An influential report from the MIT Sloan School of Management, which asserted that artificial intelligence significantly drives modern ransomware attacks, has been retracted following widespread criticism from cybersecurity experts. The original research, a collaboration with cybersecurity firm Safe Security, claimed that approximately 80% of ransomware incidents in 2024 involved AI techniques.
The study’s initial findings, published as a working paper and subsequently highlighted in a MIT Sloan blog post, attracted considerable media attention. However, security professionals quickly raised concerns regarding the report’s methodology and the substantiation of its claims. Critics pointed to the citation of outdated malware projects and questioned how the researchers definitively identified AI’s involvement in the analyzed attacks.
Prominent security researcher Kevin Beaumont was among the vocal critics, stating on social media that the report contained factual inaccuracies and resembled marketing efforts more than rigorous academic work. Other experts echoed these sentiments, emphasizing the potential damage such publications can inflict on the credibility of cybersecurity research. Even automated information checkers noted a lack of evidence supporting the report’s central statistics.
In response to the escalating criticism, MIT Sloan removed the working paper from its public-facing platforms. A revised version of the report is reportedly in development. The associated blog post has since been retitled to adopt a more neutral stance, emphasizing the general role of AI in cyber threats and the need for enhanced organizational resilience.
Michael Siegel, director of cybersecurity at MIT Sloan and a co-author of the paper, indicated that the revised study aims to address the feedback received. He reiterated that the original intent was to raise awareness about the increasing application of AI in cyberattacks and to encourage businesses to assess their defenses.
Lingering concerns also revolve around potential conflicts of interest, given that two MIT professors hold board positions at Safe Security, the firm that financed the research collaboration. Observers suggest this situation highlights the delicate balance between academic inquiry and commercial interests within the burgeoning AI and cybersecurity sectors.