Microsoft has warned that cybercriminals are increasingly using artificial intelligence (AI) throughout the entire lifecycle of cyberattacks. According to a new Microsoft Threat Intelligence report, hackers are leveraging AI tools to speed up operations, expand malicious campaigns, and reduce the technical skills needed to carry out complex attacks.
The report states that attackers are using generative AI for various activities such as reconnaissance, phishing, infrastructure development, malware creation, and post-compromise operations.
FCRF Launches Flagship Certified Fraud Investigator (CFI) Program
AI Used for Phishing, Malware, and Data Analysis
Microsoft researchers say threat actors are primarily using large language models (LLMs) to generate text, code, and media that support cybercrime activities.
These AI tools are being used to:
- Draft convincing phishing emails
- Translate content into multiple languages
- Summarize stolen data
- Generate or debug malware code
- Build scripts and configure attack infrastructure
Microsoft said AI currently acts as a “force multiplier” that helps attackers move faster and with greater efficiency while humans remain in control of targeting and decision-making.
North Korean Hacker Groups Using AI
The report highlights several threat groups that are incorporating AI into their operations, including North Korean actors known as Jasper Sleet and Coral Sleet.
These groups use AI as part of remote IT worker schemes, where attackers attempt to infiltrate Western companies by posing as legitimate employees.
In such campaigns, AI helps generate realistic identities, resumes, and communication messages to secure employment and maintain access inside organizations.
For example, attackers may prompt AI systems to generate culturally appropriate names or email formats to match fake identities.
AI Assisting Malware Development
Microsoft researchers also found that cybercriminals are using AI coding tools to:
- Develop and refine malicious code
- Troubleshoot programming errors
- Convert malware components between programming languages
Some experiments even indicate the early development of AI-enabled malware capable of dynamically generating scripts or modifying behavior during execution.
Fake Websites and Infrastructure Creation
Another threat group, Coral Sleet, has reportedly used AI to quickly generate fake company websites, set up attack infrastructure, and troubleshoot deployments.
When AI platforms try to block malicious usage, attackers often attempt to bypass restrictions using “jailbreaking” techniques that trick AI models into producing harmful content.
Early Experiments With Autonomous AI
Microsoft also observed threat actors experimenting with agentic AI systems that can perform tasks autonomously and adjust their behavior based on results.
However, the company says AI is currently used mostly to assist decision-making, rather than to launch fully autonomous cyberattacks.
Growing Global Concern
Microsoft is not the only company noticing this trend. Google has also reported that hackers are abusing its Gemini AI across multiple stages of cyberattacks.
Meanwhile, Amazon researchers recently linked an AI-assisted campaign to a hacker who breached more than 600 FortiGate firewalls within five weeks.
FutureCrime Summit 2026: Registrations to Open Soon for India’s Biggest Cybercrime Conference
Security Advice for Organizations
Because many AI-assisted attacks exploit legitimate credentials or employee access, Microsoft advises organizations to treat these threats as insider-risk scenarios.
The company recommends:
- Monitoring unusual credential activity
- Strengthening identity systems against phishing
- Protecting AI systems that could become targets in future attacks
Cybersecurity experts say that while AI is improving productivity and innovation, it is also becoming a powerful tool for cybercriminals, making modern cyber defense more complex than ever before.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
