Hackers are increasingly using artificial intelligence (AI) to launch faster, smarter, and more scalable cyberattacks. A new report from Microsoft reveals that threat actors are now integrating generative AI tools at nearly every stage of the cyberattack lifecycle. From reconnaissance and phishing to malware development and post-compromise operations, AI is becoming a powerful tool for attackers.
According to the latest findings from Microsoft Threat Intelligence, cybercriminal groups are using AI to automate tasks, improve efficiency, and reduce the technical skills needed to conduct sophisticated attacks. While AI does not completely replace human hackers, it acts as a “force multiplier,” helping attackers execute operations faster and with greater precision.
The report highlights that generative AI tools are now widely used by threat actors to support different stages of cyberattacks. These tools help hackers perform activities such as writing phishing emails, translating malicious content into multiple languages, summarizing stolen data, and debugging malware code.
By using AI-powered language models, attackers can quickly generate convincing phishing messages and malicious scripts. This capability allows cybercriminals to scale their campaigns and target victims more effectively.
Microsoft researchers noted that most malicious AI usage currently focuses on text, code, and media generation. Attackers often rely on AI to create phishing lures, build scripts, and develop infrastructure for their operations. AI also helps them refine malware code and troubleshoot errors during development.
However, Microsoft emphasized that human operators still play a central role in cyberattacks. Hackers remain responsible for selecting targets, defining attack objectives, and deploying malicious tools. AI simply helps them work faster and more efficiently.
One of the most concerning findings in the report involves North Korean cyber groups that are using AI in employment scams. Microsoft tracked two threat actor groups known as Jasper Sleet and Coral Sleet that are leveraging generative AI to support fake remote IT worker operations.
In these schemes, attackers create convincing digital identities to gain employment at Western companies. Once hired, they use their legitimate access to steal data or conduct further malicious activity.
AI tools are used to generate realistic resumes, online profiles, and communications. For example, hackers may ask AI platforms to produce lists of culturally appropriate names or create email address formats that match a specific identity.
Threat actors also use AI to analyze job postings on professional platforms. The AI extracts required skills from job descriptions and helps attackers customize fake identities that match the requirements of those roles. This approach significantly increases their chances of getting hired.
Another major concern highlighted in the report is the use of AI in malware development. Attackers are using AI coding assistants to generate malicious code, refine malware, and fix programming errors.
These AI tools can also help convert malware into different programming languages, making it easier for hackers to adapt their tools for various systems and environments.
In some cases, researchers observed experimental malware that appears to use AI to dynamically generate scripts or change behavior while running. Although these capabilities are still evolving, they indicate how AI could be used to create more adaptive and evasive malware in the future.
The Coral Sleet group was also observed using AI to quickly generate fake company websites, set up infrastructure, and test malicious deployments.
AI platforms typically include safeguards to prevent malicious usage. However, cybercriminals are increasingly using techniques known as “jailbreaking” to bypass these restrictions.
By carefully crafting prompts, attackers can trick AI systems into generating harmful content such as phishing templates, malware code, or attack scripts. This tactic allows hackers to exploit AI systems despite built-in security controls.
Security researchers are also beginning to see threat actors experiment with “agentic AI,” which can perform tasks autonomously and adapt based on results. While fully autonomous cyberattacks are still rare, these early experiments suggest that AI-driven attacks could become more advanced in the future.
Microsoft warns that AI-powered employment scams and similar campaigns should be treated as insider threats. Because attackers often gain legitimate credentials through these schemes, traditional security defenses may not detect them immediately.
Organizations should focus on monitoring unusual login behavior, strengthening identity security, and improving defenses against phishing attacks. Companies must also secure their own AI systems, which could become targets for cybercriminals in future attacks.
The rise of AI-powered cybercrime is not limited to Microsoft’s observations. Other major tech companies have reported similar findings.
For example, researchers at Google recently warned that hackers are abusing the company’s Gemini AI platform at different stages of cyberattacks. Meanwhile, Amazon and the Cyber and Ramen security blog reported a campaign where attackers used multiple generative AI tools to compromise more than 600 FortiGate firewalls.
Artificial intelligence is rapidly changing the cybersecurity landscape. While AI offers powerful benefits for businesses and security teams, it is also being adopted by cybercriminals to enhance their attacks.
As threat actors continue to experiment with AI technologies, organizations must adapt their defenses to keep pace with evolving threats. Monitoring identity activity, strengthening authentication systems, and educating employees about phishing attacks will become even more critical in the age of AI-driven cybercrime.
Interesting Article : Coruna Spyware Framework Hits iPhones With 23 iOS Exploits