Advanced persistent threat (APT) groups are integrating generative artificial intelligence (AI) into their cyber operations to accelerate and scale campaign coordination. Public and private reporting shows AI-assisted techniques emerging across the cyberattack lifecycle, with state-sponsored actors from China, Russia, Iran, and North Korea using these capabilities to support reconnaissance, malware development, social engineering, and related tasks.

As AI adoption grows, critical infrastructure (CI) remains a strategic focus for nation-state groups seeking geopolitical leverage. Disruptive events such as the Colonial Pipeline incident, alongside the rise of ICS-targeting malware, indicate a shift toward more deliberate capability development. Adversaries are also exploring new ways to access operational environments, increasing the likelihood that AI will support future disruptive or coercive activity.