Skip to Content
logologo
AI Incident Database
Open TwitterOpen RSS FeedOpen FacebookOpen LinkedInOpen GitHub
Open Menu
Discover
Submit
  • Welcome to the AIID
  • Discover Incidents
  • Spatial View
  • Table View
  • List view
  • Entities
  • Taxonomies
  • Submit Incident Reports
  • Submission Leaderboard
  • Blog
  • AI News Digest
  • Risk Checklists
  • Random Incident
  • Sign Up
Collapse
Discover
Submit
  • Welcome to the AIID
  • Discover Incidents
  • Spatial View
  • Table View
  • List view
  • Entities
  • Taxonomies
  • Submit Incident Reports
  • Submission Leaderboard
  • Blog
  • AI News Digest
  • Risk Checklists
  • Random Incident
  • Sign Up
Collapse

Incident 1055: FBI Reports AI Use by Threat Actors in Broader Cyber Context Including Infrastructure Intrusions

Description: FBI Deputy Assistant Director Cynthia Kaiser stated that adversarial actors, particularly those affiliated with China and organized cybercriminal groups, are increasingly integrating AI tools across the cyberattack lifecycle, with documented use cases reportedly including purported AI-generated spear phishing, business identity fabrication, internal network mapping, and deepfake-enabled fraud. The tools are allegedly already assisting intrusions targeting U.S. infrastructure.
Editor Notes: Reconstructing the reported timeline of events for this incident: (1) In late 2023, Chinese state-backed actor Volt Typhoon reportedly infected outdated routers to build a botnet and gained stealth access to U.S. critical infrastructure networks, including energy systems. (2) In 2024, Salt Typhoon compromised at least nine U.S. telecommunications and government networks and reportedly exploited over 1,000 Cisco devices. (3) In January 2025, Salt Typhoon continued its campaign with additional exploitation attempts targeting internet-facing infrastructure. (4) By early 2025, FBI analysts observed increasing integration of AI tools by Chinese actors and cybercriminals across the attack lifecycle, including for spear phishing, deepfakes, and internal network mapping. (5) On April 29th, 2025, FBI Deputy Assistant Director Cynthia Kaiser publicly characterized these developments at RSA Conference, warning that AI was enabling more efficient and scalable operations by adversaries, especially those linked to the Chinese government. Although Volt and Salt Typhoon were referenced in the same interview as the discussion of adversarial AI use, Kaiser did not appear to explicitly link these specific campaigns to the use of AI tools. Their inclusion in this record reflects contextual relevance, not confirmed technical association.

Tools

New ReportNew ReportNew ResponseNew ResponseDiscoverDiscoverView HistoryView History

Entities

View all entities
Alleged: Unknown generative AI developers developed an AI system deployed by Government of China and Chinese Communist Party, which harmed United States critical infrastructure , Private companies , Government agencies , Employees targeted by phishing and Employees targeted by deepfake impersonations.
Alleged implicated AI systems: Unknown large language models (LLMs) , Unknown deepfake technology , Unknown automated phishing tools and Content moderation systems

Incident Stats

Incident ID
1055
Report Count
1
Incident Date
2025-04-29
Editors
Daniel Atherton

Incident Reports

Reports Timeline

+1
China is using AI to sharpen every link in its attack chain, FBI warns
China is using AI to sharpen every link in its attack chain, FBI warns

China is using AI to sharpen every link in its attack chain, FBI warns

theregister.com

China is using AI to sharpen every link in its attack chain, FBI warns
theregister.com · 2025

The biggest threat to US critical infrastructure, according to FBI Deputy Assistant Director Cynthia Kaiser, can be summed up in one word: "China."

In an interview with The Register during RSA Conference, she said Chinese government-backed …

Variants

A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.

Similar Incidents

Selected by our editors

Alleged State-Sponsored Hackers Escalate Purported Phishing Attacks Using Artificial Intelligence

Feb 2024 · 6 reports
By textual similarity

Did our AI mess up? Flag the unrelated incidents

Wikipedia Vandalism Prevention Bot Loop

Wikipedia Vandalism Prevention Bot Loop

Feb 2017 · 6 reports
Game AI System Produces Imbalanced Game

Game AI System Produces Imbalanced Game

Jun 2016 · 11 reports
Deepfake Obama Introduction of Deepfakes

Deepfake Obama Introduction of Deepfakes

Jul 2017 · 29 reports
Previous IncidentNext Incident

Similar Incidents

Selected by our editors

Alleged State-Sponsored Hackers Escalate Purported Phishing Attacks Using Artificial Intelligence

Feb 2024 · 6 reports
By textual similarity

Did our AI mess up? Flag the unrelated incidents

Wikipedia Vandalism Prevention Bot Loop

Wikipedia Vandalism Prevention Bot Loop

Feb 2017 · 6 reports
Game AI System Produces Imbalanced Game

Game AI System Produces Imbalanced Game

Jun 2016 · 11 reports
Deepfake Obama Introduction of Deepfakes

Deepfake Obama Introduction of Deepfakes

Jul 2017 · 29 reports

Research

  • Defining an “AI Incident”
  • Defining an “AI Incident Response”
  • Database Roadmap
  • Related Work
  • Download Complete Database

Project and Community

  • About
  • Contact and Follow
  • Apps and Summaries
  • Editor’s Guide

Incidents

  • All Incidents in List Form
  • Flagged Incidents
  • Submission Queue
  • Classifications View
  • Taxonomies

2024 - AI Incident Database

  • Terms of use
  • Privacy Policy
  • Open twitterOpen githubOpen rssOpen facebookOpen linkedin
  • 86fe0f5