Microsoft Exposes How Hackers Use Generative Models as a Force Multiplier

The same AI technologies revolutionizing global productivity are now being “operationalized” by cyber adversaries to sharpen their tradecraft. A recent report from Microsoft Threat Intelligence reveals a growing trend of threat actors embedding AI into their daily workflows to increase the “speed, scale, and resilience” of their operations.

While enterprises use AI to gain efficiency, threat actors are adopting these technologies as operational enablers, treating language models as a “force multiplier” that reduces technical friction.

Microsoft’s observations indicate that most malicious AI use currently centers on language models for producing text, code, or media. By automating the “scaffolding” of an attack, hackers can focus on their ultimate objectives while AI handles the grunt work.

According to the report, “Threat actors use generative AI to draft phishing lures, translate content, summarize stolen data, generate or debug malware, and scaffold scripts or infrastructure.”

This shift is particularly evident in operations focused on revenue generation, where efficiency directly translates to the ability to maintain a persistent and large-scale presence within a victim’s network.

One of the most striking examples of this trend involves North Korean remote IT workers, tracked by Microsoft as Jasper Sleet and Coral Sleet. These actors leverage AI to sustain large-scale operations through:

• Identity Fabrication: Using AI to create more convincing fake personas.
• Social Engineering: Drafting highly polished and professional-sounding communications to trick targets.
• Operational Persistence: Managing the complex infrastructure required for long-term “legitimate” access.

As businesses rush to embed AI assistants into their core processes, they are inadvertently creating new attack surfaces. Researchers have observed “prompt injection techniques” designed to influence model behavior or induce unintended actions.

Perhaps more concerning is a newly emerging technique known as AI recommendation poisoning. While currently limited to marketing use cases, it involves the intentional “poisoning of AI assistant memory to bias future responses toward specific sources or products”.

Microsoft warns that this method represents a new class of threat: “While this activity has so far been limited to enterprise marketing use cases, it represents an emerging class of AI memory poisoning attacks that could be misused by threat actors to manipulate AI-driven decision-making, conduct influence operations, or erode trust in AI systems.”

Defenders must account for the fact that attackers are exploring “supply chain use of AI services,” looking for ways to exploit trusted plugins and downstream connections to gain indirect access to enterprise data.