How AI-generated applicants are infiltrating Western companies—and what HR and IT need to know now
The growing prevalence of generative AI is not only transforming recruitment processes; it is also creating dangerous new vulnerabilities. Security analyses show that the North Korean regime is deliberately using artificial intelligence to infiltrate Western companies with fake applicants, with the aim of stealing sensitive information, gaining economic advantages, and circumventing sanctions.
AI doesn't just optimize resumes—it creates entire fake identities
What is a useful tool for many job seekers is being strategically exploited by North Korean actors: Using AI-powered tools, they create flawless resumes, compelling cover letters, fake certificates, and even social media profiles. Language barriers are overcome through automated translation services. Deepfake technologies make it possible to conduct job interviews using manipulated video identities, including artificially generated voices.
The Strategy: From Fake Job Postings to Remote Hiring
To carry out effective deception, state-sponsored groups use a multi-tiered system:
- First, fake job postings are published in order to collect real applications.
- These serve as templates for forged documents, which are then submitted to legitimate companies.
- The entire process is managed by automated bots that handle thousands of applications at once.
The goal is to hire remotely, preferably for IT jobs that involve little face-to-face contact.
Laptop farms and coordinated access
If the system is shut down, the company’s devices do not end up with individual “employees,” but rather in so-called laptop farms. In these facilities, often located abroad, hundreds of company laptops are operated simultaneously. Remote access, software maintenance, and communication are coordinated centrally. From the company’s perspective, all activities appear legitimate, but they are not.
In the U.S. alone, several such networks have recently been uncovered, involving hundreds of fake employees.
Security vulnerabilities in recruiting: an underestimated threat
Companies that operate in a remote-friendly manner and recruit globally are particularly at risk. HR teams often fail to recognize the danger because applications appear professional at first glance. However, in addition to financial damage, there is a much greater risk: targeted data exfiltration, industrial espionage, and the establishment of persistent threats within the corporate network.
What Companies Need to Do Now
1. Raise awareness among recruiting teams
Look for suspicious patterns: unusually generic applications, identical phrasing, suspicious timestamps, or inconsistent online profiles.
2. Strengthen identity verification
Rely on modern verification solutions, including video identification, checks against sanctions lists, and technical checks before device issuance.
3. Secure remote access
Restrict access rights for remote employees. Automated monitoring tools should immediately report any unusual activity—such as simultaneous logins, use of RMM tools, or unusual time patterns.
Conclusion: Deepfakes in job interviews—not the future, but the present
North Korea uses AI not only for defense but also offensively as a means of infiltrating Western IT systems. Deepfake job applicants, fake profiles, and centralized laptop farms have long been a reality. Companies must recognize recruitment processes as a security-critical area and respond with appropriate measures.
After all, the next job application in your inbox might not be from a human, but from an AI-powered bot working for a regime.