MITRE ATT&CK Technique
Description
Adversaries may obtain access to generative artificial intelligence tools, such as large language models (LLMs), to aid various techniques during targeting. These tools may be used to inform, bolster, and enable a variety of malicious tasks, including conducting [Reconnaissance](https://attack.mitre.org/tactics/TA0043), creating basic scripts, assisting social engineering, and even developing payloads.(Citation: MSFT-AI) For example, by utilizing a publicly available LLM an adversary is essentially outsourcing or automating certain tasks to the tool. Using AI, the adversary may draft and generate content in a variety of written languages to be used in [Phishing](https://attack.mitre.org/techniques/T1566)/[Phishing for Information](https://attack.mitre.org/techniques/T1598) campaigns. The same publicly available tool may further enable vulnerability or other offensive research supporting [Develop Capabilities](https://attack.mitre.org/techniques/T1587). AI tools may also automate technical tasks by generating, refining, or otherwise enhancing (e.g., [Obfuscated Files or Information](https://attack.mitre.org/techniques/T1027)) malicious scripts and payloads.(Citation: OpenAI-CTI) Finally, AI-generated text, images, audio, and video may be used for fraud, [Impersonation](https://attack.mitre.org/techniques/T1656), and other malicious activities.(Citation: Google-Vishing24)(Citation: IC3-AI24)(Citation: WSJ-Vishing-AI24)
Supported Platforms
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2024-03-11T13:37:31.836Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': 'Adversaries may obtain access to generative artificial '
'intelligence tools, such as large language models (LLMs), to '
'aid various techniques during targeting. These tools may be '
'used to inform, bolster, and enable a variety of malicious '
'tasks, including conducting '
'[Reconnaissance](https://attack.mitre.org/tactics/TA0043), '
'creating basic scripts, assisting social engineering, and '
'even developing payloads.(Citation: MSFT-AI) \n'
'\n'
'For example, by utilizing a publicly available LLM an '
'adversary is essentially outsourcing or automating certain '
'tasks to the tool. Using AI, the adversary may draft and '
'generate content in a variety of written languages to be used '
'in '
'[Phishing](https://attack.mitre.org/techniques/T1566)/[Phishing '
'for Information](https://attack.mitre.org/techniques/T1598) '
'campaigns. The same publicly available tool may further '
'enable vulnerability or other offensive research supporting '
'[Develop '
'Capabilities](https://attack.mitre.org/techniques/T1587). AI '
'tools may also automate technical tasks by generating, '
'refining, or otherwise enhancing (e.g., [Obfuscated Files or '
'Information](https://attack.mitre.org/techniques/T1027)) '
'malicious scripts and payloads.(Citation: OpenAI-CTI) '
'Finally, AI-generated text, images, audio, and video may be '
'used for fraud, '
'[Impersonation](https://attack.mitre.org/techniques/T1656), '
'and other malicious activities.(Citation: '
'Google-Vishing24)(Citation: IC3-AI24)(Citation: '
'WSJ-Vishing-AI24)\n',
'external_references': [{'external_id': 'T1588.007',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1588/007'},
{'description': 'Catherine Stupp. (2019, August 30). '
'Fraudsters Used AI to Mimic CEO’s '
'Voice in Unusual Cybercrime Case. '
'Retrieved March 18, 2025.',
'source_name': 'WSJ-Vishing-AI24',
'url': 'https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402'},
{'description': 'Emily Astranova, Pascal Issa. (2024, '
'July 23). Whose Voice Is It Anyway? '
'AI-Powered Voice Spoofing for '
'Next-Gen Vishing Attacks. Retrieved '
'March 18, 2025.',
'source_name': 'Google-Vishing24',
'url': 'https://cloud.google.com/blog/topics/threat-intelligence/ai-powered-voice-spoofing-vishing-attacks'},
{'description': 'IC3. (2024, December 3). Criminals '
'Use Generative Artificial '
'Intelligence to Facilitate Financial '
'Fraud. Retrieved March 18, 2025.',
'source_name': 'IC3-AI24',
'url': 'https://www.ic3.gov/PSA/2024/PSA241203'},
{'description': 'Microsoft Threat Intelligence. '
'(2024, February 14). Staying ahead '
'of threat actors in the age of AI. '
'Retrieved March 11, 2024.',
'source_name': 'MSFT-AI',
'url': 'https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/'},
{'description': 'OpenAI. (2024, February 14). '
'Disrupting malicious uses of AI by '
'state-affiliated threat actors. '
'Retrieved September 12, 2024.',
'source_name': 'OpenAI-CTI',
'url': 'https://openai.com/index/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors/'}],
'id': 'attack-pattern--0cc222f5-c3ff-48e6-9f52-3314baf9d37e',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'resource-development'}],
'modified': '2025-10-24T17:48:23.190Z',
'name': 'Artificial Intelligence',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_contributors': ['Menachem Goldstein'],
'x_mitre_deprecated': False,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': True,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['PRE'],
'x_mitre_version': '1.1'}