Existential risk scenarios relating to Generative Artificial Intelligence often involve advanced systems or agentic models breaking loose and using hacking tools to gain control over critical infrastructure. In this paper, we argue that the real threats posed by generative AI for cybercrime are rather different. We apply innovation theory and evolutionary economics - treating cybercrime as an ecosystem of small- and medium-scale tech start-ups, coining two novel terms that bound the upper and lower cases for disruption. At the high end, we propose the Stand-Alone Complex, in which cybercrime-gang-in-a-box solutions enable individual actors to largely automate existing cybercrime-as-a-service arrangements. At the low end, we suggest the phenomenon of Vibercrime, in which 'vibe coding' lowers the barrier to entry, but do not fundamentally reshape the economic structures of cybercrime. We analyse early empirical data from the cybercrime underground, and find the reality is prosaic - AI has some early adoption in existing large-scale, low-profit passive income schemes and trivial forms of fraud but there is little evidence so far on widespread disruption in cybercrime. This replaces existing means of code pasting, error checking, and cheatsheet consultation, for generic aspects of software development involved in cybercrime - and largely for already skilled actors, with low-skill actors finding little utility in vibe coding tools compared to pre-made scripts. The role of jailbroken LLMs (Dark AI) as instructors is also overstated, given the prominence of subculture and social learning in initiation - new users value the social connections and community identity involved in learning hacking and cybercrime skills as much as the knowledge itself. Our initial results, therefore, suggest that even bemoaning the rise of the Vibercriminal may be overstating the level of disruption to date.

翻译：摘要：关于生成式人工智能的生存风险场景往往涉及先进系统或智能体模型挣脱束缚，利用黑客工具获取关键基础设施控制权。本文认为，生成式AI对网络犯罪构成的真正威胁与此截然不同。我们运用创新理论与演化经济学视角——将网络犯罪视为中小型科技初创企业构成的生态系统，并创造两个新术语界定颠覆性变革的上下限。在高端场景中，我们提出"独立复合体"概念，即"网络犯罪团伙一体机"解决方案使个体行为者能够大规模自动化现有网络犯罪即服务模式。在低端场景中，我们提出"氛围犯罪"现象，即"氛围编码"降低了准入门槛，但并未根本重塑网络犯罪的经济结构。通过分析网络犯罪地下世界的早期实证数据，我们发现现实情况平淡无奇——AI在现有大规模、低利润的被动收入计划及琐碎欺诈形式中已有初步应用，但尚无证据表明网络犯罪领域出现广泛颠覆。这种应用主要取代了网络犯罪软件开发中通用的代码复制、错误检查及速查表咨询等环节——且主要服务于已具熟练技能的参与者，而低技能者发现"氛围编码"工具相较于预制脚本的实用价值有限。鉴于网络犯罪入门过程中亚文化与社会学习的显著作用，被破解的LLM（暗黑AI）作为指导者的角色亦被夸大——新用户对学习黑客与网络犯罪技能过程中涉及的社会联结与社群认同的重视程度不亚于知识本身。因此，我们的初步结果表明，即便将"氛围罪犯"的崛起视为可悲之事，也可能夸大了当前阶段的颠覆程度。