"We are seeing signs that they are using AI prompts the entire way," a cyber security analyst told the Financial Times in its May 30 report on Iran's military AI use. The paper said Iranian military and intelligence-linked operators use ChatGPT, Gemini and other Western services to write malware and craft Hebrew and Arabic phishing lures. It also tied those tools to cyber operations against Israel, the U.S. and Gulf targets.

The source packet points to a narrower shift than the word weapon suggests. Public AI services help with language, coding and research bottlenecks. Tehran is building a domestic AI platform meant to run on its national internet. Older Iranian strengths, especially social engineering, proxy networks and cheap drones, become cheaper to repeat when each operator can ask a model for translation, code help or research.

OpenAI and Google draw a line around that claim. OpenAI says it reports and disrupts Iran-linked misuse and that safeguarded models have offered no novel cyber capability. Google says Gemini misuse has produced productivity gains, not new capabilities, and that its safety systems block some malicious requests. The companies' caveat still leaves a scale problem for defenders.

Key Takeaways

AI-generated summary, reviewed by an editor. More on our AI guidelines.

Google's January APT42 count

More than 57 threat actors with ties to China, Iran, North Korea and Russia had used Gemini, and Iranian APT actors were the heaviest users, Google said in January 2025. APT42 accounted for more than 30% of Iranian APT use of Gemini, according to the report.

In Mandiant's May 2024 account, APT42 operated on behalf of Iran's IRGC Intelligence Organization and aimed campaigns at NGOs, media organizations, universities, legal services and activists in the West and the Middle East. The report described patient impersonation, fake Google Meet invitations, fake Gmail login pages and typo-squatted domains such as nterview[.]site that redirected targets toward credential theft.

Check Point's June 2025 report on Educated Manticore, which aligns with activity tracked as APT42, said the group targeted Israeli journalists, cyber security experts and computer science professors. In some campaigns, technology and cyber security professionals were approached through email or WhatsApp and steered toward fake Gmail or Google Meet pages that could capture passwords and two-factor codes.

The UAE's 500,000-a-day figure

Khaleej Times reported April 1 that UAE cyberattacks had doubled from about 250,000 a day to more than 500,000 a day since the regional crisis began. Dr. Mohamed Al Kuwaiti, head of cyber security for the UAE government, said attackers were using ChatGPT and WormGPT to write malicious code, identify vulnerabilities and prepare phishing emails.

OpenAI's October 2024 threat report, summarized by SecurityWeek, put narrower examples on the record. CyberAv3ngers, a persona linked by U.S. officials to Iran's government, asked ChatGPT about industrial ports, protocols, Tridium Niagara default passwords and Hirschmann RS industrial routers. OpenAI said those exchanges offered "limited, incremental capabilities" already available through non-AI tools.

A model that helps operators find PLC terminology, translate lures or debug scripts could broaden the pool of people able to support cyber tasks, even if the companies say it does not create novel capability. Al Kuwaiti put Iran's proxy network at more than 40 organizations and sympathizers.

Sharif's national platform

The March 2025 Iran International account described a prototype national AI platform built with Sharif University of Technology. The platform included GPU infrastructure, large language and multimodal models, agents and industry application layers. The same article said the project involved nearly 100 researchers and was slated for a full release in March 2026.

Know someone who'd find this useful? ✉️ Email it to a friend in one click, or they can subscribe free here.

Hamidreza Rabiei, head of Iran's Advanced Information and Communication Technology Research Institute, tied the platform to domestic network continuity. "We are not taking any API from any foreign platform, and if the internet is cut off, nothing will happen to the platform because we are connected to the national internet," he said.

Sharif University is under international sanctions for links to Iran's Ministry of Defense, the IRGC and missile work, according to Iran International. Recorded Future's April 2025 report described Iran's AI push as a top-down national program shaped by sovereignty, sanctions and security goals, with national-security uses concentrated in cyberattacks, influence operations, military and intelligence systems, and domestic repression. Alex Leslie of Recorded Future told the FT that "investing in AI is really a national security modernisation programme."

Drones after the strikes

The military side is harder to verify because Iranian officials claim more than outside analysts can see. In Army Recognition's account of the January 2025 Prophet Muhammad naval exercise, Mohajer-6 and Ababil-5 drones carried Qaem and Almas missiles that IRGC Navy commander Alireza Tangsiri described as AI-enhanced. The report put the Mohajer-6 at a 12-hour endurance and the Ababil-5 at a 480-kilometer range.

The Washington Institute's Farzin Nadimi supplied the battlefield context in May 2026. Iran and its proxies launched about 4,400 one-way attack drones before the April 7 ceasefire, roughly 120 a day, and 85% to 90% of them were fired in the first two to three weeks, he wrote. The UAE was targeted by 2,210 drone strikes and hundreds of ballistic and cruise missile strikes by April 7, according to Nadimi.

U.S. estimates cited by Nadimi said as much as 85% of Iran's drone arsenal and associated industrial base had been damaged or destroyed, though the exact level of destruction remains difficult to verify from open sources. Yet the program's structure, dispersed launch sites, mobile crews, front companies and university-linked research, made it hard to end. The FT reported that early April strikes also damaged the Sharif data center hosting the core AI platform. The public record shows damage to the hardware while leaving the program's continuity unresolved.

Frequently Asked Questions

What did the Financial Times report about Iran and ChatGPT?

The FT reported that Iranian military and intelligence-linked operators are using ChatGPT, Gemini and other Western AI services to help write malware, craft phishing lures and support cyber operations.

Did Google say Gemini gave Iranian hackers new capabilities?

No. Google's threat report said state-linked actors used Gemini for productivity gains such as research, translation and content work, not for novel cyber capabilities.

Who is APT42?

APT42 is an Iranian state-backed cyber espionage actor that Mandiant assesses operates on behalf of Iran's IRGC Intelligence Organization and targets media, academia, NGOs and activists.

What is Iran's national AI platform?

Iran International reported that Tehran unveiled a Sharif University-linked prototype with GPU infrastructure, large language and multimodal models, agents and domestic network support.

How does this connect to drones?

Iran's drone program shows the same logic: cheap, repeatable systems can impose costs even when defenses intercept most attacks and airstrikes damage production.

AI-generated summary, reviewed by an editor. More on our AI guidelines.

Two Cyber Models, Two Opposite Bets. The Subsidy Era Ends.
San Francisco | Wednesday, April 15, 2026 OpenAI shipped GPT-5.4-Cyber to thousands of verified defenders on Tuesday, exactly one week after Anthropic restricted Mythos Preview to roughly forty vette
The Implicator
Silicon Valley Built Its AI Future in a War Zone. Iran Just Sent the Invoice.
The $30 billion Stargate facility in Abu Dhabi makes for a dramatic target. But the IRGC's threat list runs 18 companies deep, and the real damage is already measured in confidence, not concrete. On
The Implicator
Sanders and Ocasio-Cortez Introduce Bill to Halt AI Data Center Construction
Bernie Sanders wants to pull the plug on every new AI data center in the country. On Wednesday, the Vermont senator and Rep. Alexandria Ocasio-Cortez rolled out the Artificial Intelligence Data Center
The Implicator
AI News

San Francisco

Editor-in-Chief and founder of Implicator.ai. Former ARD correspondent and senior broadcast journalist with 10+ years covering tech. Writes daily briefings on policy and market developments. Based in San Francisco. E-mail: editor@implicator.ai