North Korean Threat Actors Use AI to Enhance Fraudulent IT Worker Schemes

The event explicitly involves AI systems used maliciously to deceive companies and gain unauthorized employment, resulting in financial harm and threats to data security. The AI's role is pivotal in masking identities and enabling the scam at scale. The harms include violation of property rights (wages stolen), potential data breaches, and broader harm to companies and communities. The involvement of AI in the development and use of these deceptive identities and communications meets the criteria for an AI Incident, as the harm is realized and directly linked to AI misuse.

The article explicitly mentions the use of AI tools in the development and execution of a deceptive scheme that has directly led to harm, including fraudulent hiring, potential data breaches, and financial losses. The AI systems are central to the scam's success, enabling the creation of fake identities and manipulation of documents and communications. The harms include violations of labor rights, intellectual property rights, and harm to companies and communities. Hence, this qualifies as an AI Incident under the OECD framework.

The event involves the use of AI systems for malicious purposes—fabricating identities, generating images, voice modification, and producing work outputs to deceive employers and gain unauthorized access. The harm includes security breaches, data theft, and extortion attempts, which are direct harms to property and communities. The AI system's role is pivotal in enabling these harms. Therefore, this qualifies as an AI Incident because the AI system's use has directly led to significant harm through fraudulent employment and misuse of corporate access.

The article explicitly mentions the use of AI systems (large language models, face swapping apps, voice-changing software, agentic AI) by North Korean threat actors to conduct and enhance fraudulent IT worker scams. These scams have resulted in unauthorized access to organizations, which is a form of harm to communities and property. The AI systems' development and use have directly led to these harms, fulfilling the criteria for an AI Incident. The article does not merely warn of potential harm but describes ongoing, realized harm facilitated by AI.

The report explicitly details the use of AI systems by threat actors to conduct and improve cyberattacks that cause harm such as unauthorized access, identity fraud, and data theft. These harms fall under violations of rights and harm to communities. The AI systems are integral to the attack lifecycle, enabling more sophisticated and scalable malicious operations. Since the harms are occurring and AI is a pivotal factor, this qualifies as an AI Incident.

The article explicitly mentions AI systems used for generating fake IDs, synthesizing faces onto stolen documents, voice modulation to impersonate others, and crafting applications to deceive employers. These AI-enabled actions have directly led to harm by facilitating scams that result in financial loss and breach of trust in employment systems. The blocking of 3,000 accounts linked to these scams confirms the harm is occurring. Therefore, this qualifies as an AI Incident due to the direct involvement of AI in causing realized harm through fraudulent employment scams.

The article explicitly states that AI systems are being used by hackers to carry out cyberattacks that have already caused harm, such as phishing scams, malware creation, and unauthorized access to companies. These harms fall under violations of rights and harm to communities. The AI's role is pivotal as it acts as a force multiplier enabling more effective and scalable attacks. The involvement is in the use and misuse of AI systems by malicious actors, directly leading to harm. Hence, this is an AI Incident rather than a hazard or complementary information.

The article explicitly states that AI is being used by hackers to create phishing emails, develop malware, and infiltrate organizations, which are direct uses of AI systems leading to realized harm. The harms include successful cyberattacks, data breaches, and unauthorized access, which fall under harm to communities and violations of rights. The AI systems are integral to the malicious activities, not just potential or future risks. Hence, the event is best classified as an AI Incident.

The article explicitly details how generative AI is used to create false identities and sustain fraudulent employment, causing direct financial harm to employers and risks to intellectual property. The involvement of AI in the development and use stages of the fraudulent scheme is clear and central to the incident. The harm is realized, not just potential, as Microsoft has already disrupted thousands of such accounts. Therefore, this qualifies as an AI Incident under the framework, as the AI system's use has directly led to significant harm.