MIT AI Ransomware Study Shelved - Cyberslop Debate Unfolds

MIT AI ransomware study controversy highlights how inflated claims about artificial intelligence in cyberattacks can distort executive risk perceptions. A working paper from MIT Sloan and Safe Security asserted that more than 80 percent of ransomware incidents in 2024 involved AI, a statistic that rapidly propagated through blogs and mainstream media. Security researchers Kevin Beaumont and Marcus Hutchins scrutinized the methodology, arguing that the paper mislabeled almost every major ransomware group as AI-driven without presenting technical evidence. Critics noted glaring inaccuracies, including references to long-defunct threats such as Emotet as examples of AI-enabled operations. After sustained public critique, MIT Sloan withdrew the paper from its early research site, replacing the original content with a notice that an updated version is forthcoming. Beaumont coined the term "cyberslop" to describe research that uses baseless AI threat claims to generate attention and commercial advantage while eroding trust in genuine analysis. Commentators also highlighted potential conflicts of interest, with MIT authors serving on the board of the same company funding the research, raising governance and incentive concerns. For CISOs and boards, the episode is a reminder that sensational AI-driven threat narratives should be validated against independent technical intelligence before driving strategy or spend decisions.