Core Insights - The article highlights a significant surge in extreme, vulgar, and illegal content on the Kuaishou platform, driven by AI technology and underground black market operations, indicating a shift in the internet landscape in China [1] Group 1: Scale of Black and Gray Industry - The black and gray industry in China employs approximately 5.87 million people in 2023, with numbers expected to exceed 8 million by the end of 2025, comparable to the entire population of Switzerland [4][11] - The market size of the black and gray industry in the financial and internet sectors surpassed 280 billion yuan in the first quarter of 2025, representing a significant misallocation of social resources [12] Group 2: Technological Advancements - The black market has upgraded its operational capabilities to full AI integration, moving from reliance on manual operations and basic equipment to sophisticated AI tools [13] - AI-generated content has enabled the rapid production of thousands of unique illegal videos within minutes, designed to evade traditional content verification mechanisms [5][13] - The use of malware to hijack ordinary users' IP addresses has complicated platform defenses, with over 13.82 million risky IPs active in the first half of 2025, more than half of which were hijacked [6][14] - The black market has shifted from random attacks to targeted strikes, exploiting API vulnerabilities and controlling dormant accounts, with over 210,000 API attacks occurring monthly in early 2025 [7][15]

Core Viewpoint - The article discusses the evolution of black and gray market operations due to AI advancements, highlighting the challenges in internet security and risk management as AI becomes a significant player in these illicit activities [1]. Group 1: Black and Gray Market Operations - AI is reshaping the way black and gray markets operate, with predictions that over 50% of information encountered daily will come from AI in the next 5-10 years [1]. - The cost of black market equipment has significantly decreased, with devices like mechanical arms costing around 1,000 yuan and smartphones priced between 300 to 400 yuan [1]. - The underground economy primarily profits from two types of activities: fraud and rebate cheating, with fraudsters needing extensive social outreach to identify targets [1]. Group 2: Resources Supporting Black and Gray Markets - The foundation of these operations relies on three key resources: accounts, devices, and networks [2]. - Accounts are primarily obtained through "cat pools" and "card pools," with a single "cat pool" capable of connecting approximately 512 cards for various illicit activities [2]. - The emergence of cloud phones has transformed the landscape, allowing operators to rent devices at low costs instead of purchasing physical hardware [2]. Group 3: AI's Role in Fraud and Risk Management - Generative AI is being actively utilized by black and gray market operators to enhance their strategies, such as automating customer service interactions to exploit promotional offers [3]. - The concept of "prompt attack" has emerged, where simple keyword prompts can be used to extract benefits from e-commerce platforms [3]. - Companies are countering these threats by employing AI for deep behavioral analysis and creating "AI blue teams" to simulate attacks and improve defenses [3][4]. Group 4: Evolving Risk Management Processes - Traditional content review processes involving both machine and human audits are becoming inadequate due to rising costs and the volume of harmful content [3]. - The risk management workflow is transitioning to a model that incorporates AI machine audits, large model reviews, and expert decision-making to enhance risk assessment capabilities [4].

Group 1 - The report by Threat Hunter analyzes the trends of the internet black and gray industry in the first half of 2025, focusing on attack resources, technologies, and scenarios to provide reference for enterprise risk control [1][10] - Daily active risk IPs reached 13.82 million, a 15.02% increase compared to the previous period, with over 50% of attacks coming from "hijacked shared proxy" IPs [9][62] - The emergence of new "link code" methods for money laundering and a 28.6% increase in laundering bank cards were noted, with gambling-related cards accounting for 70.25% of the total [1][9] Group 2 - AI technology is being heavily misused, enabling minute-level face-swapping and 10-second voice cloning for fraud and authentication bypass [1][9] - Marketing fraud intelligence increased to 580 million entries, a 26% rise, with high risks in e-commerce and local life sectors [2][9] - Financial fraud incidents included 770,000 malicious loan-related entries, a 12% increase, while car loan fraud decreased by 10% and housing loan fraud surged by 63% [2][9] Group 3 - The report highlights the adaptability of the black industry, indicating that after being targeted, it quickly shifts to existing or emerging alternative channels [8][10] - API attacks exceeded 1.49 million times, with consumer finance being the primary target, utilizing methods such as account scanning and database collisions [2][9] - Data breaches reached 57,000 incidents, with e-commerce and finance being the focal points, and loan application information leaks increasing fourfold [2][9]