Artificial intelligence has dramatically changed the landscape of espionage, sharpening both the tools used by intelligence services and the methods adversaries use to deceive organizations and individuals. AI now speeds source identification and target profiling while enabling convincingly synthetic identities and deepfakes that can evade detection.
Jonna Mendez, a 27-year CIA veteran and the agency’s former chief of disguise, warned at Infosecurity Europe 2026 in London that the same capabilities that empower counterintelligence can be turned against governments and companies. She urged defenders to ‘find the soft spots’ — the entry points through which adversaries persuade staff to share information — and to focus on how targets are groomed and manipulated.
Mendez drew on decades of tradecraft to illustrate how disguise and deception have evolved. Under her leadership the CIA developed highly realistic animated masks, once convincing enough to fool trained observers at close range, and she recounted Cold War techniques such as ‘disguise on the run,’ where an officer changed appearance while moving through terrain to avoid detection during operations.
Her point: technical innovation is not new to the tradecraft, but AI has amplified what was already possible. Before modern AI, intelligence officers could compile detailed dossiers on individuals — residence, family, finances, habits — with painstaking research. AI compresses and expands that effort, sifting vast public and private data sources to assemble far richer profiles more quickly, enabling approaches tailored to the psychological triggers most likely to produce cooperation.
Those triggers are well known to intelligence services and are often summarized by the acronym MICE: money, ideology, compromise, and ego. Mendez said AI makes it faster and cheaper to determine which motivator may work for a particular person, and that social media and deepfakes create fertile ground for targeted recruitment built on trust or the appearance of it.
Five Eyes and job-platform recruitment
That risk was highlighted in a June Five Eyes bulletin called ‘Safeguarding Our Secrets,’ which warned that Chinese military intelligence actors have used professional networking sites and recruitment postings to identify and lure people with access to sensitive information. According to the advisory, operatives pose as recruiters, consultants or think-tank representatives and rank applicants by likely access to classified or privileged data, targeting defense, foreign affairs, academia, journalism and technology personnel.
The Chinese government has rejected such accusations. Analysts note, however, that China’s vast camera networks and AI-driven facial recognition contribute to an advanced surveillance infrastructure claimed to include hundreds of millions of cameras and integrated data streams sometimes described as ‘city brains.’ These systems make evading biometric and persistent surveillance a different and sometimes harder challenge than conspiring online.
Human contact still matters
Despite the rise of remote profiling and synthetic identities, Mendez stressed that human intelligence still requires physical presence. ‘You can’t do it from an armchair,’ she said, noting that fieldwork, personal meetings and hands-on technical support remain crucial. Tradecraft still depends on creating and sustaining trust in person, even as AI assists in finding and shaping approaches.
Real-world case: North Korean infiltration of US firm
Security researchers and practitioners say the blending of forged identities, deepfakes and stolen credentials is already being exploited. At the same conference Exabeam’s vice president of AI strategy, Steve Povolny, described a summer 2025 incident in which an individual using a stolen identity and doctored documents secured a remote role at a US cybersecurity company. The applicant supplied fraudulent references and a manipulated driver’s license photo that appeared to be a deepfake or heavily altered image.
Within 24 hours of starting, the hire exhibited anomalous behavior. Exabeam’s AI analytics system, Nova, detected unusual user and entity behavior and alerted analysts. The new employee installed malicious executables, connected to an external command-and-control server, and attempted to set up remote access tools and VPN software. He also tried to arrange shipment of his laptop to Austin, Texas, which investigators believe was an attempt to integrate the device into a remote laptop farm and maintain persistent access back to North Korea.
Responders quarantined the activity, reimaged the machine, and disrupted the intrusion within about four to six hours, preventing data exfiltration. Exabeam publicly shared the case to warn other firms; that disclosure led at least one other company to discover a similar intrusion.
Broader enforcement and warnings
U.S. authorities have taken action against comparable operations. In June 2025 the Department of Justice announced coordinated measures across multiple states that seized roughly 200 computers and charged operatives alleged to have obtained employment at more than 100 U.S. companies using stolen or fabricated identities. The FBI has also warned that some North Korean operatives have extorted companies by encrypting and holding stolen code and data for ransom.
Defensive takeaways
Mendez and industry experts emphasize that organizations must shift from assuming threats are only technological to recognizing the human and social dimensions of modern espionage. Defensive measures include:
– Hunting for ‘soft spots’ where recruiting approaches could succeed: HR processes, recruitment platforms, vendor onboarding and remote-access approvals.
– Using AI and behavior analytics to detect anomalous activity rapidly, while preparing human analysts to investigate context and intent.
– Collecting and sharing incident information across the private sector to spot patterns and common tactics.
– Hardening identity verification in hiring, especially for remote roles, and tightening controls around device shipment, remote desktop software and VPN provisioning.
Mendez’s career, which included leading the CIA’s disguise and identity programs and working in the agency’s Office of Technical Service, underscores that deception and disguise are longstanding parts of intelligence work. What is new is scale and automation: AI accelerates target selection and personalization while also enabling adversaries to fabricate increasingly convincing identities and media.
The result is an arms race. As intelligence services harness AI to find and recruit sources more efficiently, organizations and defenders must combine technological detection with human judgment, rigorous vetting and an awareness that trust itself has become a primary battlefield.
