South Korea warns North Korea using autonomous hacking AI

South Korea’s National Cyber Security Center, under the National Intelligence Service, issued a warning in its 2026 National Information Security White Paper that North Korean hacking groups are increasingly using autonomous AI to conduct cyberattacks. The agency highlighted the rise of agentic AI, which can independently identify system vulnerabilities, generate phishing content, and deploy ransomware with limited human intervention, significantly reducing costs and operational risks for attackers. Global cybersecurity firms, including Kaspersky and Google Threat Intelligence Group, have observed North Korea-linked groups like Kimsuky and APT45 using large language models to automate code writing and vulnerability testing. Analysts believe North Korea began testing AI-driven attacks last year and has since integrated the technology to overcome personnel shortages, enabling larger and more frequent cyber operations. The shift poses a critical threat to South Korea, where many public and private systems rely on outdated infrastructure, leaving them vulnerable to exploitation. The agency emphasized that agentic AI could manipulate AI-driven systems within target organizations, expanding attack surfaces unless defenses are urgently upgraded. Starting this year, the agency predicts autonomous AI will execute tens of thousands of malicious actions per second, necessitating a transition to AI-powered, real-time cybersecurity responses. Experts stress the need for a national-level cyber response system capable of patching vulnerabilities within 24 hours, though challenges like delegated authority hinder progress. Choi Byung-ho, a research professor at Korea University’s Human-Inspired AI Research Institute, warned that current fragmented defenses are insufficient against the evolving threat landscape. The warning follows North Korea’s record theft of $1.46 billion in virtual assets in 2023, underscoring the urgency for systemic cybersecurity reforms.