Artificial intelligence is amplifying both sides of modern espionage: it sharpens the tools that intelligence services use to identify and cultivate human sources, and it equips adversaries with convincing synthetic identities and deepfakes that are increasingly hard to detect.
Jonna Mendez, a 27-year CIA veteran and the agency’s former chief of disguise, warned at Infosecurity Europe 2026 in London that the same AI capabilities that help protect nations now empower those who would exploit institutions and employees. She described a landscape of new threats that extend far beyond traditional hacking and data breaches into socially engineered approaches such as fake recruiters and fabricated job applicants.
One recent example involved a North Korean operative who posed as an American technology professional and secured a remote role at a US cybersecurity firm. The intruder used forged documents and a falsified identity to pass hiring checks, and was only exposed after an AI security system flagged anomalous behavior and human analysts intervened.
Mendez, who led the CIA’s disguise and identity program and trained agents in technical tradecraft, said AI fundamentally changes the preparatory phase of human intelligence. Where investigators once assembled background details laboriously, AI now pulls together vast amounts of personal data quickly to build detailed profiles. The goal of recruitment, she emphasized, remains the same: win a target’s trust so they will provide information no other method can obtain. AI just makes it faster and cheaper to discover a person’s vulnerabilities and motivations.
She recounted examples from her career to illustrate how deception and disguise evolved. During her tenure the agency developed animated masks so convincing they could fool trained observers at close range. On one occasion a mask was not recognized during a White House briefing in the early 1990s. She also described a Cold War practice dubbed disguise on the run, in which an operative changed appearance while moving through terrain to evade detection during a covert mission.
Mendez said mask technology from her era can still be effective against modern cameras, depending on lighting and other conditions, but acknowledged she has been out of the field long enough that assessing current foreign capabilities requires caution. Analysts note that countries such as China have invested heavily in surveillance infrastructure and AI-powered facial recognition, with estimates of 700 to 800 million cameras deployed in urban areas that feed integrated systems sometimes called city brains.
The widening pattern of online recruitment was underscored by a Five Eyes joint bulletin titled Safeguarding Our Secrets. The notice warned that some Chinese military intelligence services have used professional networking sites and job platforms to target people with access to classified or valuable information. Operatives reportedly pose as recruiters, consultants or think-tank representatives and post role descriptions tailored to attract defense, foreign affairs, intelligence and technology personnel, then rank applicants’ resumes by likely access to sensitive material.
A spokesperson at the Chinese Embassy in the UK dismissed those allegations as malicious slander and accused Five Eyes members of engaging in their own unsanctioned intelligence activities. Mendez said she did not comment on the bulletin specifically but noted that the combination of AI, deepfakes and social media creates fertile ground for recruitment techniques that exploit basic human trust.
She reminded audiences of the long-standing MICE rubric for understanding why people betray secrets: money, ideology, compromise, and ego. AI makes it faster and cheaper to discover which of those levers is most likely to work on a given individual, she said, allowing adversaries to tailor approaches with precision.
Despite the digital leap, Mendez stressed that human intelligence still requires boots on the ground. You cannot conduct real-world recruitment from an armchair, she said, so field operations and technicians remain essential. Her career began in the CIA’s Office of Technical Service in 1970, a unit that developed covert cameras and other tradecraft. She later led disguise programs aimed at KGB, Stasi and Cuban intelligence targets. Her late husband, Tony Mendez, was the operative behind the Canadian cover used to exfiltrate US diplomats during the 1979 Iran hostage crisis, a story dramatized in the film Argo.
At the same conference, Exabeam executives described the North Korean infiltration of a cybersecurity firm in summer 2025. According to Steve Povolny, vice president of AI strategy and security research, the attacker used a stolen identity, doctored documents and possibly a deepfaked image to clear the hiring process. Once inside, he installed malicious executables, attempted to connect to a command-and-control server, added remote-desktop and VPN software, and sought permission to ship his laptop to another location — behavior consistent with efforts to create remote access to a laptop farm.
Exabeam’s AI system, Nova, detected clusters of anomalous user activity through user and entity behavior analytics and raised alerts within 24 hours. Analysts were able to isolate and reimage the device and shut down the intrusion within a few hours, preventing a wider breach. Exabeam chose to go public with the case to warn the industry; another firm reported identifying a similar suspicious account after hearing the presentation.
In June 2025, US authorities announced coordinated actions across 16 states that seized roughly 200 computers and charged operatives accused of obtaining employment at more than 100 US companies using stolen and fake identities. The FBI has warned that North Korean operatives have leveraged such footholds to extort firms by holding stolen intellectual property and data for ransom.
The takeaways are straightforward: AI accelerates the reconnaissance and social engineering phases of espionage, deepfake and identity fraud raise hiring and vetting risks, and automated detection systems can and do catch suspicious behavior if tuned and monitored effectively. Mendez urged organizations to identify their soft spots — the ways adversaries try to gain trust inside governments and companies — and dig into those vulnerabilities before they are exploited.
