AP Cybersecurity Unit 1 Lesson 4 Exercise 1
Exercise 1: AI Attack Classification Lab
Classify AI-based attack techniques, analyze a phishing email log for adversarial patterns, and recommend defenses. The three skills tested most on the AP exam for Topic 1.4.
Below are four AI-assisted attacks Maple Street Veterinary Clinic’s staff encountered. For each one, identify the AI technique used and the psychological tactic the attacker deployed.
The clinic’s office manager, Sarah, received an email appearing to come from Dr. Martinez (the clinic owner). The email referenced a real patient case they had discussed that morning, Sarah’s exact role, and a pending vendor invoice. It requested she approve a $3,400 wire transfer to a new account. The sender’s email address had one letter different from Dr. Martinez’s real address.
AI technique used:
Psychological tactic:
A veterinary technician named Carlos received a phone call from what sounded exactly like his father, saying he was in a car accident, needed bail money immediately, and asked Carlos to wire $1,800 to an account. Carlos almost complied before calling his father’s cell phone directly and confirming his father was safe at home.
AI technique used:
What would have happened without out-of-band verification?
The clinic received 847 emails in one week from different sender addresses, all with slightly different subject lines, all promoting the same fraudulent medical supplier. Traditional keyword filters blocked the first 200; the remaining 647 had been automatically rewritten by an AI tool to avoid the specific phrases that triggered the filter.
Which AI capability enabled this attack to evade filters?
This is an example of:
A security researcher found that an AI tool scanning for SQL injection vulnerabilities could also be used by attackers to automatically scan Maple Street’s patient portal for weaknesses. The same tool the clinic uses for defense was used offensively to map attack surfaces.
What does this demonstrate about AI security tools?
Maple Street Veterinary Clinic has installed a basic email security system. Review the following email log from the past week and answer the questions.
| # | Date/Time | Sender Domain | Subject | AI Phishing Score | Action |
|---|---|---|---|---|---|
| 1 | 2026-03-10 08:22:14 | vetsupp1y.com | Your Order #8872 has shipped | 0.12 | Delivered |
| 2 | 2026-03-10 09:45:02 | paypa1.com | Urgent: Account access restricted | 0.94 | Quarantined |
| 3 | 2026-03-11 02:17:33 | dhl-delivery-notif.net | Package held: confirm address | 0.87 | Quarantined |
| 4 | 2026-03-11 14:02:18 | maple-street-vet.com | Re: Tuesday patient roster | 0.08 | Delivered |
| 5 | 2026-03-12 11:33:44 | vetsupply.com | Invoice #4421 - March order | 0.19 | Delivered |
| 6 | 2026-03-12 22:58:01 | accounts-payabIe-dept.net | Wire confirmation needed - Dr. Martinez | 0.61 | Delivered |
| 7 | 2026-03-13 08:14:55 | microsoft-secur1ty.com | Your account has been compromised | 0.96 | Quarantined |
| 8 | 2026-03-13 13:45:22 | gmail.com | Vet conference registration reminder | 0.09 | Delivered |
1. Which delivered email (not quarantined) is MOST suspicious and should be investigated immediately? Why? (2 pts)
2. The AI phishing filter scored email #6 at 0.61 but delivered it. What does this suggest about the attacker's technique? (2 pts)
3. What threshold change and additional control would best address the gap shown by email #6? (2 pts)
The clinic wants to defend against the AI-based attacks in this exercise. Recommend specific controls for each scenario.
Scenario 1 (Business Email Compromise): The clinic received a wire transfer request that appeared to come from Dr. Martinez. List TWO specific controls that would prevent this attack from succeeding. (2 pts)
Scenario 2 (Voice Cloning Defense): List the single MOST important protection against voice cloning scams, and explain why it works even when the voice sounds completely authentic. (2 pts)
Scenario 3 (AI Arms Race): The clinic's email filter blocked 200 AI-evading phishing emails but the attacker's AI kept rewriting them. Describe TWO approaches that would help the defense stay ahead. (2 pts)
For any AI-based attack on the AP exam: identify (1) what AI capability was used to make the attack more effective, (2) what defense would have stopped it, and (3) whether human oversight was part of the solution. Business Email Compromise with AI personalization = out-of-band verification. Voice cloning = verify via known contact number. Filter evasion = add human review layer + model retraining.
Get in Touch
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.
Prefer email? Reach me directly at [email protected]