Blab Tech
South Korea Warns North Korea Is Using Autonomous AI for Large-Scale Cyberattacks
South Korea’s National Cyber Security Center, part of the National Intelligence Service, issued a warning on June 10 that North Korean hacking groups are moving toward autonomous attacks powered by agentic artificial intelligence. The warning appears in the agency’s 2026 National Information Security White Paper and highlights the growing threat that AI can identify vulnerabilities, breach systems, and monetize stolen data with minimal human oversight.
The Center noted that the rapid development of AI has expanded attackers’ capabilities, while the spread of cloud infrastructure and the neglect of aging systems have exposed structural weaknesses in South Korea’s cyber defenses. The agency focused on agentic AI, a form of autonomous AI that can set goals, analyze data, and manipulate external systems without constant human direction. When used by hackers, the technology can generate large volumes of phishing messages, develop ransomware, and conduct large‑scale operations with fewer people, less time and lower costs.
The warning cites recent incidents that illustrate the danger. Anthropic’s AI model Mythos reportedly produced Windows attack code in 31 minutes, according to reports. Global cybersecurity firms Kaspersky and Google Threat Intelligence Group have identified signs that the North‑Korean group Kimsuky used large language models to help write code. Another North‑Korean group, APT45, repeatedly entered prompts at scale to search for software vulnerabilities and test whether attack code could be executed.
Analysts say North Korea began designing and testing AI‑automated attacks last year and has now largely adopted the technology. The change is seen as allowing North Korean hackers to overcome personnel limitations and launch larger attacks on a regular basis. The Center noted that North Korea stole a record 2.2 trillion won (about $1.46 billion) in virtual assets last year.
Despite North Korea’s advances, many South Korean public and private systems remain vulnerable because of aging infrastructure. The risk is growing as organizations adopt AI across more areas of work without fully updating their defenses. The agency warned that agentic AI is particularly suited to manipulating AI systems used by target organizations, meaning South Korea could be expanding potential attack routes unless it strengthens its security systems.
"Starting this year, agentic AI will autonomously carry out the full attack life cycle and generate tens of thousands of malicious actions per second," the Center said. "Defense systems also must immediately shift to autonomous security operations that minimize human intervention and identify and isolate threats at machine speed."
Experts say isolated responses are no longer enough and call for a national‑level control tower capable of continuous cyber response. "The only current method is to use AI to find security problems, patch them as quickly as possible and prevent attacks," said Choi Byung‑ho, a research professor at Korea University’s Human‑Inspired AI Research Institute. "A governance system capable of responding to hacking within 24 hours is needed, but it is difficult because of issues such as delegated authority."
The warning underscores a broader trend in which state‑backed actors are leveraging advanced AI to scale cyber operations. South Korea’s call for autonomous security measures and a centralized response framework reflects the urgency of adapting national defenses to the new threat landscape.
The Center noted that the rapid development of AI has expanded attackers’ capabilities, while the spread of cloud infrastructure and the neglect of aging systems have exposed structural weaknesses in South Korea’s cyber defenses. The agency focused on agentic AI, a form of autonomous AI that can set goals, analyze data, and manipulate external systems without constant human direction. When used by hackers, the technology can generate large volumes of phishing messages, develop ransomware, and conduct large‑scale operations with fewer people, less time and lower costs.
The warning cites recent incidents that illustrate the danger. Anthropic’s AI model Mythos reportedly produced Windows attack code in 31 minutes, according to reports. Global cybersecurity firms Kaspersky and Google Threat Intelligence Group have identified signs that the North‑Korean group Kimsuky used large language models to help write code. Another North‑Korean group, APT45, repeatedly entered prompts at scale to search for software vulnerabilities and test whether attack code could be executed.
Analysts say North Korea began designing and testing AI‑automated attacks last year and has now largely adopted the technology. The change is seen as allowing North Korean hackers to overcome personnel limitations and launch larger attacks on a regular basis. The Center noted that North Korea stole a record 2.2 trillion won (about $1.46 billion) in virtual assets last year.
Despite North Korea’s advances, many South Korean public and private systems remain vulnerable because of aging infrastructure. The risk is growing as organizations adopt AI across more areas of work without fully updating their defenses. The agency warned that agentic AI is particularly suited to manipulating AI systems used by target organizations, meaning South Korea could be expanding potential attack routes unless it strengthens its security systems.
"Starting this year, agentic AI will autonomously carry out the full attack life cycle and generate tens of thousands of malicious actions per second," the Center said. "Defense systems also must immediately shift to autonomous security operations that minimize human intervention and identify and isolate threats at machine speed."
Experts say isolated responses are no longer enough and call for a national‑level control tower capable of continuous cyber response. "The only current method is to use AI to find security problems, patch them as quickly as possible and prevent attacks," said Choi Byung‑ho, a research professor at Korea University’s Human‑Inspired AI Research Institute. "A governance system capable of responding to hacking within 24 hours is needed, but it is difficult because of issues such as delegated authority."
The warning underscores a broader trend in which state‑backed actors are leveraging advanced AI to scale cyber operations. South Korea’s call for autonomous security measures and a centralized response framework reflects the urgency of adapting national defenses to the new threat landscape.
