Artificial intelligence (AI) has sharpened the tools of espionage and deception on all sides, giving spy agencies new power to identify and groom human sources while also arming adversaries with synthetic identities and deepfakes that are increasingly difficult to detect.
Modern espionage threats have expanded well beyond hacking and data breaches to include operatives posing as fake headhunters and job seekers. In one recent case, a North Korean operative posing as a young American technology professional landed a remote job at a US cybersecurity firm and was only unmasked by an AI agent.
Jonna Mendez, a 27-year veteran of the Central Intelligence Agency (CIA) and its former chief of disguise, said governments and companies faced an escalating threat as the same AI tools that empowered intelligence agencies were now being turned against institutions and their employees. She told Asia Times in an interview on the sidelines of a recent event in London that the technology had complicated the spy wars between the US and its adversaries in ways that had no clear precedent.
“The way to protect yourself is to find the soft spots,” Mendez said. “Where are adversaries coming in? How are they convincing people inside governments and companies to talk? That is where you need to dig and figure it out.”
Among the most sophisticated tools developed under Mendez’s watch were animated masks so convincing they could fool trained observers at close range, including President George H.W. Bush, who failed to detect that Mendez was wearing one during a White House briefing in the early 1990s.
She also described a Cold War technique called “disguise on the run,” used in Moscow, in which a CIA officer transformed his appearance while walking through a forest, changing from a diplomat in a suit to an elderly Russian pensioner to avoid detection during a covert operation near a nuclear communications cable.
Asked whether rival powers such as China had adopted and advanced CIA tradecraft in disguise and surveillance, Mendez said she had been out of the field too long to offer a confident assessment. But she did say that mask technology developed during her tenure could still be effective against modern cameras depending on lighting conditions.
China challenges its adversaries’ tradecraft with extensive camera networks and AI-powered facial recognition systems, according to some analysts.
China has built one of the most extensive surveillance infrastructures in the world, with an estimated 700 to 800 million cameras blanketing its cities. These systems combine facial recognition with multiple data streams to create what authorities call “city brains,” capable of tracking individuals across urban areas in real time and automatically flagging anomalies.
Mendez was speaking at Infosecurity Europe 2026 in London, where she delivered a keynote talk on deception, disguise and the evolution of espionage tradecraft from the Cold War to the AI era.
“The intelligence community in Washington has been concerned, really concerned about how AI will impact our intelligence operations,” she said. “Its ability to scoop up all the information about a particular individual, information that we would never be able to use otherwise, is going to be very helpful.”
She said the core objective of intelligence work had not changed: convincing a person to cooperate and share information that could not be obtained any other way. She added that AI had dramatically expanded the ability to identify and profile the right target before any approach was made.
“Before AI, we already had the capability to do a lot of background work on a particular individual,” Mendez said. “We could figure out where they lived, whether they were married, how many kids, what kind of house, what kind of car, what kind of finances. That’s not difficult if you’re really looking hard at somebody.”
She said AI had taken that capability to another level, sweeping up vast amounts of personal data to build a fuller picture of a target, with the ultimate goal of befriending rather than confronting them and winning their trust.
Chinese fake headhunters
The Five Eyes intelligence partnership, comprising the security agencies of Australia, Canada, New Zealand, the United Kingdom and the US, released a joint bulletin on June 3 titled “Safeguarding Our Secrets,” warning that Chinese military intelligence services were using professional networking sites and online job platforms to target individuals with access to classified or privileged information.
The bulletin said operatives posed as recruiters, consultants or representatives of think tanks and private firms, posting job advertisements related to foreign policy, defense, international trade and Indo-Pacific security to lure targets into applying.
It said Chinese recruiters had shifted away from directly approaching individuals on LinkedIn, instead ranking applicants’ resumes by their likely access to sensitive information. Defense, foreign affairs, intelligence and technology workers were identified as prime targets, alongside military personnel, academics, journalists and think-tank employees.
“The allegation of so-called ‘Chinese espionage threat’ is entirely fabricated and constitutes malicious slander. We strongly condemn this,” said a spokesperson of the Chinese Embassy in the UK. “The Five Eyes are the world’s largest intelligence network. Its members have engaged in unscrupulous espionage and intelligence-gathering activities around the globe. Their activities are the real threat to peace-loving countries.”
Mendez did not directly address the Five Eyes warning, but said the combination of AI, deepfakes and social media had created fertile ground for exactly this kind of recruitment, exploiting the same trust vulnerabilities and human motivations that intelligence agencies had long relied upon.
“This all starts going down a path called trust,” she said. “The evidence of trust, or the lack of trust in an intelligence operation, is absolutely critical. You have to trust the information that you’re getting, and they have to trust you back.”
She said intelligence agencies had long understood that people betrayed their countries for predictable reasons, grouped under the acronym MICE:
- money – some could be induced to sell secrets for financial reward;
- ideology – others acted on deeply held beliefs, willingly turning against their government;
- compromise – damaging personal information used as blackmail leverage;
- ego – perhaps the most potent trigger, targeting people who felt overlooked, perhaps denied promotion, or harbored other grievances against their employer or government.
She said AI made it faster and cheaper than ever to identify which trigger applied to a given individual.
Despite the rise of AI and cyber operations, Mendez said human intelligence work could not be conducted remotely.
“You can’t do it from an armchair, you’ve got to get up and cross borders,” she said, adding that it was also necessary to send a technician along on every operation, as field officers kept breaking or losing equipment and blaming the technology team.
Mendez spent decades working undercover at the CIA, serving tours in Europe, the Far East and the subcontinent before rising to lead the agency’s disguise and identity program. She joined the CIA’s Office of Technical Service in 1970, a division modeled on the “Q” branch in the James Bond films, where she specialized in training foreign assets to gather intelligence using miniature spy cameras and other covert technology. She eventually led a global disguise program targeting the KGB, East Germany’s Stasi and Cuban intelligence.
Her late husband, Tony Mendez, was among the CIA’s most celebrated operatives. He is best known for the Canadian caper during the 1979 Iran hostage crisis, in which he rescued six American diplomats stranded in Tehran by disguising them as a Hollywood film crew scouting locations for a fake science fiction movie called Argo. The operation was later dramatized in the Oscar-winning 2012 film of the same name.
North Korean IT workers
Also at Infosecurity Europe in London, Steve Povolny, vice president of AI strategy and security research at Exabeam, said in an interview that a North Korean operative had successfully infiltrated the cybersecurity firm itself in the summer of 2025, using a stolen identity and forged documents to pass the company’s hiring process and gain access to its internal network.
“He submitted a series of fraudulent documents, including a doctored driver’s license where the image was either a deepfake or heavily altered,” he said. “He provided false references, faked his forms, and was successfully hired. But our security operations center had seen some red flags and was paying closer attention than normal.”
Within 24 hours of his joining, Exabeam’s AI system, Nova, automatically detected a cluster of anomalous behaviors through user and entity behavior analytics (UEBA) and alerted analysts.
“He installed malicious executables, connected to a command-and-control server, installed Jump Desktop (a remote desktop application) and VPN (virtual private network) software, and was trying to get approval to ship his laptop to Austin, Texas,” Povolny said. “We think he was probably trying to get it installed in a laptop farm to give a remote connection back to North Korea. We were able to shut down all the activity, reimage his laptop, and avoid any kind of breach or exposure within about four to six hours.”
“If malicious actors have been able to be there for a long time, they’ve established trust and been given increased access to different systems,” he said. “Full intellectual property code bases can be stolen, internal sensitive documents, credentials are much easier to steal once you’re on the inside.”
Findlay Whitelaw, field chief information security officer at Exabeam, said the company chose to go public despite reputational risks because silence was making the industry more vulnerable. She said that no company was immune, and that sharing the experience was more important than protecting the firm’s image. The decision proved well-founded. A company that heard Exabeam present the case at a recent conference called back two days later to report it had found a similar North Korean operative on its own network.
In June 2025, the US Department of Justice announced coordinated actions across 16 states, seizing approximately 200 computers and charging operatives who had obtained employment at more than 100 US companies using stolen and fake identities. The FBI warned that North Korean operatives have extorted companies by holding stolen data and proprietary code hostage for ransom.
Read: US moving to revive China Initiative targeting espionage
Follow Jeff Pao on X at @jeffpao3
