Microsoft’s “2025 Digital Defense Report” released on Thursday, October 16th, unveils that the world is entering a new era of network threats centered around artificial intelligence (AI). The report warns that nation-state actors such as China, Russia, Iran, and North Korea are accelerating the use of AI technology to expand network penetration, espionage activities, and cognitive warfare, significantly increasing the speed and scale of misinformation and influence operations.
Covering the latest trends from July 2024 to June 2025, the report highlights that in the past year, China and Russia have been the “most active” in global cyberattacks and intelligence operations, while Iran and North Korea continue to pose threats.
China’s actions primarily focus on long-term intelligence infiltration and academic technology theft, while Russia leans towards opinion interference, infrastructure sabotage, and election information manipulation. Microsoft points out that hackers from both countries extensively utilize generative AI to automate the creation of false information and infiltration activities, making cognitive warfare more targeted.
According to Microsoft’s Threat Intelligence Division, the most severely attacked countries in the first half of 2025 were the United States, United Kingdom, Israel, and Germany, with government agencies, research units, and IT service providers remaining primary targets. The report emphasizes that nation-state actors have integrated AI into traditional intelligence work to achieve large-scale monitoring and data theft.
Microsoft notes three changes in the actions of Chinese hackers in recent years: increased stealthiness in penetration techniques using multi-layer proxies and decentralized architectures, a shift in targets towards cloud and research institutions, and deep integration with “cognitive warfare” utilizing social media and AI-generated content to influence public opinion and international perceptions.
The report warns that Chinese hackers are extensively using generative AI for “social engineering attacks,” creating highly deceptive phishing emails and fake documents to carry out cross-border intelligence operations at lower costs. This “AI-empowered infiltration” has become a significant tool in Beijing’s digital intelligence system.
Microsoft stresses that AI is both a source of threat and a crucial defense. Hackers can use AI to automate network phishing activities, generate self-adjusting malicious code, identify system vulnerabilities, and even bypass traditional defenses, but defenders can also rely on AI for threat detection, anomaly detection, intercepting network phishing attacks, and automatic repairs.
In the report’s foreword, Microsoft’s Chief Trust and Security Vice President Amy Hogan-Burney and Chief Information Security Officer Igor Tsyganskiy stated, “Defenders must combat AI with AI,” and urged companies to consider cybersecurity as a risk issue on par with financial or legal matters, building cybersecurity resilience from infrastructure to operational processes.
The report also highlights that AI systems themselves have become new targets for attacks, with common threats including “prompt injection” and “data poisoning,” leading to model misjudgments, information leaks, and even manipulated erroneous outputs.
The report warns that in the future, hackers may utilize AI and blockchain to establish a “peer-to-peer” command network, forming an attack ecology that is difficult to trace and self-repairing. Additionally, the expansion of “cyber mercenaries” and the commercial black market for hackers are increasing, with some companies providing high-precision attack tools to governments or private clients. Microsoft points out that if this trend continues, it may affect satellite networks and financial data flows, increasing the difficulty of international accountability.
With Microsoft analyzing over 100 trillion security signals daily, they state that hackers have targeted almost everyone, making cybercrime an everyday, ubiquitous threat regardless of the size of the organization. It emphasizes that no single entity can withstand global threats alone.
The report calls for cross-border cooperation mechanisms to be established by governments, businesses, and the tech industry to jointly establish defense standards and deterrence measures to prevent AI-driven cyber threats to global critical infrastructure.
In conclusion, as AI-driven offensive and defensive postures become the norm, the report suggests that if the international community fails to establish common norms and regulatory frameworks, the digital environment may face deeper trust crises in the future. Microsoft advocates that only through innovation, resilience, and cooperation can network and information security be maintained in the AI era.
The “Digital Defense Report” is an annual global network security whitepaper released by Microsoft since 2020, considered one of the most authoritative and influential security situation reports in the industry.