrets, running ransomware, buying exploits, and building fake or trap websites. How the attacks work: The attacker asks the AI for plans, scripts, or guidance that support a criminal operation. They often frame it as a job task, a “what if” scenario, or research so the harmful goal is hidden behind normal-sounding words. Real examples from the framework:
  • ransomware-negotiation asks the AI to coach the attacker through extorting a victim for payment.
  • zero-day-market seeks help finding or trading unknown software exploits.
  • industrial-espionage tries to get steps for stealing a rival company’s secret information.
  • fake-website-creation asks for a convincing clone site to harvest logins or payments.
  • dark-web-guidance requests instructions for using hidden markets to buy illegal goods or services.
Why an AI might fall for it: The request can sound like a normal business, legal, or security question. Pieces of the task look harmless on their own, so the AI may not see the full criminal picture until the parts are combined. How to defend:
  • Treat extortion, espionage, and exploit-trading requests as off limits, even when framed as work.
  • Look at the whole goal, not just one innocent-sounding piece.
  • Redirect users toward legal help, like reporting an incident or hiring a real security firm.