Microsoft Deploys AI Agents to Manage Attack Infrastructure in Real Time

Microsoft’s threat‑intelligence team says AI‑driven “agentic” tools are now a core component of how adversaries build and run malicious infrastructure. In a recent interview, Sherrod DeGrippo, GM of global threat intelligence at Microsoft, explained that these agents automate the “janitorial‑type work” of reconnaissance and infrastructure provisioning, allowing attackers to issue natural‑language commands such as “scan the net blocks owned by this entity” and receive compiled results without manual scripting (The Register). The shift mirrors the broader trend of AI being repurposed from defensive augmentation to offensive acceleration, a point Microsoft highlighted in a Friday‑day blog that describes the practice as “improving the efficiency and productivity of criminal operations, resulting in attacks that are better, bigger, and faster.”

The most concrete evidence of this misuse comes from North Korea’s “Coral Sleet” crew, which Microsoft has linked to the fake‑IT‑worker scam. According to the same Microsoft blog, the group leverages development platforms to spin up and manage attack infrastructure at scale, using AI agents to converse with compromised servers and C2 nodes in plain language. This capability shortens the time between initial compromise and full‑blown campaign deployment, enabling rapid testing, staging, and command‑and‑control reconfiguration (The Register). DeGrippo notes that the technology lowers the technical barrier for less‑skilled criminals, because the agents handle routine tasks that would otherwise require deep networking or cloud‑ops expertise.

While AI agents can now perform automated reconnaissance, Microsoft cautions that they are not yet capable of fully autonomous cyber‑attacks. DeGrippo told The Register that AI‑generated malware still relies heavily on human direction, and the code‑writing proficiency of current agents “can’t yet rival those of humans.” Nonetheless, the presence of AI‑enabled payloads is detectable as a distinct class of malware, prompting Microsoft to adjust its detection heuristics for AI‑generated artifacts (The Register). The company’s internal research suggests that AI‑assisted tools are primarily used to streamline the preparatory phases—information gathering, asset enumeration, and infrastructure orchestration—rather than to replace the creative aspects of exploit development.

The broader security community is already reacting to the emerging threat. Google executives have warned that “AI‑powered cyberattack kits are just a matter of time,” underscoring the risk that commercial AI services could be weaponized at scale (The Register). Meanwhile, other vendors are rolling out defensive countermeasures. Microsoft’s own Agent 365 platform, announced earlier this year, lets enterprises manage AI agents with the same controls used for traditional workloads, a move intended to give defenders visibility into anomalous agent activity (The Verge). ZDNet has reported that Microsoft is also experimenting with self‑repairing data‑center technologies that could automatically quarantine compromised resources, a strategy that may mitigate the rapid infrastructure changes enabled by malicious agents (ZDNet).

In sum, the weaponization of AI agents marks a new operational layer for threat actors. By offloading repetitive reconnaissance and infrastructure tasks to language‑model‑driven bots, groups like North Korea’s Coral Sleet can accelerate campaign timelines, expand their reach, and lower entry barriers for novice criminals. Microsoft’s intelligence indicates that while fully autonomous attacks remain out of reach, the integration of AI into the attack lifecycle is already reshaping the threat landscape, prompting both industry and academia to rethink detection, attribution, and response frameworks.