Vibe Crime

The short version

Traditional cybercrime is often tool-first: exploit, steal, extort. Vibe Crime is trust-first: it targets human verification habits, communication culture, and workflow shortcuts, then uses automation to keep the operation running continuously.

What changed

• From messages to workflows: the unit of attack is not one email. It is a loop of research, contact, follow-up, channel switching, and conversion.
• From “good enough” to “on-brand”: language, tone, and context become consistent, plausible, and adapted per target.
• From human scale to machine scale: experiments run 24/7. Replies and failures are treated as feedback for the next iteration.
• From single actor to agent teams: specialized agents can split roles: research, writing, voice, logistics, and recon.

Where defenders should shift focus

Because the attacker optimizes for trust cues, “spot the bad grammar” stops working. Defenders should shift from content judgment to process controls and verification design.

• Verification over vibe: approve sensitive actions via known channels, not via convincing tone.
• Control the last mile: payments, bank changes, password resets, and MFA changes must require friction and dual control.
• Instrument the workflow: watch for cross-channel pivots, unusual urgency patterns, and repeated micro-attempts.

Related reading

• Agentic AI basics
• Signals and patterns
• Defensive playbook

Sources

• Trend Micro: The next phase of cybercrime (agentic AI)
• Trend Micro research paper: VibeCrime (PDF)
• Microsoft Digital Defense Report 2025 (PDF)
• Anthropic: AI-orchestrated cyber espionage campaign (PDF)