North Korean state-sponsored hackers and other cybercriminal groups are using generative AI tools to automate malware coding and bypass security defenses [1, 2].
This shift represents a critical escalation in cyber warfare because it allows low-skill actors to execute complex attacks. By automating the creation of fake websites and improving phishing lures, these groups can increase the speed and scale of their operations [1, 2, 3].
Reports indicate that one AI-assisted North Korean hacking group stole $12 million [1]. This theft occurred over a period of three months [1]. The use of AI allows these actors to automate the coding of malware, which previously required a higher level of technical expertise [1, 2, 3].
Microsoft Threat Intelligence released a report in 2024 detailing how AI is now powering cyberattacks [2]. The tools are being leveraged to create more convincing phishing campaigns, and develop sophisticated code to evade detection by security software [2, 3].
These attackers target global entities to steal funds and cause systemic damage [1, 2]. The integration of generative AI effectively lowers the barrier to entry for cybercrime, enabling mediocre hackers to perform at the level of advanced threats [1, 3].
Security firms continue to monitor these patterns as the cost of developing malicious software drops. The ability to rapidly iterate malware using AI means that traditional signature-based defenses may become less effective over time [2, 3].
“AI tools are lowering the technical barrier for cybercrime.”
The democratization of sophisticated coding through generative AI shifts the cyber threat landscape from a battle of skill to a battle of scale. When state-sponsored actors can automate the most tedious parts of an attack—such as writing exploit code or crafting believable phishing emails—the volume of attacks will likely increase, forcing security firms to rely more heavily on AI-driven defense mechanisms to keep pace.
