Stand-Alone Complex or Vibercrime? Exploring the adoption and innovation of GenAI tools, coding assistants, and agents within cybercrime ecosystems

Abstract

Existential risk scenarios relating to Generative Artificial Intelligence often involve advanced systems or agentic models breaking loose and using hacking tools to gain control over critical infrastructure. In this paper, we argue that the real threats posed by generative AI for cybercrime are rather different. We apply innovation theory and evolutionary economics - treating cybercrime as an ecosystem of small- and medium-scale tech start-ups, coining two novel terms that bound the upper and lower cases for disruption. At the high end, we propose the Stand-Alone Complex, in which cybercrime-gang-in-a-box solutions enable individual actors to largely automate existing cybercrime-as-a-service arrangements. At the low end, we suggest the phenomenon of Vibercrime, in which 'vibe coding' chatbot assistants lower the barrier to entry, but do not fundamentally reshape the economic structures of cybercrime. We analyse early empirical data from a variety of large-scale digital sources from the cybercrime underground, and find that the reality is prosaic - AI is seeing some early adoption in existing large-scale, low-profit passive income schemes and trivial forms of fraud but there is little evidence that it is so far giving rise to widespread disruption in cybercrime. It is also not being widely used as a skill multiplier or innovative disruptor for cybercrime-specific coding domains (which already rely heavily on old, pre-made resources, scripts, and exploits). Instead, it is replacing existing means of code pasting, error checking, and cheatsheet consultation, mostly for generic aspects of software development involved in cybercrime - and largely for already skilled actors, with low-skill actors finding little utility in vibe coding tools compared to pre-made scripts. The role of jailbroken LLMs (Dark AI) as hacking instructors is also overstated, given the prominence of subculture and social learning in initiation - new users value the social connections and community identity involved in learning hacking and cybercrime skills as much as the knowledge itself. Our initial results, therefore, suggest that even bemoaning the rise of the Vibercriminal may be overstating the level of disruption to date.