Artificial intelligence is reshaping the espionage landscape, sharpening both the tools of intelligence agencies and the methods available to their adversaries. Jonna Mendez, a 27-year CIA veteran and the agency’s former chief of disguise, told attendees at Infosecurity Europe 2026 that AI has expanded how operatives find, groom and manipulate human sources while enabling convincing synthetic identities and deepfakes that are harder to spot.

Mendez described a recent spate of operations that go beyond hacking or traditional tradecraft: agents posing as headhunters, consultants or job applicants to extract inside access. She recounted cases where impostors used fabricated identities and doctored documents to land remote roles at firms handling sensitive systems — one such recruit from North Korea was only unmasked after an AI security agent flagged anomalous behavior.

Her background in disguise and covert technical tools gives weight to her warning. In the 1990s, Mendez helped create animated masks and other deceptions so convincing they could fool even experienced observers. She also described ‘‘disguise on the run,’’ a Cold War technique for rapidly changing appearance in the field. Those lessons, she said, remain relevant as adversaries adapt similar tradecraft and modernize it with AI.

Mendez stressed that the core aim of intelligence work remains the same: persuade someone to share information you cannot obtain by other means. What has changed is the speed and scale of target selection. “AI can sweep up vast quantities of personal data to build a fuller profile of a target,” she said, making it easier to identify the right person and the most effective angle for recruitment.

The threat is not theoretical. A joint bulletin from the Five Eyes partnership warned of operations that use professional networking and job platforms to identify people with access to classified or privileged information. Rather than cold-contacting individuals, operatives increasingly rank applicants and target those with likely access to sensitive material in defense, foreign policy, intelligence, academia and journalism.

Those recruitment methods rely on exploiting human vulnerabilities — motives intelligence officers have long categorized under the acronym MICE:
– Money: financial incentives to sell secrets.
– Ideology: beliefs that drive betrayal.
– Compromise: coercion using damaging personal information.
– Ego: resentment, ambition or perceived slights.

AI, deepfakes and social media make it faster and cheaper to discover which lever will work for a particular individual.

At the same conference, security researchers from Exabeam described a real-world incident in which a North Korean operative obtained employment at a US cybersecurity firm using stolen identity credentials and forged documents. Within 24 hours, Exabeam’s AI — its Nova system — detected a cluster of unusual behaviors through user and entity behavior analytics and alerted analysts. The new hire had installed suspicious tools, connected to external command-and-control infrastructure, and attempted to route hardware overseas. Analysts moved quickly to isolate and remediate the threat before any material loss.

Exabeam’s team argued that sharing such incidents helps the wider industry; a firm that heard the Exabeam presentation later identified a similar infiltrator. Federal authorities have also taken action: a coordinated Department of Justice operation in 2025 seized computers and charged operatives who had gained work at more than 100 US companies using fake or stolen identities. The FBI has warned of extortion and intellectual-property theft by operatives who establish trust inside victim organizations.

Mendez acknowledged that states with massive camera networks and advanced facial-recognition systems — notably China — present complementary challenges. Extensive surveillance can complicate physical disguise and movement, while AI-backed analytics create powerful tools for tracking and attribution. Conversely, the same technologies can be harnessed by intelligence services to collect comprehensive open-source intelligence and craft more persuasive recruitment approaches.

Despite the AI revolution, Mendez emphasized that human intelligence still requires boots on the ground. “You can’t do it from an armchair,” she said. Face-to-face relationships, careful tradecraft and operational discipline remain essential. At the same time, she urged organizations to identify and shore up the ‘‘soft spots’’ where adversaries are most likely to gain influence — recruitment channels, social engineering vectors and trust relationships inside companies and governments.

The net effect is a new era of spycraft where synthetic personas, automated profiling and traditional human motives intersect. Defenders must combine rigorous personnel vetting, AI-enabled monitoring, and awareness of how social platforms and recruitment pipelines can be weaponized. Transparency about incidents, industry cooperation and active defenses are becoming as critical as the old skills of disguise and deception in protecting institutions from this next wave of espionage.

Artificial intelligence has dramatically sharpened both the tools of espionage and the ways adversaries deceive and recruit people, former CIA disguise chief Jonna Mendez told attendees at Infosecurity Europe 2026 in London. AI is helping intelligence services find and groom sources — and it is empowering rival states and criminal actors to create convincing synthetic identities and deepfakes that are increasingly hard to detect.

Modern spy threats now reach far beyond hacking and data theft. Operatives pose as recruiters, consultants or job seekers on professional networks and hiring platforms to target people with access to sensitive information. In one recent case described at the conference, a North Korean operative assumed the identity of a young American technology professional, passed a US cybersecurity firm’s remote hiring process with forged documents and only was unmasked when the company’s AI security system flagged anomalous behavior.

Mendez, a 27-year CIA veteran who led the agency’s disguise and identity programs, said the same capabilities that aid intelligence collection can be turned back on institutions and employees. “The way to protect yourself is to find the soft spots,” she said. “Where are adversaries coming in? How are they convincing people inside governments and companies to talk? That is where you need to dig and figure it out.”

She recalled tradecraft from her career — including animated masks so convincing they could fool trained observers at close range — and a Cold War tactic called “disguise on the run,” in which an officer altered his appearance while moving through a forest to avoid detection. Mendez projected an image during her keynote showing her wearing an animated CIA mask during a White House briefing that reportedly went unnoticed by others in the room.

Asked whether rival services have adopted or improved those techniques, she said she had been out of the field too long to judge, but that some mask technologies developed under her watch could still be effective against cameras depending on lighting and conditions.

At the same time, some states are countering disguise and deception with massive surveillance systems. Analysts note that China has built one of the world’s largest camera networks — an estimated 700 to 800 million cameras — combined with facial recognition and multiple data streams to create “city brains” that track people across urban areas and flag anomalies in real time.

The Five Eyes alliance — Australia, Canada, New Zealand, the UK and the US — issued a joint bulletin on June 3 warning that Chinese military intelligence services were using professional networking sites and online job platforms to target individuals who had access to classified or privileged information. According to the advisory, operatives pose as recruiters or representatives of think tanks and private firms and rank applicants’ resumes by likely access to sensitive material, focusing on defense, foreign affairs, intelligence, technology workers, military personnel, academics, journalists and think-tank staff.

The Chinese embassy in the UK dismissed those allegations as fabricated and slanderous. Mendez did not directly address the bulletin but stressed that AI, deepfakes and social media have created fertile ground for this form of recruitment by exploiting basic human trust.

She reminded the audience that the core aim of human intelligence has not changed: persuade someone to cooperate and provide information that cannot be gained any other way. Intelligence tradecraft has long used the motivations summarized by the acronym MICE — money, ideology, compromise and ego — and AI makes it faster and cheaper to identify which trigger is most likely to work for a given person by sweeping up personal data and building a detailed profile.

Still, Mendez emphasized that effective human intelligence cannot be done entirely remotely. “You can’t do it from an armchair, you’ve got to get up and cross borders,” she said, adding a wry note that field officers often need technicians on operations because equipment tends to break or go missing.

At the same conference, Exabeam executives described a concrete example of these risks. Steve Povolny, vice president of AI strategy and security research, recounted how a North Korean operative used a stolen identity and forged documents to pass a hiring process at a US cybersecurity company in the summer of 2025. The applicant submitted fraudulent paperwork — including a doctored driver’s license whose photo was either a deepfake or heavily altered — and provided fake references.

Within 24 hours of starting, Exabeam’s AI detection system, Nova, used user and entity behavior analytics to detect a cluster of anomalous activities: installation of malicious executables, contact with a command-and-control server, installation of remote-desktop and VPN software, and a request to ship the laptop to Austin, Texas. Analysts concluded the operator likely intended to install the device in a laptop farm to provide remote access back to North Korea. The security team shut down the activity, reimaged the laptop and contained the intrusion within roughly four to six hours.

Exabeam’s field chief information security officer, Findlay Whitelaw, said the firm went public with the incident despite reputational risk because sharing the case helps the broader industry defend itself. Their decision paid off: another company that heard their presentation later discovered a similar North Korean actor on its network.

The threat is not isolated. In June 2025, the US Department of Justice announced coordinated actions across 16 states that seized about 200 computers and charged operatives who had obtained employment at more than 100 US companies using stolen and fake identities. The FBI has warned that North Korean operatives have extorted companies by holding stolen data and proprietary code for ransom.

Mendez’s long CIA career included leading the Office of Technical Service’s disguise programs and training assets to use miniature spy cameras and other covert equipment. Her late husband, Tony Mendez, was famed for the 1979 “Canadian caper” during the Iran hostage crisis, in which he helped six American diplomats escape Tehran by disguising them as a film crew — an operation later dramatized in the film Argo.

The combined message from former intelligence officers and security practitioners at the conference was clear: AI has multiplied opportunities for both collection and deception, but it has also created new detection tools. Defenders must identify organizational soft spots, improve vetting and monitoring, share incidents openly, and remember that successful human intelligence — and successful counterintelligence — still depends on understanding human motives as well as mastering technology.