The findings come at a time when enterprise AI adoption is accelerating. Microsoft’s Cyber Pulse Report, published on Feb 11, reveals that over 80% of Fortune 500 companies now run active AI agents built with low-code tools to automate business processes. As these systems scale across the organisation, cybersecurity teams are struggling to track where AI is deployed and what access it holds.
State-sponsored hackers from the Democratic People's Republic of Korea, Iran, the People's Republic of China, and Russia are experimenting with commercial artificial intelligence (AI) models to sharpen cyberattacks. This creates a new layer of risk as companies embed AI agents deeper into their daily operations.
In a Feb 12 report, the Google Threat Intelligence Group (GTIG) said it detected government-backed actors using its Gemini large language model in late 2025 to support reconnaissance, generate phishing lures and support malware development. Some threat groups even explored building agentic AI capabilities to support campaigns, including prompting Gemini with fabricated cybersecurity expert personas and attempting to create an AI-integrated code auditing capability.
