National security and intelligence stakeholders
Incidents Harmed By
Incident 111841 Report
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers
2021-01-01
North Korean operatives have reportedly used AI-generated identities to secure remote jobs or impersonate employers in order to infiltrate companies. These tactics allegedly support sanctions evasion through wage theft, credential exfiltration, and malware deployment. Workers reportedly use fake resumes, VPNs, and face-altering tools; some deploy malware like OtterCookie after embedding, while others lure targets via spoofed job interviews. AI systems are reportedly used to generate fake resumes, alter profile photos, and assist in real-time responses during video interviews.
MoreIncident 106933 Report
Purported Graphite Spyware Linked to Paragon Solutions Allegedly Deployed Against Journalists and Civil Society Workers
2025-01-31
Researchers at Citizen Lab and Censys reportedly identified spyware infections involving Graphite, a tool attributed to Israeli firm Paragon Solutions. The spyware was allegedly deployed against civil society actors, including journalists and aid workers, through a zero-click WhatsApp exploit. WhatsApp notified over 90 targeted individuals. Evidence reportedly suggests deployments in multiple democratic countries.
MoreIncident 126333 Report
Chinese State-Linked Operator (GTG-1002) Reportedly Uses Claude Code for Autonomous Cyber Espionage
2025-11-13
Anthropic reportedly identified a cyber espionage campaign in which a purported Chinese state-linked group, designated GTG-1002 by Anthropic, allegedly jailbroke Claude Code and used it to automate 80–90% of multi-stage intrusions. The AI reportedly independently performed reconnaissance, vulnerability discovery, exploitation, credential harvesting, and data extraction across roughly 30 targets before the activity was detected and blocked.
MoreIncident 96827 Report
'Pravda' Network, Successor to 'Portal Kombat,' Allegedly Seeding AI Models with Kremlin Disinformation
2022-02-24
A purported Moscow-based disinformation network, Pravda, allegedly infiltrated AI models by flooding the internet with pro-Kremlin falsehoods. A NewsGuard audit found that 10 major AI chatbots repeated these narratives 33% of the time, citing Pravda sources as legitimate. The tactic, called "LLM grooming," manipulates AI training data to embed Russian propaganda. Pravda is part of Portal Kombat, a larger Russian disinformation network identified by VIGINUM in February 2024, but in operation since February 2022.
MoreRelated Entities
Other entities that are related to the same incident. For example, if the developer of an incident is this entity but the deployer is another entity, they are marked as related entities.
Related Entities
X (Twitter)
Incidents implicated systems
- Incident 54317 Reports
Purported AI-Generated Image of Explosion Near Pentagon Reportedly Triggers Brief Market Dip and Public Confusion
- Incident 10603 Reports
Institute for Strategic Dialogue Reports Russian-Aligned Operation Overload Using Purported AI-Generated Impersonations Across January to March 2025
Unknown deepfake technology developers
Incidents involved as Developer
- Incident 111841 Reports
Ongoing Purported AI-Assisted Identity Fraud Enables Unauthorized Access to Western Companies by North Korean IT Workers
- Incident 114123 Reports
Purported AI Voice Cloning Used to Impersonate Secretary of State Marco Rubio
Incidents implicated systems
Unknown voice cloning technology developers
Incidents involved as Developer
- Incident 114123 Reports
Purported AI Voice Cloning Used to Impersonate Secretary of State Marco Rubio
- Incident 80510 Reports
Senator Ben Cardin Reportedly Received a Purported Deepfake Zoom Call Impersonating Former Ukrainian Foreign Minister Dmytro Kuleba
Incidents implicated systems
Unknown voice cloning technology
Incidents involved as Developer
- Incident 9741 Report
Purported Deepfake Audio Allegedly Impersonates U.S. Secretary of State Marco Rubio in Starlink Disinformation Campaign
- Incident 10941 Report
At Least 294 Purported AI-Generated Music Videos Portray Celebrities Praising Burkina Faso's Ibrahim Traoré
Incidents implicated systems
Russian government
Incidents involved as both Developer and Deployer
Incidents involved as Deployer
Electoral integrity
Incidents Harmed By
- Incident 6027 Reports
Russia Reportedly Using Artificial Intelligence in Disinformation Campaigns to Erode Western Support for Ukraine
- Incident 10603 Reports
Institute for Strategic Dialogue Reports Russian-Aligned Operation Overload Using Purported AI-Generated Impersonations Across January to March 2025
Russian state media
Incidents involved as both Developer and Deployer
Incidents involved as Deployer
Israel Defense Forces
Incidents involved as both Developer and Deployer
Incidents involved as Deployer
Spamouflage
Incidents involved as Deployer
- Incident 7742 Reports
Covert AI Influence Operations Linked to Russia, China, Iran, and Israel, OpenAI Reports
- Incident 11291 Report
Purported AI-Generated Video Depicting Philippine President Ferdinand Marcos Jr. Using Drugs Shared by Rodrigo Duterte Supporters and Amplified by China-Linked Spamouflage
OpenAI
Incidents involved as both Developer and Deployer
- Incident 11882 Reports
Multiple LLMs Reportedly Generated Responses Aligning with Purported CCP Censorship and Propaganda
- Incident 12381 Report
OpenAI ChatGPT Models Reportedly Jailbroken to Provide Chemical, Biological, and Nuclear Weapons Instructions
Incidents involved as Developer
Storm-1516
Incidents involved as Deployer
- Incident 96827 Reports
'Pravda' Network, Successor to 'Portal Kombat,' Allegedly Seeding AI Models with Kremlin Disinformation
- Incident 9694 Reports
Russian Disinformation Campaign Allegedly Used Fake News Site 'KBSF-San Francisco News' and Deepfake Video to Falsely Accuse Kamala Harris of 2011 Hit-and-Run
John Mark Dougan
Incidents involved as both Developer and Deployer
Incidents involved as Deployer
Government of Russia
Incidents involved as both Developer and Deployer
Incidents involved as Deployer
Journalism
Incidents Harmed By
- Incident 96827 Reports
'Pravda' Network, Successor to 'Portal Kombat,' Allegedly Seeding AI Models with Kremlin Disinformation
- Incident 9694 Reports
Russian Disinformation Campaign Allegedly Used Fake News Site 'KBSF-San Francisco News' and Deepfake Video to Falsely Accuse Kamala Harris of 2011 Hit-and-Run
Storm-1679
Incidents involved as Deployer
- Incident 10603 Reports
Institute for Strategic Dialogue Reports Russian-Aligned Operation Overload Using Purported AI-Generated Impersonations Across January to March 2025
- Incident 12021 Report
Russian Disinformation Campaign Reportedly Used AI-Generated Posts and Videos to Target 2025 Moldovan Parliamentary Elections
Russian-aligned actors
Incidents involved as Deployer
- Incident 10603 Reports
Institute for Strategic Dialogue Reports Russian-Aligned Operation Overload Using Purported AI-Generated Impersonations Across January to March 2025
- Incident 11681 Report
Purportedly AI-Generated Image of British Army Colonels Captured in Ukraine Reportedly Circulates in Russian Media
Matryoshka
Incidents involved as Deployer
- Incident 10603 Reports
Institute for Strategic Dialogue Reports Russian-Aligned Operation Overload Using Purported AI-Generated Impersonations Across January to March 2025
- Incident 12021 Report
Russian Disinformation Campaign Reportedly Used AI-Generated Posts and Videos to Target 2025 Moldovan Parliamentary Elections
Various generative AI developers
Incidents involved as Developer
- Incident 10603 Reports
Institute for Strategic Dialogue Reports Russian-Aligned Operation Overload Using Purported AI-Generated Impersonations Across January to March 2025
- Incident 12831 Report
Purported AI-Enabled Pro-Russian Influence Campaign Centered on Burkina Faso's Ibrahim Traoré and Disseminated Across African Media
Telegram
Incidents implicated systems
- Incident 10603 Reports
Institute for Strategic Dialogue Reports Russian-Aligned Operation Overload Using Purported AI-Generated Impersonations Across January to March 2025
- Incident 11342 Reports
Reported Deepfakes of Ukrainian Deputy PM Olha Stefanishyna Allegedly Supporting Fictional Mobilization Plan for Women
Unidentified law enforcement or intelligence entity (Singapore)
Incidents involved as Deployer
Unidentified law enforcement or intelligence entity (Israel)
Incidents involved as Deployer
Unidentified law enforcement or intelligence entity (Denmark)
Incidents involved as Deployer
Unidentified law enforcement or intelligence entity (Cyprus)
Incidents involved as Deployer
Unidentified law enforcement or intelligence entity (Australia)
Incidents involved as Deployer
YouTube
Incidents implicated systems
- Incident 10941 Report
At Least 294 Purported AI-Generated Music Videos Portray Celebrities Praising Burkina Faso's Ibrahim Traoré
- Incident 11291 Report
Purported AI-Generated Video Depicting Philippine President Ferdinand Marcos Jr. Using Drugs Shared by Rodrigo Duterte Supporters and Amplified by China-Linked Spamouflage
Unknown disinformation actors targeting Royal Malaysia Police
Incidents involved as Deployer
Unknown generative AI developers
Incidents involved as Developer
- Incident 12021 Report
Russian Disinformation Campaign Reportedly Used AI-Generated Posts and Videos to Target 2025 Moldovan Parliamentary Elections
- Incident 12211 Report
Alleged AI-Enabled PRISONBREAK Influence Operation on X Reportedly Synchronizes Deepfake of Evin Prison Strike with Ongoing Attacks in Tehran
Unknown generative AI systems
Incidents implicated systems
- Incident 12021 Report
Russian Disinformation Campaign Reportedly Used AI-Generated Posts and Videos to Target 2025 Moldovan Parliamentary Elections
- Incident 12211 Report
Alleged AI-Enabled PRISONBREAK Influence Operation on X Reportedly Synchronizes Deepfake of Evin Prison Strike with Ongoing Attacks in Tehran