Description: FBI Deputy Assistant Director Cynthia Kaiser stated that adversarial actors, particularly those affiliated with China and organized cybercriminal groups, are increasingly integrating AI tools across the cyberattack lifecycle, with documented use cases reportedly including purported AI-generated spear phishing, business identity fabrication, internal network mapping, and deepfake-enabled fraud. The tools are allegedly already assisting intrusions targeting U.S. infrastructure.
Editor Notes: Reconstructing the reported timeline of events for this incident: (1) In late 2023, Chinese state-backed actor Volt Typhoon reportedly infected outdated routers to build a botnet and gained stealth access to U.S. critical infrastructure networks, including energy systems. (2) In 2024, Salt Typhoon compromised at least nine U.S. telecommunications and government networks and reportedly exploited over 1,000 Cisco devices. (3) In January 2025, Salt Typhoon continued its campaign with additional exploitation attempts targeting internet-facing infrastructure. (4) By early 2025, FBI analysts observed increasing integration of AI tools by Chinese actors and cybercriminals across the attack lifecycle, including for spear phishing, deepfakes, and internal network mapping. (5) On April 29th, 2025, FBI Deputy Assistant Director Cynthia Kaiser publicly characterized these developments at RSA Conference, warning that AI was enabling more efficient and scalable operations by adversaries, especially those linked to the Chinese government. Although Volt and Salt Typhoon were referenced in the same interview as the discussion of adversarial AI use, Kaiser did not appear to explicitly link these specific campaigns to the use of AI tools. Their inclusion in this record reflects contextual relevance, not confirmed technical association.
Entities
View all entitiesAlleged: Unknown generative AI developers developed an AI system deployed by Government of China and Chinese Communist Party, which harmed United States critical infrastructure , Private companies , Government agencies , Employees targeted by phishing and Employees targeted by deepfake impersonations.
Alleged implicated AI systems: Unknown large language models (LLMs) , Unknown deepfake technology , Unknown automated phishing tools and Content moderation systems
Incident Stats
Incident ID
1055
Report Count
1
Incident Date
2025-04-29
Editors
Daniel Atherton
Incident Reports
Reports Timeline
The biggest threat to US critical infrastructure, according to FBI Deputy Assistant Director Cynthia Kaiser, can be summed up in one word: "China."
In an interview with The Register during RSA Conference, she said Chinese government-backed …
Variants
A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.
Similar Incidents
Selected by our editors
Did our AI mess up? Flag the unrelated incidents
Wikipedia Vandalism Prevention Bot Loop
· 6 reports
Game AI System Produces Imbalanced Game
· 11 reports
Deepfake Obama Introduction of Deepfakes
· 29 reports
Similar Incidents
Selected by our editors
Did our AI mess up? Flag the unrelated incidents
Wikipedia Vandalism Prevention Bot Loop
· 6 reports
Game AI System Produces Imbalanced Game
· 11 reports
Deepfake Obama Introduction of Deepfakes
· 29 reports