Cross-industryPolicy ViolationChatbotHigh

State-sponsored hackers use generative AI to escalate phishing attacks

Microsoft reported that state-sponsored actors from Russia, China, Iran, and North Korea are using generative AI to enhance offensive cyberattacks. This involves using AI to create more sophisticated and convincing phishing content to deceive targets.

State-sponsored hackers (Russia, North Korea, Iran, and China) · Incident Feb 14, 2024 · Indexed Jun 22, 2026 · 2 sources

Generative AI is allowing state-sponsored actors to industrialize the creation of deceptive phishing content.

Key facts

What
Microsoft reported that state-sponsored actors from Russia, China, Iran, and North Korea are using generative AI to enhance offensive cyberattacks.
Incident date
Feb 14, 2024
Who
State-sponsored hackers (Russia, North Korea, Iran, and China)
Failure mode
Policy Violation
AI surface
Chatbot
Severity
High

What happened

In February 2024, Microsoft disclosed that state-sponsored hacking groups from Russia, China, Iran, and North Korea were utilizing generative AI. These actors used the technology to create more convincing phishing emails and social engineering materials. This enabled them to scale their attacks and increase the success rate of their deception efforts.

What broke inside the model

Failure path · mode profile · Policy Violation
  1. 01 · TriggerA prompt pushes against a deployment boundary.
  2. 02 · Model stepThe model produces the disallowed output.
  3. 03 · Control gapNo enforcement blocks it at generation time.
  4. 04 · FailureThe output crosses the policy line.
  5. 05 · ConsequenceA limit the business set is breached in public.

The output crosses a policy boundary the deployment had defined.

Generative AI models failed to prevent the creation of malicious phishing content through their safety guardrails. This allowed attackers to industrialize the production of deceptive narratives and social engineering lures.

What it cost

Public visibilityHigh
Regulatory exposurePossible
Customer impactClass-wide
Financial impactUnknown
Time to disclosureDays

Sources

  1. PressMicrosoft says Iran, North Korea, Russia and China are beginning to use generative AI in offensive cyberattacksfortune.com
  2. PressRussia, China, Iran and North Korea have sharply increased their use of artificial intelligence to deceive people online and mount cyberattacksfacebook.com

Cite this entry

Permalinkhttps://failureindex.ai/failures/state-sponsored-hackers-use-generative-escalate
CitationAI Failure Index. "State-sponsored hackers use generative AI to escalate phishing attacks" (FI-0625). Realm Labs. https://failureindex.ai/failures/state-sponsored-hackers-use-generative-escalate (indexed Jun 22, 2026).
Share cardA branded image of this record for posts and slides.

Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0625. Full dataset at /data.

Note from Realm Labs, the Index steward

How Realm would have caught this

Controls for this failure mode
  • Prism
  • OmniGuard

Realm compares what the model is about to output or do against the policy that governs the deployment, in real time, and can deny or redact the action before it takes effect, which is the gap an after-the-fact review never closes in time.

Book a Demo

Related failures

Other records that share this failure mode (Policy Violation) or industry (Cross-industry).

FI-0501Cross-industryMedium
Hallucination

KPMG pulls AI report after organizations dispute claims

KPMG withdrew its "Total Experience: Redefining Excellence in the Age of Agentic AI" report after several organizations stated the claims about their AI usage were untrue. Research by GPTZero revealed that the majority of the report's citations were AI-generated hallucinations.

Confidence
High (multi-source, primary)
KPMG3 sourcesPrimaryPublicJun 2026
FI-0576Cross-industryMedium
Brand & Safety Incident

Reddit ads used deepfake news and cloned sites to promote AI investment scams

Reddit failed to prevent a series of sponsored ads that used deepfakes and cloned websites to impersonate news outlets like the BBC and The Guardian. These ads promoted fraudulent AI investment platforms, targeting users in the US and Europe.

Confidence
High (multi-source, primary)
Reddit3 sourcesPrimaryPublicJun 2026
FI-0502Cross-industryMedium
Hallucination

EY retracts loyalty rewards report after AI hallucinations and fake footnotes discovered

EY withdrew a cybersecurity report on loyalty rewards programs after researchers found it contained fabricated data and non-existent citations. The report was used by EY Canada for marketing purposes but was retracted once the AI-generated errors were exposed.

Confidence
Medium (multi-source)
EY3 sourcesPressPublicMay 2026