Iran could use AI to accelerate cyberattacks on U.S. and Israeli critical infrastructure

Experts told Fortune that while there is no public evidence Iran can yet orchestrate AI-powered cyber agents at the level Anthropic documented China doing late last year, the country remains one of the world’s most capable cyber powers outside the major players—the United States, China, and Russia.

“Threat actors from Iran have often targeted the United States and Israel over the years, perpetrating attacks against critical infrastructure; performing espionage, DDoS [distributed denial-of-service] attacks, influence campaigns, and attacks designed to wipe systems,” said Allie Mellen, a principal analyst at Forrester Research and author of the upcoming Code War: How Nations Hack, Spy, and Shape the Digital Battlefield. 

Iran’s Islamic Revolutionary Guard Corps is a well-resourced organization and sophisticated cyber actor, agreed Bob Kolasky, senior vice president of critical infrastructure at AI supply-chain company Exiger. “It would be surprising if they weren’t using AI to advance their offensive cyber capabilities,” he said. “Iran has more than 10 years of history in attacking U.S. critical infrastructure, so they have clear intent and capability of such attacks and would presumably use their latest weapons.” 

Mellen said Iran has been experimenting with using AI in hacking operations for years. As one example, she explained, Google recently reported that Iranian hackers have used its Gemini AI system to help gather information on targets, trick people through more convincing phishing messages, and assist in building hacking tools.

But Iran does not need access to a Western model like Anthropic’s to conduct AI-assisted attacks, according to Leeron Walter, vice president of strategy at Israel-based data protection company Teramind.  “Open-weight models like Meta’s Llama and Chinese models like DeepSeek can be downloaded, run locally [without being connected to the internet], and fine-tuned with no usage restrictions and no guardrails,” she said. 

In fact, she pointed out that for a sanctioned nation-state like Iran that can’t easily access U.S.-based models, using open-source models is actually a better operational security posture than trying to misuse a monitored commercial platform. “They will lean into unmonitored, locally deployed open-weight models where there is no kill switch, no logging, and no terms of service,” Walter said.

For Iran-linked hacking groups, AI mostly makes familiar tactics faster and more effective. It allows them to send more convincing phishing emails at a much larger scale—messages that appear to come from trusted contacts and are designed to trick people into sharing sensitive information. AI can also help hackers more quickly find weak points in systems, scan networks for targets, and write or adapt malicious software without needing top-tier programmers for every operation.

“These groups have historically targeted energy, oil and gas, and critical infrastructure—sectors where a well-timed disruption has outsized geopolitical impact,” said Walter. “AI makes them faster and more scalable, not fundamentally different in their objectives.” 

This all leads to plenty of concerns for governments and companies, said Kolasky. If China decides to more closely commit to helping Iranian military objectives, it could grant more assistance with AI capabilities, he explained. Also, Iran may have incentives to “empty the tank” and use all means available to it as conflict escalates. “AI-enabled cyberattacks have not really been tested at scale, and whether U.S. critical infrastructure can defend against novel attacks is unknown,” he said. “There are clearly vulnerabilities that can be exploited, and AI will make it easier for Iran to identify those.”