Report: Iran Uses Western AI for Cyberattacks

According to a report by the Financial Times, Iranian-linked operators used Western AI tools including ChatGPT, Gemini, and other models to develop malware, craft multilingual phishing messages, and create convincing fake personas aimed at targets in the United States and Israel. India Today, summarizing the Financial Times coverage, reports that operators engaged in conversations under those fake personas to build trust before sending malicious links or requests. Per the Financial Times, Google detected the state-linked Iranian group APT42 using Gemini in late February for research tasks, including studying methods related to American F-35 fighter jets. India Today reports the United Arab Emirates said in May it was facing more than more than half a million cyberattacks every day, some reportedly assisted by AI tools including OpenAI's ChatGPT.

Editorial analysis - technical context: Readily available large language models and related tooling lower the skill floor for producing convincing social-engineering content, accelerating the creation of phishing templates, bilingual messaging, and persona-consistent replies. Industry-pattern observations: Automated code generation and language-model assisted debugging can be repurposed by operators to prototype malware components more quickly, though integrating generated code into reliable, evasive payloads still requires operational expertise.

Industry context: Reporting by the Financial Times, as relayed by India Today, places these incidents in a broader trend where state-linked and criminal groups experiment with mainstream AI commercially available to refine cyber operations. The report notes that major technology companies continue to remove suspicious accounts and restrict misuse, yet new accounts and tactics keep emerging, per the Financial Times. For defenders, the combination of high-volume automated content generation and targeted bilingual social engineering increases the scale and credibility of campaigns.

For practitioners: monitor indicators of compromise tied to the named group APT42 and watch for phishing templates that show consistent stylistic patterns traceable to model-assisted generation. For security teams and platform operators: observe whether vendor-level detection (model-output watermarking, content-source signals) and account-creation defenses measurably reduce misuse over the next quarters. Observed patterns in similar incidents suggest attribution and mitigation become harder as adversaries blend human tradecraft with AI-assisted production.