Getty Images Bank.

Artificial intelligence (AI) has fundamentally changed the cybersecurity landscape. Cyberattacks are no longer limited to hackers manually infiltrating systems. AI is increasingly being used to automate the entire attack process—from identifying vulnerabilities and breaching systems to monetizing stolen data. As North Korean hacking groups targeting South Korea actively adopt AI, they are overcoming limitations tied to individual hackers' capabilities and can now launch large-scale attacks with relatively small teams. At the same time, aging public and private-sector systems in South Korea remain highly vulnerable. The National Intelligence Service (NIS) has warned that the country must urgently transition to an "autonomous security operations system" capable of responding at machine speed.

The National Cyber Security Center, operated under the NIS, published the 2026 National Information Security White Paper on Aug. 8. Analyzing cyberattack trends from the previous year, the agency noted that "the rapid advancement of AI has dramatically enhanced attackers' capabilities, while the expansion of cloud infrastructure and the neglect of aging systems have exposed structural weaknesses in defense systems."

The NIS highlighted the growing use of agentic AI across the entire cyberattack lifecycle. Unlike conventional AI systems that simply provide information, agentic AI can autonomously set objectives, analyze data, and directly interact with external systems without human intervention. In the hands of cybercriminals, such technology can generate unlimited amounts of phishing and other social-engineering content, as well as develop hacking tools such as ransomware. Most importantly, it enables attackers to conduct large-scale operations with minimal cost, manpower, and time. Concerns have recently intensified after reports that Anthropic's AI model Mythos generated Windows attack code in just 31 minutes.

These developments are particularly evident among North Korean hacking organizations. According to global cybersecurity firms including Kaspersky and Google Threat Intelligence Group, the North Korean hacking group Kimsuky has been found using large language models (LLMs) in code development. Another North Korea-linked group, APT45, reportedly used repeated AI prompts to identify software vulnerabilities and verify the viability of attack code. Analysts believe North Korea began designing and testing AI-driven cyberattacks last year and has now fully integrated such capabilities into its operations. This has significantly expanded the scale and frequency of attacks while compensating for the limitations of individual hackers. North Korea's cryptocurrency thefts reportedly reached a record 2.2 trillion won last year.

While North Korea's cyber capabilities continue to advance rapidly, many of its primary targets in South Korea are operating on aging infrastructure. At the same time, organizations across industries are increasingly adopting AI in their operations. Because agentic AI is particularly effective at exploiting and manipulating AI-enabled systems, expanding AI adoption without corresponding security upgrades could simply create additional attack vectors. The NIS warned that "starting this year, agentic AI will autonomously execute the entire attack lifecycle and generate tens of thousands of malicious actions per second," adding that "defense systems must immediately transition to autonomous security operations that minimize human intervention and identify and isolate threats at machine speed."

Experts also stressed the need for a national-level control tower capable of providing continuous cyber defense, arguing that fragmented responses are no longer sufficient. Choi Byung-ho, a research professor at the Human-Inspired AI Institute at Korea University, said, "At present, the only viable approach is to use AI to identify security vulnerabilities and patch them as quickly as possible. We need a governance framework capable of responding to cyberattacks within 24 hours, but challenges such as authority delegation make that difficult."

                                                                                      Kim Hong-chan, Choi Min-jun