Summaries
FBI 2025 Internet Crime Report — Record Losses and AI Crime as a New Category
The FBI's 2025 Internet Crime Report (IC3) documents record financial losses from cybercrime, with the first-ever breakout of AI-enabled crime — an estimated 22,000 AI-related complaints filed in 2025.
View on Graph
Summary
The FBI’s 2025 Internet Crime Report (IC3) — published in late May 2026 — documents another year of record-breaking cybercrime losses and introduces a significant new category: AI-powered crime. For the first time, the IC3 has broken out AI-related complaints separately, recording approximately 22,000 incidents in 2025.
The inclusion of an AI crime category is the most notable development in this year’s report. As one commenter observed: “The AI companies like to say that today’s AI is the worst AI you will ever use. What’s also true is that these are the lowest number of AI complaints we are ever going to see.” This underscores the expectation that AI-enabled crime will grow rapidly as AI tools become more accessible and sophisticated.
The report continues to track the traditional categories that drive the bulk of cybercrime losses: business email compromise (BEC), ransomware, tech support scams, investment fraud (particularly cryptocurrency schemes), and personal data breaches. The overall trend line remains upward, with both complaint volume and financial losses increasing year over year.
The IC3 report serves as a critical benchmark for the security industry, providing the most comprehensive publicly available data on the scale and nature of cybercrime affecting U.S. victims. It captures reports from both individual consumers and organizations, making it one of the few sources that spans the full victim spectrum.
Why It Matters
The debut of AI crime as a tracked IC3 category is a watershed moment for threat intelligence. It signals that the FBI and broader law enforcement community recognize AI-enabled crime as a structural shift, not a transient trend. For analysts, this creates a new data stream for tracking the intersection of AI and cybercrime. The implication is clear: AI is not just a defender tool or an adversary tool — it is a transformation of the threat landscape itself, and the IC3 data will enable tracking its evolution over time. The report also provides a useful benchmark for SOC metrics and risk assessments.
Defender Takeaways
- Review the full IC3 report for sector-specific loss data that can inform organizational risk assessments.
- Incorporate AI crime patterns into your threat intelligence program — this is a new and rapidly evolving category.
- Use the report’s data to benchmark your organization’s cybercrime exposure against national trends.
- Track how AI-enabled social engineering and phishing evolve in the coming year — the IC3 will provide longitudinal data.
- Reference the IC3 report in executive briefings to communicate the scale and trajectory of cybercrime risk.
Source
Title: FBI’s 2025 Internet Crime Report — Schneier on Security
URL: https://www.schneier.com/blog/archives/2026/05/fbis-2025-internet-crime-report.html
Related
- Threat Intelligence Fundamentals — detection and response for T1598 techniques
- Social Engineering — detection and response for T1566 techniques
- SANS 2026 CTI Survey — research and intelligence summary of sans cti survey 2026: from indicators to insights — how practitioners and executives use threat intelligence