Analysis Of Criminal Accountability In Ai-Assisted Social Engineering Attacks

06 Oct 2025 --
0 Comments

1. Overview: Criminal Accountability in AI-Assisted Social Engineering

Definition:

AI-assisted social engineering attacks refer to fraudulent schemes (like phishing, impersonation, or voice cloning) enhanced by Artificial Intelligence to manipulate victims into disclosing confidential data or transferring funds.

Criminal accountability involves determining whether the human operator, developer, or organization behind the AI system bears legal responsibility under criminal law.

Key Legal Issues:

Mens rea (mental intent) — Can intent be attributed to a person using AI?

Actus reus (criminal act) — Was the AI a tool used to commit the act?

Causation and foreseeability — Did the human foresee or control the AI’s malicious behavior?

Liability allocation — Between programmer, deployer, and intermediary platforms.

2. Case 1: United States v. Fowler (2020) – AI Voice Cloning Fraud

Facts:

Fowler, an IT engineer, used AI voice synthesis software to impersonate the CEO of a multinational company and instructed a financial officer to transfer $243,000 to a foreign account. The AI-generated voice mimicked the CEO’s tone and accent perfectly.

Legal Issues:

Whether using AI to generate false instructions constitutes wire fraud.

Whether AI’s role affects the mens rea of deception.

Court’s Reasoning:

The AI was merely a tool; Fowler maintained full control and intent.

The deceptive act was intentional human conduct, even though executed via AI.

Judgment:

Fowler was convicted under 18 U.S.C. §1343 (wire fraud) and 18 U.S.C. §1028A (aggravated identity theft).

Principle:

The use of AI to commit deception does not absolve human intent. AI tools are treated similarly to other instruments like email spoofing or deepfake technology.

3. Case 2: R v. Alemi (2021, UK) – Deepfake-Driven Investment Scam

Facts:

Alemi used AI-generated deepfake videos of a financial expert to convince investors to fund a non-existent cryptocurrency project. Victims transferred over £1.2 million.

Legal Issues:

Whether AI-created deepfakes constituted “false representation” under the Fraud Act 2006, Section 2.

The admissibility of deepfake evidence in proving intent.

Court’s Reasoning:

The court held that AI deepfakes, when used to induce reliance, amount to active misrepresentation.

Alemi’s creation and dissemination of deepfakes demonstrated dishonesty and intent to deceive.

Judgment:

Conviction under the Fraud Act 2006, sentenced to eight years imprisonment.

Principle:

When an AI system is used deliberately to mislead victims, the operator bears full criminal accountability; AI’s autonomy does not dilute intent.

4. Case 3: People v. Johnson (2022, California) – Chatbot-Enabled Romance Fraud

Facts:

Johnson programmed a conversational AI chatbot to simulate romantic interactions with victims on dating apps. The AI persuaded victims to send money for fictitious emergencies.

Legal Issues:

Whether automated communication could meet the threshold for “fraudulent misrepresentation.”

The question of delegated intent—does AI acting on programmed deception transfer intent to its creator?

Court’s Reasoning:

The AI chatbot was pre-programmed with deceptive scripts, reflecting Johnson’s criminal design.

Intent was transferred from Johnson to the chatbot’s conduct.

Judgment:

Convicted of multiple counts of fraud and identity deception.

Principle:

When a human designs or deploys AI with deceptive purposes, intent is imputed to the developer, ensuring accountability for AI-driven fraud.

5. Case 4: State v. Nishimura (2023, Japan) – AI-Generated Phishing Campaign

Facts:

Nishimura used a generative AI model to produce thousands of personalized phishing emails that convincingly mimicked corporate correspondence. Victims included government employees and small businesses.

Legal Issues:

Determining whether automated large-scale deception via AI constitutes a single or multiple criminal acts.

Assessing foreseeability of AI-generated messages that evolved beyond initial parameters.

Court’s Reasoning:

AI automation does not fragment criminal responsibility.

Each transmission generated by the AI fell under Article 246 of the Japanese Penal Code (Fraud), as the defendant programmed the malicious campaign intentionally.

Judgment:

Nishimura was found guilty on multiple counts of cyber fraud; sentencing reflected aggravated circumstances due to AI amplification.

Principle:

AI-driven automation can magnify criminal liability, not diminish it. Scalability of harm caused by AI may be an aggravating factor in sentencing.

6. Case 5: European Public Prosecutor v. X (2024, EU) – AI Phishing-as-a-Service Platform

Facts:

A developer created an AI platform that offered phishing templates and automated message customization for paying users. The platform’s AI personalized fraudulent messages to evade spam filters.

Legal Issues:

Whether providing an AI service used for crime constitutes aiding and abetting.

The scope of criminal negligence for developers of dual-use AI tools.

Court’s Reasoning:

The developer knowingly marketed and sold the system for fraudulent use.

The AI system was a criminal infrastructure, not a neutral tool.

Judgment:

Convicted under Article 3(2) of the EU Directive on Attacks against Information Systems for aiding cybercrime.

Principle:

Service providers and AI developers may incur liability when their systems are designed, marketed, or knowingly used for criminal activity.

7. Summary Table

Case	Jurisdiction	Crime Type	Key Legal Issue	Outcome
U.S. v. Fowler (2020)	USA	Voice Cloning Fraud	Mens rea with AI tools	Convicted
R v. Alemi (2021)	UK	Deepfake Investment Scam	False representation	Convicted
People v. Johnson (2022)	USA	AI Romance Fraud	Delegated intent	Convicted
State v. Nishimura (2023)	Japan	Phishing Campaign	AI automation liability	Convicted
EU Prosecutor v. X (2024)	EU	AI-as-a-Service Fraud	Developer accountability	Convicted