$12 million. That's how much one North Korean hacking group stole in roughly three months - and they did it by leaning on AI tools to compensate for skills gaps that would have slowed them down before.
A Wired investigation into the group's operations found they used AI for tasks ranging from writing malware to building fake company websites used to impersonate legitimate businesses. The hackers reportedly used what researchers are calling "vibe coding" - prompting an AI to generate functional code without needing to understand how it works - to produce malicious software they likely couldn't have written from scratch.
The implication is straightforward: AI tools are lowering the technical bar for cybercrime. Groups that previously needed skilled programmers to write effective malware can now get serviceable code from a chatbot. That doesn't make every mediocre hacker into a sophisticated threat actor overnight, but it does mean moderately capable groups can operate at a speed that wasn't realistic two years ago.
Fake Companies Built in Hours
The fake website angle is the part worth sitting with. Building convincing fake company presences - professional-looking copy, realistic employee profiles, plausible service descriptions - used to require time and craft. AI-generated text and design tools collapse that timeline to hours. The North Korean group used these fake fronts to get close to targets, likely in cryptocurrency or financial sectors given the dollar figures involved.
This tracks with a pattern security researchers have been documenting for the past year: AI isn't making attacks harder to detect so much as making them cheaper and faster to attempt. When the cost of a phishing campaign or a fake vendor site drops close to zero, groups launch more of them. Volume compensates for lower individual quality.
The Verification Problem
For businesses and freelancers, the practical takeaway isn't to stop using AI coding tools - products like Cursor and its competitors are genuinely useful and the tools themselves don't discriminate between legitimate and malicious users. The takeaway is that a professional-looking website with articulate copy is no longer a reliable signal of legitimacy. It costs almost nothing to generate one now.
Verification processes need to catch up. Checking a vendor's website used to be a basic due diligence step. That check now tells you almost nothing about whether the company or contractor behind it is real. Business registration records, video calls, and verified professional history matter more than they did before - because the surface signals that used to filter out low-effort fraud have been automated away.