THREAT actors are increasingly operationalising AI across the cyberattack lifecycle to speed up tradecraft, using both standard model capabilities and jailbreaking techniques to bypass safeguards and carry out malicious activity, according to Microsoft Threat Intelligence.
The report notes that most AI-enabled misuse today centres on language models producing text, code, or media, with actors drafting phishing lures, translating content, summarising stolen data, and scaffolding scripts or infrastructure to boost scale and persistence. It highlights North Korean remote IT workers, such as Jasper Sleet and Coral Sleet, who leverage AI to enable sustained, large‑scale misuse of legitimate access through identity fabrication, social engineering, and long‑term persistence at low cost.
Emerging trends include early experimentation with agentic AI and AI-assisted malware that can adapt at runtime, potentially signalling a shift toward more autonomous threat actor workflows in the future. Mitigation guidance stresses adopting AI risk discovery, hardening against AI-enabled phishing, and leveraging tools such as the Security Dashboard for AI to monitor and govern AI usage across enterprises.