Want to keep up with emerging trends, research, and community news? Subscribe to the M3AAWG blog and get notified whenever new content goes live.

A recurring theme at November's Anti-Phishing Working Group (APWG) eCrime 2025 event, where several M3AAWG members were present, was that the impact of automated abuse will hinge on an AI vs. AI battle. 

APWG brings together industry, academia, and the public policy community. The yearly eCrime event has proven to be an important opportunity for the industry to gather. It brings direct focus to the impacts of technology on the abuse ecosystem and allows the community to work towards solutions, preventative measures, and an overall understanding of the intersection of technology and abuse.

M3AAWG’s own Chief Information Security Officer and Public Policy Committee Co-Chair Dennis Dayman attended eCrime 2025 partly as a fact-finding mission to ensure that "good AI" is well-equipped to fight the "bad." Dennis noted that the impact of "good AI" depends heavily on the following:

• Highly informed abuse fighters with data emerging from academic research and peer-reviewed literature.
• Legislators who understand the consequences of new developments.
• M3AAWG resources, like Best Common Practices (BCPs), account for the constant change.

“AI can morph to avoid our security blocks. If an LLM used in abuse can nimbly automate features of web security analysis, then our own defense tools need to be able to fight back just as dynamically. We cannot do that without educating the industry on the possibilities and risks, and we cannot do that without academic research. We need research to both develop technology that provides solutions as well as recognize the limits and fail-safes necessary to avoid creating more abuse than solutions,” said Dennis.

M3AAWG Academic and Research Committee Chair and Expert Advisor Laurin Weissinger served as the General Chair for the organizing committee of APWG’s eCrime meeting, playing a key role in shaping the agenda of programming and working sessions. Because of Laurin’s insight into the work happening through APWG, M3AAWG, and beyond, he holds a unique position to ensure meetings include the topics the industry needs most.

“In addition to the important threat intelligence sharing taking place, like any M3AAWG meeting, APWG also provides a forum to roll up your sleeves on-site and start working on solutions in a hands-on way while you are there,” said Laurin.

A notable training session at APWG dove into the phenomenon of AI as a double-edged sword in the anti-abuse landscape. In a session entitled “How to Build Agentic Systems to Automate Web Security” by Mohamed Nabeel of Palo Alto Networks, attendees were treated to Mohamed sharing his code via GitHub so they could write AI agents on their own.

This type of open collaboration reflects the critical need for shared innovation as AI rapidly reshapes both offensive and defensive capabilities. Sessions like this underscore how critical it is for the global anti-abuse community to learn, experiment, and evolve together as AI-driven threats accelerate.

eCrime2025 was full of professors, post-doctorates, graduate students, and others studying digital crimes and phishing economics. As most recently observed in Charlotte at M3AAWG 65, infusing the academic research community into an anti-abuse meeting is critical in directly impacting industry practices and the advancement of technology.

“For the large contingent of our members who are not academic researchers, we rely on this academic-based research, and I am excited to learn and share with M3AAWG members what these universities have been coming up with,” said Dennis.

Join M3AAWG in San Diego for our 66th General Meeting

The effort to prevent the spread of automated abuse will roll on at M3AAWG’s 66th General Meeting, taking place February 16-19, 2026, in San Diego, California. If you are not yet a member and would like to contribute, we encourage you to explore membership opportunities ahead of the San Diego meeting.