
AI as Tradecraft: How Threat Actors Are Operationalizing AI
From Microsoft Threat Intelligence Podcast by Microsoft
March 11, 2026 · 22 min · Season 3 · Episode 64
About this episode
The episode discusses how the North Korean-aligned threat actor Jasper Sleet is operationalizing AI in cyber operations.
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Greg Schlomer and Vlad H. to discuss new research on Jasper Sleet, a North Korean–aligned threat actor incorporating AI into active operations. The conversation examines how AI is being integrated across the attack lifecycle — from highly tailored phishing lures and fabricated job applicant personas to accelerating malware development and refining operational workflows. Rather than treating AI as a novelty, Jasper Sleet is using it to increase speed, scale, and adaptability while reducing many of the friction points that once slowed campaigns. They also explore what this shift means for defenders. As AI compresses iteration cycles and lowers barriers to entry, traditional attribution signals evolve, influence operations become more convincing, and defensive teams must tighten the loop between intelligence, detection, and response. This is less about experimentation and more about the operationalization of AI as part of modern tradecraft. In this episode you’ll learn: How AI is changing the speed at which cyber operations evolve Why jailbreaking AI models is often trivial for…
People in this episode
Host: Sherrod DeGrippo
Guests: Greg Schlomer, Vlad H.
Topics covered
- AI in cyber operations
- threat actors
- malware development
- phishing lures
- operational workflows
- defensive strategies
Keywords
- AI
- cybersecurity
- threat actors
- malware
- phishing
- defense strategies
- Jasper Sleet
Mentioned in this episode
Organizations: Jasper Sleet, North Korean
More episodes of Microsoft Threat Intelligence Podcast
- Supply Chain Attacks: Open Source or Open Door? · June 3, 2026 · 39 min
- Eviltokens: A Conversation with Huntress on an AI‑Enabled Device Code Phishing Campaign · May 20, 2026 · 42 min
- Russia’s Forest Blizzard Is Abusing Home + Small Office Routers for Cred Theft · May 6, 2026 · 52 min
- The Cybercrime Shift: From Opportunistic Attacks to Marketplace-Driven Ecosystem · April 22, 2026 · 40 min
- Ransomware: From Isolated Attacks to Global Criminal Ecosystem · April 8, 2026 · 48 min
- Winter SHIELD: Closing the Security Control Gap · March 25, 2026 · 37 min
Explore listener stats, chart rankings, contacts and more on the Microsoft Threat Intelligence Podcast podcast page.