Microsoft says cybercriminals are increasingly using artificial intelligence to make their attacks faster, more efficient, and easier to carry out.
A new report from Microsoft Threat Intelligence shows that attackers are using generative AI tools during many stages of cyberattacks, including research, phishing, infrastructure setup, malware development, and activities after gaining access to systems.
According to the report, many threat actors are using AI tools to write phishing emails, translate messages, summarize stolen information, debug malicious software, and help with coding or infrastructure configuration. Microsoft says that most malicious use of AI today focuses on language models that can produce text, code, or media.
The company explained that generative AI is being used to create convincing phishing messages, translate communication into different languages, summarize stolen data, generate malware code, and help attackers build scripts or technical infrastructure. Microsoft warns that AI acts as a powerful tool that reduces technical barriers and speeds up cyberattacks, even though human operators still control the overall goals and targeting decisions.
Microsoft has already observed several hacking groups using AI in their operations. This includes North Korean threat actors known as Jasper Sleet and Coral Sleet, who are using AI in remote IT worker scams. In these schemes, attackers create fake identities to get hired by Western companies and gain long-term access to corporate systems.
AI tools help these attackers create realistic profiles, resumes, and communication styles. For example, attackers can ask AI tools to generate lists of culturally appropriate names or create email address formats that match specific identities. These details help make the fake profiles look more convincing.
The report also explains that Jasper Sleet uses AI to analyze job postings for software and IT roles. The AI extracts required skills from job listings, which helps attackers customize fake identities so they appear qualified for those positions.
AI is also helping attackers develop malware and technical infrastructure. Some threat actors use AI coding assistants to generate malicious code, fix programming errors, or convert malware into different programming languages. In some experiments, researchers even observed early signs of malware that may dynamically generate scripts or modify its behavior during execution.
Another group called Coral Sleet has used AI tools to quickly create fake company websites, build online infrastructure, and test their attack setups.
When AI systems try to block these types of requests, attackers sometimes use jailbreaking techniques to trick AI tools into producing malicious content or code.
Researchers are also seeing early experiments with agentic AI systems that can perform tasks more autonomously and adapt based on results. However, Microsoft says AI is currently used mainly to support decision-making rather than fully automated cyberattacks.
Because many of these campaigns rely on gaining legitimate access to company systems, Microsoft advises organizations to treat them as insider threats. Security teams should focus on detecting unusual login activity, strengthening identity protection systems, preventing phishing attacks, and protecting AI systems that could become targets in the future.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Microsoft is not the only company raising concerns. Google recently reported that hackers are using its Gemini AI system throughout different stages of cyberattacks. Amazon and security researchers have also identified campaigns where attackers used multiple AI tools in operations that compromised more than 600 FortiGate firewalls.
