Iran turns Western AI models into cyberwar weapons

TL;DR:

  • Western AI models including ChatGPT and Gemini are accelerating Iran’s cyber operations, helping develop malware and craft fluent phishing messages at scale, cyber experts and tech firms tell the FT.
  • The UAE reported facing more than half a million cyber attacks a day during recent fighting, while Israelis were hit by waves of AI-assisted phishing.
  • Iran is also building a sanctions-resistant national AI platform designed to keep running even if the country disconnects from the global internet.

The Financial Times reports that Iran’s hackers are using commercial AI tools throughout their operations — scanning for vulnerabilities, building convincing fake personas and automating attacks. “It has absolutely helped them raise their game,” one security analyst said. Google previously found Iranian state-backed group APT42 using Gemini to impersonate targets, and even to research jamming American F-35 jets.

Why this matters beyond the region

The episode crystallises a problem with no clean solution: the same models that defend systems can be repurposed to attack them. OpenAI said it disables abusive accounts and that its safeguarded models offer “no novel cyber capabilities”, but spotting new accounts is a game of whack-a-mole. For UK organisations, the relevant lesson is not Tehran’s intentions but the lowered barrier to sophisticated attacks — AI lets adversaries produce flawless phishing in any language and operate fake identities at scale, eroding the tell-tale errors defenders once relied on.

The story also highlights the dual-use reality at the top end. The FT notes that the US itself leans on Palantir’s Maven system and Anthropic’s Claude to interpret intelligence and support strikes — the mirror image of Iran’s adaptation. Iran’s open-source, locally hosted national platform, developed at sanctioned Sharif University, shows how AI capability is diffusing even under heavy restrictions; air strikes damaged its core data centre, but, as one analyst put it, the genie is out of the bottle.

Looking forward

For UK businesses and infrastructure operators, AI-enabled threats reinforce a shift already underway: assume adversaries have the same tools you do. That raises the premium on AI-aware defences, staff training against more convincing social engineering, and resilience planning. The capability gap that once protected smaller targets is narrowing — a structural change in the threat landscape rather than a single news event.