2026-04-25 –, Track 2
Breaking news creates perfect crime scenes. Natural disasters. Political scandals. Economic shocks. When headlines explode, AI-powered scammers weaponize the chaos at machine speed, spinning up phishing sites, fake donation pages, and impersonation campaigns before defenders can react.
This talk reveals how threat actors exploit news cycles with AI and how predictive intelligence beats them to the punch. By mapping behavioral patterns across internet infrastructure, we identify scam infrastructure during preparation, not activation, anticipating attacks by days or weeks.
Internet-scale behavioral predictive AI then disrupts this malicious infrastructure before activation, enabling preemptive blocking and takedowns. Attacks get neutralized before victims exist, dramatically increasing criminal costs and slashing their ROI.
NEWS CYCLES AS CRIMINAL OPPORTUNITY WINDOWS
When breaking news hits, AI-powered scammers move faster than defenders. Natural disasters, political scandals, celebrity deaths: threat actors weaponize headlines within hours, spinning up phishing sites, fake donation pages, and impersonation campaigns before security teams can react.
CASE STUDIES: NEWWORTHY EVENTS AND UNCOVERED THREATS
This session walks through examples where predictive intelligence caught scam infrastructure:
2025 Los Angeles Wildfires
- Threats uncovered: 47 domains mimicking Red Cross/GoFundMe, registered hours after fire news
- Predictive signals: Bulk registration + anomalous WHOIS + payment processor prep
- Outcome: Domains suspended before donation appeals launched
2025 Texas Floods
- Threats uncovered: 23 fraudulent relief sites + 8 FEMA fakes
- Predictive signals: Rapid server spin-up with phishing kit fingerprints
- Outcome: Hosting terminated 36 hours pre-launch
Trump/Musk Feud Escalation
- Threats uncovered: 15 fake news/investment scams + 6 credential harvesters
- Predictive signals: Network movements matching scam workflows
- Outcome: DNS blocking prevented 90%+ traffic pre-campaign
Election Night 2024
- Threats uncovered: 31 campaign impersonation domains + fake voter portals
- Predictive signals: Typosquatting + C2 setup patterns
- Outcome: Registrar takedowns during registration window
THE PREDICTIVE DETECTION MECHANICS
These cases reveal behavioral patterns across internet infrastructure:
- Domain acquisition spikes with scam characteristics
- Hosting setup matching phishing/credential theft workflows
- Network propagation anomalies signaling intent
- Content staging before public activation
OPERATIONALIZING THE INTELLIGENCE
- API feeds into SIEM/firewalls/DNS for automated blocking
- Registrar/hosting partnerships for preemptive takedowns
- Global DNS disruption isolating infrastructure
ACCELERATED TAKEDOWNS DURING CRISIS
Crisis response frameworks:
- Tips for filling out templates
- Escalation paths w/ hosting providers
- DNS block coordination w/ public resolvers
TAKEAWAYS FOR DEFENDERS
Attendees leave with concrete tools they can use:
1. Recognition patterns for AI-driven scam infrastructure preparation
2. Case studies of AI-powered attacks that made news spreading misinformation
3. How predictive AI speeds up maliciousness recognition before weaponization
4. Integration tactics for existing security stacks
5. Crisis takedown acceleration tips/frameworks
Andre Piazza is a cybersecurity strategist with over two decades of experience translating complex technical trends into practical strategies. He specializes in predictive security frameworks, fraud prevention, and industry analyst relations. His background spans product strategy, engineering, and market influence, including pioneering 5 cybersecurity categories. Andre regularly speaks at industry events on cybersecurity strategy to grow awareness and build a more resilient security community.