Artificial intelligence has amplified the tools of espionage for every side, enabling intelligence services to find and groom human sources more efficiently while giving rival actors access to convincing synthetic identities and deepfakes that are harder to spot.
Threats today reach beyond hacking and data theft to social-engineering tactics such as operatives posing as recruiters or job applicants. In one recent incident a North Korean operative, using a stolen identity and forged documents, passed a hiring process at a U.S. cybersecurity firm and secured remote access—only to be detected by the company’s AI monitoring system within hours.
Jonna Mendez, a 27-year CIA veteran who ran the agency’s disguise and identity program, warned that the same AI capabilities that help Western agencies are being turned against them. Speaking at Infosecurity Europe 2026 in London, Mendez said the technology has complicated intelligence tradecraft in unprecedented ways and urged governments and companies to hunt for the “soft spots” in their organizations—the entry points adversaries exploit to win trust and recruit insiders.
Mendez’s career gives weight to her assessment. She led technical disguise programs that once produced animated masks capable of fooling observers in close quarters; she recalled an early-1990s White House briefing where a mask she wore went undetected. She also described a Cold War “disguise on the run” technique used near Moscow, in which an officer changed appearance while moving through terrain to evade surveillance.
Asked whether rival states have adopted or improved on such techniques, Mendez said she is out of the field too long to be definitive, but noted that some mask technologies from her era can still fool cameras under certain lighting conditions. Meanwhile, countries like China challenge disguise tradecraft with massive camera networks and AI-driven facial recognition systems. Analysts estimate China has roughly 700–800 million cameras feeding facial-recognition and data-integration systems that can track individuals across cities in real time.
The intelligence alliance known as Five Eyes—Australia, Canada, New Zealand, the U.K. and the U.S.—issued a joint bulletin warning that Chinese military intelligence is using professional networking and job platforms to target people with access to classified or sensitive information. According to the bulletin, operatives pose as recruiters, consultants or think-tank representatives and post opportunities in areas like defense and foreign affairs to attract applicants. Rather than directly contacting individuals, recruiters now rank applicants by likely access to sensitive materials.
The Chinese Embassy dismissed such allegations as slander. Mendez did not directly address the bulletin, but said AI, deepfakes and social media create fertile conditions for this form of recruitment, exploiting longstanding human vulnerabilities.
She emphasized that the core aim of human intelligence hasn’t changed: convincing a person to cooperate and provide information you cannot obtain by other means. What has changed is the speed and precision with which targets can be identified and profiled. Mendez noted intelligence services have long understood why people betray employers or countries—summarized in the acronym MICE: money, ideology, compromise, and ego—and said AI makes it far easier and cheaper to determine which motivation fits a given individual.
Despite AI’s power, Mendez stressed that human tradecraft still requires travel and personal contact: you cannot conduct effective clandestine recruitment solely from an armchair. She also wryly warned that field officers regularly break or misplace equipment, so technicians are still essential on operations.
A concrete example of how synthetic identities and forgery are being used came from Exabeam, a security firm whose AI system, Nova, detected anomalous behavior from a newly hired employee in summer 2025. That person had submitted falsified documents, including a driver’s license with a manipulated image that may have been a deepfake. Once onboard, the individual tried to install malicious executables, contact command-and-control servers, install remote-access tools and arrange to ship hardware for offsite access. Because Nova’s user and entity behavior analytics flagged a cluster of suspicious events, analysts intervened and neutralized the threat within roughly four to six hours.
Exabeam leaders decided to publicize the breach instead of remaining silent, arguing that sharing these incidents strengthens industry defenses. Their disclosure proved timely: another company that attended the same presentation discovered a similar intruder on its network shortly afterward.
The risk is widespread. In June 2025, U.S. authorities announced coordinated actions across many states to seize about 200 computers and charged operatives who had obtained jobs at more than 100 American companies using fake or stolen identities. The FBI has warned that adversaries, including North Korean groups, have extorted companies by stealing proprietary code and holding it for ransom.
What to do about it: experts urge organizations to harden hiring and onboarding processes, improve identity verification, deploy behavior-based monitoring, and share incident intelligence across the industry. Mendez’s central advice is to map where adversaries might enter and how they would win trust, then close those gaps. In a world where AI can assemble an intimate profile of almost anyone, the human factor—awareness, skepticism, and good counterintelligence hygiene—remains the decisive defense.
