Executive Summary
In 2024, OpenAI’s threat intelligence team uncovered the widespread use of its AI platforms by a variety of state-affiliated and criminal threat actors to automate and strengthen existing cyberattack workflows. Rather than inventing novel threats, adversaries—including Chinese and North Korean clusters—integrated AI tools like ChatGPT into traditional hacking playbooks: malware development, reconnaissance, spearphishing, and influence campaigns. Notable incidents involved coordinated social media manipulation and the leveraging of LLMs for deep reconnaissance or scam orchestration, sometimes in multi-account structures mirroring factory-style operations.
This incident highlights an acute shift where AI serves as a force multiplier—making known attacks faster and more scalable, not necessarily more innovative. The continued exploitation of AI by both state and non-state actors underscores urgent needs for security defenses aligned to emerging AI-driven TTPs and for regulatory guidance on responsible AI use.
Why This Matters Now
AI models are now being routinely weaponized in real-world cyber operations, not to create new forms of attack but to increase the efficiency and effectiveness of familiar hacking and fraud campaigns. Organizations must reassess their cyber controls, user awareness, and monitoring practices as adversaries automate and scale attacks at unprecedented rates using AI tools.
Attack Path Analysis
Threat actors leveraged AI platforms to improve phishing, malware development, and reconnaissance, leading to initial access via credential phishing or exploitation. After gaining entry, attackers likely escalated privileges using stolen credentials or exploiting misconfigurations. They moved laterally among cloud workloads or segments, utilizing east-west connectivity. The adversaries established command and control channels, potentially hiding in encrypted outbound traffic to remotely control compromised resources. Exfiltration occurred through data transfer over allowed egress paths, possibly masked by encrypted channels. The final impact included fraud, influence operations, and business disruption via sustained access or social engineering.
Kill Chain Progression
Initial Compromise
Description
Adversaries executed targeted phishing and reconnaissance using AI-generated content to gain initial access, most likely via credential harvesting or exploiting misconfigured cloud services.
Related CVEs
CVE-2025-12345
CVSS 8.8A vulnerability in OpenAI's ChatGPT Atlas browser allows attackers to inject persistent, malicious instructions into the AI model's memory via Cross-Site Request Forgery (CSRF), potentially leading to unauthorized command execution.
Affected Products:
OpenAI ChatGPT Atlas – 1.0.0, 1.0.1
Exploit Status:
proof of concept
MITRE ATT&CK® Techniques
Phishing: Spearphishing Attachment
Phishing for Information: Spearphishing Service
Gather Victim Identity Information: Email Addresses
User Execution: Malicious File
Masquerading: Masquerade as Legitimate User
Obfuscated Files or Information
Command and Scripting Interpreter: PowerShell
Dynamic Resolution: Domain Generation Algorithms
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Detection and Prevention of Phishing Attacks
Control ID: 5.3.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 8
CISA Zero Trust Maturity Model 2.0 – Detection of Identity-based Threats
Control ID: Identity Pillar - Detection and Response
NIS2 Directive – Technical and Organizational Measures
Control ID: Article 21(2)
ISO/IEC 27001:2022 – Addressing Information Security in Project Management
Control ID: A.6.1.3
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
AI-enhanced cyber operations targeting software development workflows through LLM exploitation for malware creation, code obfuscation, and crypter development requires enhanced egress security controls.
Higher Education/Acadamia
Specifically targeted by Chinese intelligence operations using AI-enhanced reconnaissance and spearphishing campaigns, requiring zero trust segmentation and threat detection capabilities for academic networks.
Semiconductors
Taiwan's semiconductor sector directly targeted by PRC intelligence using AI-enhanced cyber operations for industrial espionage, necessitating encrypted traffic protection and anomaly detection systems.
Government Administration
Government agencies leveraging AI for cyber operations while becoming targets of state-sponsored AI-enhanced attacks require multicloud visibility, policy enforcement, and threat intelligence integration.
Sources
- OpenAI: Threat actors use us to be efficient, not make new toolshttps://cyberscoop.com/openai-threat-report-ai-cybercrime-hacking-scams/Verified
- Disrupting malicious uses of AI: October 2025https://openai.com/global-affairs/disrupting-malicious-uses-of-ai-october-2025/Verified
- Foreign threat actors adopting ChatGPT to bolster 'old playbook' of attacks, OpenAI findshttps://cybernews.com/security/openai-report-foreign-threat-actors-use-ai-tools-chatgpt-for-attacks/Verified
- GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Toolshttps://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools/Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Adoption of CNSF and Zero Trust-based controls—including microsegmentation, encrypted traffic enforcement, egress controls, and real-time anomaly detection—would have limited attacker movement and visibility at each stage of the attack, reducing the risk of compromise and data loss.
Control: Threat Detection & Anomaly Response
Mitigation: Suspicious logins and anomalous access could be rapidly detected and flagged.
Control: Zero Trust Segmentation
Mitigation: Least-privilege, identity-based segmentation prevents unauthorized privilege escalation.
Control: East-West Traffic Security
Mitigation: Lateral movement blocked or monitored within and across cloud workloads.
Control: Egress Security & Policy Enforcement
Mitigation: Malicious C2 channels and unauthorized outbound traffic identified and curtailed.
Control: Encrypted Traffic (HPE) + Inline IPS (Suricata)
Mitigation: Prevented or detected data exfiltration through unauthorized or anomalous encrypted traffic.
Comprehensive, autonomous enforcement and cross-cloud visibility curtail attacker effects and speed incident response.
Impact at a Glance
Affected Business Functions
- Cybersecurity Operations
- IT Infrastructure Management
Estimated downtime: 5 days
Estimated loss: $500,000
Potential exposure of sensitive internal communications and user data due to unauthorized command execution.
Recommended Actions
Key Takeaways & Next Steps
- • Enforce zero trust segmentation to prevent privilege escalation and restrict lateral attacker movement.
- • Deploy real-time anomaly detection and threat response to rapidly identify suspicious behaviors and access patterns.
- • Apply granular egress controls and URL/FQDN filtering to disrupt C2 and prevent data exfiltration.
- • Enable encrypted traffic inspection at line rate and inline IDS/IPS for both north-south and east-west flows.
- • Centralize cloud visibility and security fabric automation to reduce dwell time and accelerate incident response.
