Microsoft reports threat actors increasingly leverage generative AI across the attack lifecycle to accelerate reconnaissance, phishing, infrastructure provisioning, malware development, and post-compromise activities. Notable groups such as Jasper Sleet and Coral Sleet use AI to create realistic fake identities, automate deployments, and bypass safeguards, prompting advice to harden identity systems and monitor abnormal credential use. #JasperSleet #CoralSleet
Keypoints
- Attackers are using generative AI across all stages of cyberattacks to speed and scale operations.
- Jasper Sleet and Coral Sleet exploit AI to build realistic fake identities and execute remote IT worker schemes.
- AI assists with drafting phishing, translating and summarizing stolen data, and generating or debugging malicious code.
- Threat actors use jailbreaking to evade AI safeguards and are experimenting with agentic AI, though humans still control objectives.
- Defenders should treat such campaigns as insider risks, harden identity systems, detect abnormal credential use, and secure AI assets.