Artificial intelligence in social engineering: a literature review through the lens of routine activity theory

Social engineering attacks have become more sophisticated with the emergence of artificial intelligence (AI), enabling cybercriminals to automate and scale their attacks. This paper examines the intersection of AI and Routine Activity Theory (RAT) to understand how AI-driven social engineering challenges traditional criminological frameworks. By analyzing AI-enhanced phishing, deepfakes, and automated interactions, the study explores how RAT’s core elements—motivated offenders, suitable targets, and the absence of capable guardians—apply to modern cyber threats. A comparative analysis of traditional and AI-enhanced attacks is conducted to evaluate the evolving dynamics of social engineering. The paper argues that RAT, while foundational, must evolve to address the complexities introduced by AI, and proposes adaptations to improve its applicability in the context of emerging cybercrimes. The findings suggest that interdisciplinary approaches combining AI, criminology, and cybersecurity are essential to developing effective prevention and mitigation strategies in the digital age.