If you’re an industrious, persistent, English-speaking bad actor with a documented expertise in AI and a penchant for wreaking havoc on business, government and infrastructure, please apply within.

Or so it goes on the dark web, where the “economy” is apparently booming and recruiters are pulling out all the stops to lure the best and brightest tech miscreants. In just seven months, the number of recruitment and self-promotion posts on cybercriminal forums like “Exploit” and “RAMP” has already reached last year’s number (which was already double the number recorded in 2023), according to research from Reliaquest.

I think it is fair to say that the recruiters on the dark web are going just as hard as those on legit job boards. And the qualifications they are seeking are pretty specific and not surprising. 

“Our adversaries work in campaigns, and they’re incentivized to build an ecosystem and marketplace of specialized service providers and technical services — they clearly share and collaborate without the overhead and legal hurdles that defensive security teams do,” says Trey Ford, chief strategy and trust officer at Bugcrowd.

Among the most in-demand skills is English-speaking social engineering, with job posts more than doubling from 2024 to 2025,” say the Reliaquest Threat Research Team, who analyzed hundreds of dark-web job postings from January 1, 2023, to July 31, 2025. 

They note that recruiters make up 87% of the postings, “indicating strong demand, likely fueled by the success of groups like Scattered Spider in leveraging this skill for initial access attacks.” 

While references to Scattered Spider “tend to garner a lot of attention, the real trendline to watch is the integration of AI into cyber adversaries’ toolsets to automate reconnaissance and create precision-targeted, customized attacks at scale,” says Dave Tyson, partner, intelligence operations, iCounter. 

After a dip in 2024, recruits skilled in compromising IoT have become a hot role again, with recruitment rebounding and on track by the end of 2025 to exceed activity in previous years. Not surprisingly, AI experts are in demand, as they have been since Q3 2024, to automate operations, which Reliaquest researchers say marks “a shift from using AI for isolated tasks — like leveraging LLMs to develop malware—to fully integrating AI into operational processes.”

It seems recruiters are finding “worthy” candidates who have already yielded results. For instance, “recruitment of ClickFix experts to distribute malware triggered a 200 percent spike in ClickFix activity between March and April 2025.” 

Taking the pulse of the dark-web job market can predict cybercrime’s future. “Understanding what skills attackers are recruiting for now can help organizations anticipate—and counter—their next moves,” the researchers said. 

Cloud exploitation clearly remains a top goal of those job seekers who traverse the dark web — the researchers say mentions of Azure and Entra quadrupled from 2023 to mid-2025.

And of course, AI will dominate the future, with an emphasis on recruits who have deepfake capabilities that let attackers impersonate employees for more effective social engineering attacks.

The researchers believe that once adversaries can remove language barriers in real time (currently a technical challenge), deepfakes will be an even greater threat. “Attackers could target organizations across multiple languages, significantly expanding their reach,” they said, noting that with “recruitment for English-speaking social engineers already at an all-time high, real-time deepfake technology offers an alternative to traditional methods.”

They expect an uptick in social engineering attacks as a result. “Without robust security measures, organizations face significant risk from these increasingly deceptive tactics, which are expected to emerge in the long-term future beyond 12 months,” they said. 

And successful attacks will continue to drive the dark web job market. “The increase in AI functionality to rapidly increase forged criminal content used in social engineering attacks is a direct linkage to both the success of the attacks and the need for more personnel,” Tyson says, because as bad guys rack up more wins by using AI, it drives higher staffing needs and higher compensation for threat actors. 

“Our adversaries work in campaigns, and they’re incentivized to build an ecosystem and marketplace of specialized service providers and technical services—they clearly share and collaborate without the overhead and legal hurdles that defensive security teams do,” says Trey Ford, chief strategy and trust officer at Bugcrowd.

Threat actors will be early adopters of tools like AI to streamline and find efficiency – this makes campaigns faster to set up, modify, adapt, and re-use over time.

Ford says it is more important than ever to aggressively monitor the new hire pipeline. “New accounts need to be closely monitored for baseline adoption, access and usage — identity proofing at new hire onboarding, and account access behaviors should be a focal point right now,” he says.

Experts expect a thriving dark economy in the months and years to come. Maybe the cybersecurity industry should start tracking jobs added each month, a la the U.S. government. And, who knows, perhaps recruits will start demanding more “job benefits.”