A recent report from Microsoft reveals a dramatic surge in the use of artificial intelligence by foreign adversaries, specifically Russia, China, Iran, and North Korea, to execute online deception and cyberattacks against the United States. In July, Microsoft identified over 200 instances of these foreign actors employing AI to generate fake online content, a figure that more than doubled from July 2024 and exceeded ten times the number observed in 2023. These findings, detailed in Microsoft’s annual digital threats report, underscore the evolving and innovative strategies adversaries are adopting to weaponize the internet for espionage and disinformation campaigns.

America’s adversaries, alongside criminal gangs and hacking entities, have extensively exploited AI’s capabilities. This exploitation includes automating and enhancing cyberattacks, disseminating inflammatory disinformation, and breaching sensitive systems. AI’s utility ranges from translating poorly constructed phishing emails into fluent English to creating sophisticated digital clones of high-ranking government officials. Government-sponsored cyber operations typically aim to acquire classified intelligence, destabilize supply chains, disrupt vital public services, or propagate disinformation. Conversely, cybercriminals are motivated by financial gain, engaging in activities such as stealing corporate secrets or deploying ransomware to extort payments. These criminal organizations are responsible for the vast majority of global cyberattacks and, in certain instances, have forged partnerships with nations like Russia.

According to Amy Hogan-Burney, Microsoft’s vice president for customer security and trust, who oversaw the report, attackers are increasingly leveraging AI to target governments, businesses, and critical infrastructure such as hospitals and transportation networks. Concurrently, many U.S. companies and organizations are operating with outdated cybersecurity defenses, even as their digital networks expand. Hogan-Burney stressed the critical need for robust cybersecurity investments, stating, “We see this as a pivotal moment where innovation is going so fast. This is the year when you absolutely must invest in your cybersecurity basics.”

The United States remains the primary target for cyberattacks, with both criminal syndicates and foreign adversaries targeting its companies, governments, and organizations more than any other nation. Israel and Ukraine rank as the second and third most popular targets, respectively, indicating how ongoing military conflicts involving these countries have extended into the digital domain. While Russia, China, and Iran have denied engaging in cyber operations for espionage, disruption, and disinformation, China, for example, accuses the U.S. of attempting to “smear” Beijing while conducting its own cyberattacks.

North Korea has developed a particularly innovative scheme, utilizing AI personas to craft convincing American identities. These fake identities are then used to apply for remote tech jobs, allowing North Korea’s authoritarian government to siphon off salaries while the embedded hackers exploit their access to steal sensitive secrets or install malware. Nicole Jiang, CEO of Fable, a San Francisco-based security firm that employs AI to detect fraudulent employees, warns that this type of sophisticated digital threat will increasingly challenge American organizations. Jiang also highlighted the dual nature of AI, recognizing it as not only a tool for attackers but also a crucial defense against digital threats. She encapsulated the ongoing struggle, stating, “Cyber is a cat-and-mouse game. Access, data, information, money: That’s what they’re after.”