Artificial intelligence has dramatically sharpened both the tools of espionage and the ways adversaries deceive and recruit people, former CIA disguise chief Jonna Mendez told attendees at Infosecurity Europe 2026 in London. AI is helping intelligence services find and groom sources — and it is empowering rival states and criminal actors to create convincing synthetic identities and deepfakes that are increasingly hard to detect.
Modern spy threats now reach far beyond hacking and data theft. Operatives pose as recruiters, consultants or job seekers on professional networks and hiring platforms to target people with access to sensitive information. In one recent case described at the conference, a North Korean operative assumed the identity of a young American technology professional, passed a US cybersecurity firm’s remote hiring process with forged documents and only was unmasked when the company’s AI security system flagged anomalous behavior.
Mendez, a 27-year CIA veteran who led the agency’s disguise and identity programs, said the same capabilities that aid intelligence collection can be turned back on institutions and employees. “The way to protect yourself is to find the soft spots,” she said. “Where are adversaries coming in? How are they convincing people inside governments and companies to talk? That is where you need to dig and figure it out.”
She recalled tradecraft from her career — including animated masks so convincing they could fool trained observers at close range — and a Cold War tactic called “disguise on the run,” in which an officer altered his appearance while moving through a forest to avoid detection. Mendez projected an image during her keynote showing her wearing an animated CIA mask during a White House briefing that reportedly went unnoticed by others in the room.
Asked whether rival services have adopted or improved those techniques, she said she had been out of the field too long to judge, but that some mask technologies developed under her watch could still be effective against cameras depending on lighting and conditions.
At the same time, some states are countering disguise and deception with massive surveillance systems. Analysts note that China has built one of the world’s largest camera networks — an estimated 700 to 800 million cameras — combined with facial recognition and multiple data streams to create “city brains” that track people across urban areas and flag anomalies in real time.
The Five Eyes alliance — Australia, Canada, New Zealand, the UK and the US — issued a joint bulletin on June 3 warning that Chinese military intelligence services were using professional networking sites and online job platforms to target individuals who had access to classified or privileged information. According to the advisory, operatives pose as recruiters or representatives of think tanks and private firms and rank applicants’ resumes by likely access to sensitive material, focusing on defense, foreign affairs, intelligence, technology workers, military personnel, academics, journalists and think-tank staff.
The Chinese embassy in the UK dismissed those allegations as fabricated and slanderous. Mendez did not directly address the bulletin but stressed that AI, deepfakes and social media have created fertile ground for this form of recruitment by exploiting basic human trust.
She reminded the audience that the core aim of human intelligence has not changed: persuade someone to cooperate and provide information that cannot be gained any other way. Intelligence tradecraft has long used the motivations summarized by the acronym MICE — money, ideology, compromise and ego — and AI makes it faster and cheaper to identify which trigger is most likely to work for a given person by sweeping up personal data and building a detailed profile.
Still, Mendez emphasized that effective human intelligence cannot be done entirely remotely. “You can’t do it from an armchair, you’ve got to get up and cross borders,” she said, adding a wry note that field officers often need technicians on operations because equipment tends to break or go missing.
At the same conference, Exabeam executives described a concrete example of these risks. Steve Povolny, vice president of AI strategy and security research, recounted how a North Korean operative used a stolen identity and forged documents to pass a hiring process at a US cybersecurity company in the summer of 2025. The applicant submitted fraudulent paperwork — including a doctored driver’s license whose photo was either a deepfake or heavily altered — and provided fake references.
Within 24 hours of starting, Exabeam’s AI detection system, Nova, used user and entity behavior analytics to detect a cluster of anomalous activities: installation of malicious executables, contact with a command-and-control server, installation of remote-desktop and VPN software, and a request to ship the laptop to Austin, Texas. Analysts concluded the operator likely intended to install the device in a laptop farm to provide remote access back to North Korea. The security team shut down the activity, reimaged the laptop and contained the intrusion within roughly four to six hours.
Exabeam’s field chief information security officer, Findlay Whitelaw, said the firm went public with the incident despite reputational risk because sharing the case helps the broader industry defend itself. Their decision paid off: another company that heard their presentation later discovered a similar North Korean actor on its network.
The threat is not isolated. In June 2025, the US Department of Justice announced coordinated actions across 16 states that seized about 200 computers and charged operatives who had obtained employment at more than 100 US companies using stolen and fake identities. The FBI has warned that North Korean operatives have extorted companies by holding stolen data and proprietary code for ransom.
Mendez’s long CIA career included leading the Office of Technical Service’s disguise programs and training assets to use miniature spy cameras and other covert equipment. Her late husband, Tony Mendez, was famed for the 1979 “Canadian caper” during the Iran hostage crisis, in which he helped six American diplomats escape Tehran by disguising them as a film crew — an operation later dramatized in the film Argo.
The combined message from former intelligence officers and security practitioners at the conference was clear: AI has multiplied opportunities for both collection and deception, but it has also created new detection tools. Defenders must identify organizational soft spots, improve vetting and monitoring, share incidents openly, and remember that successful human intelligence — and successful counterintelligence — still depends on understanding human motives as well as mastering technology.
