Microsoft's threat intelligence team published research on Friday showing that nation-state hacking groups, including North Korea's Coral Sleet, have moved past using AI to write phishing emails. They're now using AI agents to manage entire attack operations - scanning networks, spinning up infrastructure, and running command-and-control servers through plain-language instructions.
That's a meaningful shift. Writing a convincing phishing email is a parlor trick. Automating the boring, repetitive backend work of running a cyberattack campaign is something else entirely.
From Chatbot to Operations Manager
According to Microsoft, threat actors are using AI agents for three main jobs. First, reconnaissance: telling an agent to scan a compromised network and report back on everything it finds. Sherrod DeGrippo, Microsoft's GM of Global Threat Intelligence, described the approach as essentially telling an AI "go find out about XYZ, and come back to me with everything you've seen."
Second, infrastructure management. Setting up the servers, domains, and tooling needed to run an attack used to be tedious manual work. AI agents now handle deployment and configuration through natural language commands. North Korea's Coral Sleet group - the same operation behind fake IT worker scams where North Korean operatives pose as remote employees at Western companies - uses development platforms to rapidly build and test attack infrastructure.
Third, command-and-control operations. Instead of writing custom scripts to manage compromised machines, attackers can interact with their infrastructure through conversational AI interfaces.
AI-Generated Malware Still Has Tells
One useful finding for defenders: AI-generated malware code still looks different from human-written code. Microsoft says it carries identifiable "hallmarks" that distinguish it from traditionally crafted malware. That's a detection opportunity, though it probably has a shelf life as models improve.
The more concerning trend is malware that doesn't just get written by AI but actively calls AI functions and libraries during execution. That's harder to fingerprint and represents a more sophisticated integration than simple code generation.
The Real Problem Is the Skill Floor
DeGrippo summed up the core issue: "Threat actors will do what works, and they will do what gets them their objective easiest and fastest." The practical effect of AI agents in offensive operations isn't that elite hackers become more dangerous - they were already dangerous. It's that the minimum skill level needed to run a professional-grade attack campaign just dropped significantly.
A less-skilled criminal who previously couldn't manage complex infrastructure can now delegate that work to an AI agent. The attack surface isn't expanding because of new techniques. It's expanding because more people can now execute existing techniques competently.
For anyone running security at an organization, the takeaway is concrete: the volume of competent attacks is going up, not just the volume of attempts. Defenses calibrated for script kiddies making obvious mistakes need to account for AI-assisted operators who get the details right on the first try.