AI as Tradecraft: How Threat Actors Are Operationalizing AI [Microsoft Threat Intelligence Podcast]

Mar 12, 2026

Vlad H., a Microsoft analyst studying DPRK-linked actors and AI-driven social engineering, and Greg Schlomer, a Microsoft analyst on DPRK-aligned cyber tradecraft, discuss Jasper Sleet’s operational use of AI. They cover AI across recon, malware development, persona fabrication, autonomous agents, jailbreaking, and how AI speeds and scales deception and campaign workflows.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

AI Drives Rapid Iteration And Scale

Threat groups like Storm 1877 are iterating and scaling attacks much faster by embedding AI across reconnaissance, development, and workflows.
Vlad H. observed rapid experimentation: try a vector, test in the wild, expand if successful, discard if not.

INSIGHT

Startup Style Experimentation In Threat Operations

AI adoption by DPRK-linked operators is beyond experimentation and mirrors startup-style rapid testing and pivoting.
Greg Schlomer notes decentralized cells and freedom to experiment accelerate adoption among scrappy actors.

INSIGHT

Organizational Structure Shapes AI Adoption

More bureaucratic intelligence-focused groups may adopt AI slower than decentralized IT-worker cells.
Greg Schlomer contrasts large flexible IT-worker operations with rigid Citrine/Jade Sleet intelligence orgs.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Greg Schlomer and Vlad H. to discuss new research on Jasper Sleet, a North Korean–aligned threat actor incorporating AI into active operations.

The conversation examines how AI is being integrated across the attack lifecycle — from highly tailored phishing lures and fabricated job applicant personas to accelerating malware development and refining operational workflows. Rather than treating AI as a novelty, Jasper Sleet is using it to increase speed, scale, and adaptability while reducing many of the friction points that once slowed campaigns.

They also explore what this shift means for defenders. As AI compresses iteration cycles and lowers barriers to entry, traditional attribution signals evolve, influence operations become more convincing, and defensive teams must tighten the loop between intelligence, detection, and response. This is less about experimentation and more about the operationalization of AI as part of modern tradecraft.

In this episode you’ll learn:

How AI is changing the speed at which cyber operations evolve

Why jailbreaking AI models is often trivial for motivated adversaries

The strategic implications of AI leveling the playing field between threat actors

Some questions we ask:

Is there resistance among experienced malware authors to adopting AI?

Are we seeing fully AI-written malware in the wild?

What stands out about Jasper Sleet’s use of AI?

Resources:

View Greg Schloemer on LinkedIn

View Sherrod DeGrippo on LinkedIn

Related Microsoft Podcasts:

Afternoon Cyber Tea with Ann Johnson

The BlueHat Podcast

Uncovering Hidden Risks

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

Learn more about your ad choices. Visit megaphone.fm/adchoices