BETA RELEASE

AI as tradecraft: How threat actors operationalize AI

Primary report Microsoft
Published: 2026-03-06 Accessed: 2026-04-30
Original source ↗ Archived copy ↗

Summary

Analysis of how threat actors, including North Korean groups, use AI as a force multiplier for reconnaissance, social engineering, malware development, and post-compromise activity.

Key quotes

AI functions as a force multiplier that reduces technical friction and accelerates execution, while human operators retain control over objectives, targeting, and deployment decisions.

The report details specific AI-enabled tactics used by North Korean threat actors such as Jasper Sleet and Coral Sleet. It provides mitigation guidance and identifies emerging trends in agentic AI.