WASHINGTON (Realist English). While the Middle East awaits peace negotiations, Iranian hackers are using Western artificial intelligence models – ChatGPT, Gemini and others – to ramp up their cyber operations, the Financial Times reports. With their help, Iran develops malware, creates phishing messages in flawless Hebrew and Arabic, and then attacks its adversaries with unprecedented speed and scale.
“We see signs of AI use at every stage”
An anonymous cybersecurity analyst at a major firm told the FT: “We are seeing signs that they are using AI prompts the entire way. It has absolutely helped them raise their game.” Thanks to this, Tehran, which has been in a fragile ceasefire with Israel and the United States since early April, continues to exert digital pressure on its more technologically advanced adversaries – scanning the internet for vulnerabilities and protecting its own weak spots. The Iranians even use AI to create convincing fake personas to deceive targets in the US and Israel.
The United Arab Emirates, which has been subjected to thousands of missile and drone attacks during the fighting, has said it faces more than half a million cyber attacks every day assisted by ChatGPT. Israelis have been spammed with wave after wave of phishing emails and text messages; some reportedly invite them to collaborate with Iranian intelligence.
Iran’s “Mossad” in the clouds
AI is particularly effective in long‑term social engineering operations, where it is necessary to maintain contact for weeks under a false identity. “If you are from Tehran and trying to pretend to be the HR person at a defence contractor in California, it is a heavy lift to talk to someone for a month and come off as a person living in California,” the analyst noted. Shortly before the conflict began in late February, Google spotted state‑backed group APT42 using its Gemini model to do exactly that.
Western companies are trying to block the Iranians, but detecting new accounts quickly becomes a game of whack‑a‑mole. OpenAI said it regularly reports and disrupts attempts by Iranian‑affiliated actors to misuse its services and takes enforcement action – disabling accounts, terminating access, or limiting capabilities being abused. However, according to Google, Iranian hackers use its chatbots much more heavily than their more sophisticated counterparts from North Korea, Russia or China. APT42, in particular, used AI to study how to jam US F‑35 fighter jets.
Not only cyber warfare: AI in missiles and on the battlefield
An FT analysis of some 300 Iranian military journal articles from the past five years found studies on AI to bolster electronic warfare, accelerate decision‑making in command centres, and improve drone guidance and underwater targeting. “Iran wants to keep pace with the cutting‑edge militaries,” said Nicole Grajewski, an expert on the Iranian military at Sciences Po in Paris.
The Islamic Revolutionary Guard Corps (IRGC) claims to have cruise missiles with AI guidance, navigation and electronic warfare evasion systems. While it is unclear whether they have been successfully deployed in combat, experts believe AI was used in planning strikes on targets in the Persian Gulf: the sequence of targets in the opening salvos may indicate AI involvement.
The “Russian and Chinese trace”?
Iran is also almost certainly using AI in ways that outsiders cannot easily observe. Much of its infrastructure is built on open‑source and locally designed models, hosted on closed networks away from prying eyes. “What is being observed is only the tip of the iceberg,” the cited expert said.
Since 2025, Iran has been experimenting with a national AI platform developed by Tehran‑based Sharif University (which is under strict Western sanctions for its close military ties). The platform is designed to keep working even if the country disconnects from the global internet.
“This is a sophisticated nation with sophisticated tools,” said Gil Messing of Israeli cybersecurity firm Check Point. “They will be paying the price for whatever it is to get the best that they can.”
In early April, Israeli and US airstrikes severely damaged the data centre hosting the core infrastructure of this platform, as well as the AI research laboratories at Sharif University. But analysts believe that reversing the process is no longer possible.
AI‑powered attacks
Israeli intelligence services have recorded a sharp rise in the quality of Iranian information attacks. Whereas fake messages were once easy to spot because of poor Hebrew, generative models have now learned to produce nearly flawless texts for propaganda and recruitment, marking a “new frontier in regional cybersecurity.”
The media report that Iran uses ChatGPT and WormGPT for massive cyber attacks on the UAE. More than half a million attacks on the emirates’ critical infrastructure are recorded every day. Using AI, hackers create perfectly crafted phishing emails and “wiper” viruses capable not only of stealing but of completely destroying databases, including backups.
Iran has officially declared 18 Western technology companies (including Apple, Google, Microsoft, Nvidia) as “legitimate targets,” accusing them of supporting the US and Israeli war machine. This was the logic behind cyber attacks on Amazon Web Services in the UAE and Bahrain, which crippled banking systems and applications across the region.
The 2026 conflict is not only a story of missile strikes and diplomacy, but also a transition to a new level of technological confrontation. Iran has demonstrated remarkable adaptability, turning Western tools into its own weapons and creating an “ecosystem” response to Israeli bombing. Despite the destruction, the country has strengthened its AI capabilities, which have now become an integral part of its defence doctrine and a “weapon of retaliation” in any future negotiations.
