Iran AI cyber attacks: ChatGPT misuse is now real

Iranian-linked cyber operators are reportedly using ChatGPT, Gemini and other Western AI systems to speed up malware development, phishing preparation and influence work, turning a long-running cybersecurity concern into a live operating model. A Financial Times report said the same mainstream tools sold as productivity software are helping Iranian military and intelligence-linked groups move faster through tasks that used to need more specialist labour.

The sharper finding is cost. State-backed hacking has always mixed technical skill, persistence and bureaucracy. Generative AI changes the labour equation by making reconnaissance notes, lure text, code snippets and translation work cheaper to produce, while leaving human operators in charge of target selection and timing. That is why the issue now sits across three desks at once: the CISO, the sanctions lawyer and the AI-safety team.

Yossi Karadi, director-general of the Israel National Cyber Directorate, has been warning that Iranian groups are coordinating more closely and pairing cyber activity with influence operations. In comments reported by Nextgov/FCW, Karadi said the fight had not paused with the battlefield news cycle.

“There is no ceasefire in cyber”
— Yossi Karadi, Israel National Cyber Directorate

That line matters for Australian organisations because the threat does not need to be aimed at Canberra or Sydney to land here. Phishing kits, credential theft, fake identities and compromised suppliers move through the same cloud platforms and business software used by local banks, universities, energy companies and managed service providers.

AI misuse is becoming workflow automation

The new risk is less a fully autonomous hacker and more a faster back office for human operators. Google Threat Intelligence chief analyst John Hultquist told Reuters that hackers were pushing innovation in AI-enabled operations, calling the public evidence the “tip of the iceberg”.

“tip of the iceberg”
— John Hultquist, Google Threat Intelligence Group

That is a narrow quote, but the implication is broad. Attackers do not need a model to discover an unknown vulnerability before it becomes useful. They can use it to write better phishing copy in multiple languages, summarise stolen documents, translate internal manuals, produce basic malware scaffolding, refine command-line instructions or create social media messages that look less obviously foreign.

This is where the policy debate often loses focus. The visible worry is a chatbot producing a weaponised script on demand. The more common problem is likely to be gradual improvement in low-grade tasks that sit around the exploit: finding the right employee, shaping the lure, cleaning up a fake invoice, adapting code, then writing a plausible follow-up. Small improvements compound when the operator is running the same playbook across hundreds of targets.

The FT report places Iran in that pattern, but the underlying economics apply well beyond one country. Large language models compress training time. They also turn English-language documentation, public code repositories and cloud-administration instructions into a more accessible menu for operators who previously needed better language skills or more specialised engineers.

Sanctions evasion is part of the same problem

The cyber story also points to a second use case: proliferation financing and sanctions evasion. The Royal United Services Institute has warned that AI can help hostile networks generate shell-company paperwork, synthetic identities and transaction patterns that are harder for banks and regulators to triage at scale.

Dr Aaron Arnold, a senior associate fellow at RUSI’s Centre for Finance and Security, put the risk plainly in analysis cited by The Register.

“AI has the potential to radically increase the scale of PF activities”
— Dr Aaron Arnold, RUSI Centre for Finance and Security

PF, or proliferation financing, is not usually the language of enterprise security teams. It should be closer to their vocabulary now. The same automation that helps a state-linked group draft phishing lures can also help it prepare vendor documents, test names against sanctions lists, generate benign-looking business descriptions or move crypto through a more complex web of accounts.

CIO’s analysis of AI-enabled sanctions evasion framed the adaptation window for governments and private organisations at about three to five years. That is not a long runway for banks, cloud providers and software vendors whose onboarding and fraud controls were designed around slower human production of false documents.

Defenders need access, but labs need boundaries

Karadi’s warning lands in a difficult place for AI labs. Governments want access to advanced models for defensive testing, vulnerability discovery and threat simulation. The same model capabilities can also assist attackers if guardrails fail or if abuse is routed through compromised accounts, local wrappers or open alternatives.

That creates an access race. Security agencies and large vendors are pushing AI into defensive work, including code review, malware triage and alert summarisation. ZDNet Australia recently noted that Anthropic’s Mythos Preview had identified 3,900 serious vulnerabilities in open-source software, a defensive example of the same underlying capability.

The hard part is separating legitimate security research from reconnaissance that only looks benign for the first few prompts. A model asked to summarise a software manual, explain an authentication flow or translate an error message may be helping a defender. It may also be helping an operator prepare the next step of an intrusion.

For the labs, the Iranian example is a reminder that misuse policy cannot live only in model cards and trust-and-safety blog posts. It has to show up in telemetry sharing, abuse reporting, enterprise account controls and clearer escalation paths when state-linked behaviour is suspected. For governments, the temptation will be to demand blunt restrictions. That may satisfy a headline, but it will not help defenders who need the same tools for testing and response.

The enterprise lesson is ordinary, not cinematic

For Australian boards, the practical read-out is not a science-fiction scenario. It is a controls audit. Remote-hire checks, invoice approvals, vendor onboarding, source-code access, cloud administrator privileges and help-desk password resets are the workflows where AI-assisted deception is likely to show up first.

A separate Microsoft warning, reported by Tom’s Hardware, described a cryptojacking campaign that used SEO poisoning and AI chatbot exposure to push users toward malware disguised as popular utilities. It was not a nation-state case, but it shows how AI-adjacent distribution can pull ordinary users into technical compromise.

The controls response should be similarly plain. Treat AI-generated documents as cheap. Treat fluent English as a weak trust signal. Recheck vendor changes, privileged access requests and payment instructions through channels that cannot be generated in the same workflow. Log model use in security teams so defensive adoption does not become another blind spot.

The larger policy argument will continue around frontier-model access, export controls and lab liability. Those debates matter. But the Iranian case suggests a nearer conclusion for companies shipping and using AI systems: misuse has moved from theory to operations, and the first damage will come through the boring processes nobody upgraded because they still looked human-paced.