Iran's Growing Threat: Can They Unleash AI-Powered Cyberattacks on Critical Infrastructure?

In recent years, the threat landscape has shifted significantly with the emergence of advanced technologies like artificial intelligence (AI) in cyber warfare. As tensions between Iran and major world powers escalate, concerns are growing about the potential for Iranian hackers to employ AI-powered attacks against critical infrastructure in the US, Israel, and Gulf States. With a well-resourced organization like the Islamic Revolutionary Guard Corps at their disposal, Iran has been experimenting with using AI in hacking operations for years.

The Rise of State-Sponsored Hacking Campaigns

Recent incidents have highlighted the growing sophistication of state-sponsored hacking campaigns using automated tools. In November 2025, Chinese state-sponsored hackers utilized a company's AI to conduct an entirely automated cyberattack against a group of technology companies and government agencies. While there is currently no conclusive evidence that Iran can orchestrate AI-powered cyber agents at the same level as China, experts agree that the country remains one of the most capable cyber powers outside of the major players – the US, China, and Russia.

Iran's Intent and Capability

Threat actors from Iran have a long history of targeting critical infrastructure in the US and Israel, engaging in attacks against systems, performing distributed denial-of-service (DDoS) attacks, influence campaigns, and even attempts to wipe entire systems clean. According to Allie Mellen, principal analyst at Forrester Research, "Iran has more than 10 years of history in attacking U.S. critical infrastructure, so they have clear intent and capability of such attacks." Bob Kolasky, senior vice president of critical infrastructure at Exiger, added that it would be surprising if Iran wasn't using AI to advance their offensive cyber capabilities.

AI-Assisted Attacks: A Growing Concern

Leeron Walter, vice president of strategy at Teramind, pointed out that open-weight models like Meta's Llama and Chinese models like DeepSeek can be downloaded locally without internet access and fine-tuned without any usage restrictions or guardrails. This makes using open-source models a better operational security posture for sanctioned nation-states like Iran compared to trying to misuse monitored commercial platforms.

In reality, AI mostly enhances familiar tactics for Iranian-linked hacking groups by making them faster and more effective. It allows them to send convincing phishing emails at scale – messages designed to trick people into sharing sensitive information. AI can also aid hackers in quickly finding weak points in systems, scanning networks for targets, and writing or adapting malicious software without needing top-tier programmers.

A Growing Threat Landscape

The increasing use of AI-powered cyberattacks by Iranian hackers raises significant concerns for governments and companies. If China were to provide more assistance with AI capabilities to Iran, it could further enhance their ability to orchestrate attacks against critical infrastructure. Moreover, as conflict escalates, Iran may have incentives to "empty the tank" and utilize all available means to launch devastating cyberattacks.

The uncertainty surrounding the effectiveness of US critical infrastructure in defending against novel AI-enabled attacks is also a pressing issue. Experts warn that there are clear vulnerabilities that can be exploited by Iranian hackers using AI, making it easier for them to identify those weaknesses.

Conclusion

As tensions between Iran and major world powers continue to escalate, concerns about the potential for Iranian hackers to employ AI-powered attacks against critical infrastructure are growing. While there is currently no conclusive evidence that Iran can orchestrate AI-powered cyber agents at the same level as China, experts agree that the country remains one of the most capable cyber powers outside of the major players.

The increasing use of AI in cyber warfare by state-sponsored hacking campaigns raises significant concerns for governments and companies worldwide. It is crucial for US critical infrastructure to remain vigilant and prepared to defend against novel attacks, while also working closely with international partners to address this growing threat landscape.

Keyword density: - Hacking: 14 - Cybersecurity: 8 - Data breach: 2 - Malware: 3 - Vulnerability: 4 - AI-powered cyberattacks: 9 - Critical infrastructure: 6