The Financial Times Investigation: Iran's AI-Powered Cyber Arsenal

Fluent Phishing in Hebrew and Arabic: One of the most operationally significant findings is Iran's use of AI to craft phishing messages in flawless Hebrew and Arabic. Previously, poor grammar and unnatural phrasing were red flags that helped targets identify malicious emails. AI-generated lures now read as if written by a native speaker, allowing Iranian operators to impersonate trusted contacts convincingly and manipulate US and Israeli officials into clicking malicious links .

Fake Online Personas: Iranian hackers are using AI to generate complete fake identities—photos, professional backgrounds, and conversational styles—to build trust with targets over time before deploying social engineering attacks . This lengthens the engagement window and increases the likelihood of successful compromise.

Full Kill-Chain Integration: A cyber security analyst told the Financial Times, "We are seeing signs that they are using AI prompts the entire way," describing how AI supports operations from initial reconnaissance and target research through to payload delivery .

The Scale of the Threat: UAE Absorbs 500,000–700,000 Daily Attacks

The human cost of this AI acceleration is most visible in the Gulf. According to the Abu Dhabi Emergency, Crisis and Disaster Management Center, the UAE is facing between 500,000 and 700,000 cyberattack attempts per day from Iran-linked state actors .

Mohammed Hamad Al Kuwaiti, Head of Cyber Security for the UAE Government, confirmed to Khaleej Times in April 2026 that daily attacks had surged from around 200,000 to approximately 600,000 since the regional escalation began . Al Kuwaiti specifically cited state-linked hackers using ChatGPT and other AI tools to engineer these attacks, noting that the AI integration has made them more sophisticated and harder to detect .

Phishing incidents alone rose 32% in the first quarter of 2026, according to the Crisis and Disaster Management Center's "Cybersecurity Awareness Guide During Crises," which also warned of deepfake-driven disinformation campaigns designed to cause public panic . The attacks have targeted critical infrastructure across the Gulf, with Iranian state-sponsored actors operating through more than 40 proxy organizations and sympathizers .

Google's Earlier Warning: Iran the Top Gemini Abuser

The FT investigation builds on earlier intelligence. In January 2025—more than a year before the full escalation of the Iran conflict—Google's Threat Intelligence Group reported that Iranian government-backed cyber actors accounted for 75% of all identified state-backed misuse of Gemini among four monitored countries (China, Russia, Iran, and North Korea) .

Google's report at the time identified over 10 Iranian cyber groups using Gemini for phishing campaigns, reconnaissance of defense organizations, and writing software scripts. The company acknowledged its guardrails had prevented malware generation at that stage, but the FT's May 2026 findings suggest those defenses have since failed or been bypassed .

Beyond the Keyboard: Iran's Broader Military AI Push

The FT report makes clear that Iran's weaponization of commercial AI is not confined to cyber operations. The Islamic Revolutionary Guard Corps (IRGC) and broader Iranian military institutions are actively promoting AI integration across all branches .

Key areas of military AI development include:

• Drone Guidance and Targeting: AI is improving guidance systems for drones and underwater weapons, drawing in part on lessons Iran studied from Russian drone deployments in Ukraine .
• Electronic and Electromagnetic Warfare: AI tools support Iran's electronic warfare capabilities, enhancing jamming and signal intelligence .
• Battlefield Decision-Making: AI accelerates command decisions in military operations centers, compressing the time between detection and action .
• Two-Way Technology Pipeline: Iran and Russia have established a reciprocal exchange: Iran has supplied Russia with drones, while Russia began shipping drones to Iran following US-Israeli strikes in early March 2026, along with AI and battlefield data from Ukraine .

This institutional push places Iran at the center of a broader trend in which commercial AI tools—built by Western companies for civilian use—are becoming instruments of asymmetric warfare.