Russia’s use of artificial intelligence in its cyberwar against Ukraine has expanded beyond fake news and propaganda campaigns, according to Ukrainian government officials. Moscow is now embedding AI directly into malware to generate malicious commands “on the fly.”

A new report from Ukraine’s National Security and Defense Council says Russia’s use of AI across cyber operations expanded dramatically over the past year, reshaping everything from social engineering campaigns to malware development and creating what Ukrainian officials describe as a growing imbalance between attackers and defenders.

For years, researchers tracked Russia’s use of artificial intelligence primarily in influence operations — generating fake content for disinformation campaigns and online manipulation efforts. But Ukraine says the technology is increasingly being embedded in cyber operations themselves.

Last year, researchers identified a malware strain dubbed LameHug, allegedly deployed by the Russian military intelligence-linked group UAC-0001, also known as APT28. The malware used an open-source language model to generate system commands dynamically through natural-language prompts.

According to the report, Russian operators also used AI to refine malware, including the ScopeCreep backdoor, adding features designed to evade detection and escalate privileges inside compromised systems.

Officials said such tools are harder for traditional security products to detect because they can generate actions in real time rather than rely on predictable behavior patterns.

Researchers also found Russian hackers increasingly using public AI platforms such as ChatGPT and Gemini for reconnaissance, exploit development, malware coding and debugging, and target analysis.

Western technology companies have tried to limit the malicious use of AI systems, but researchers say threat actors often bypass safeguards using disposable or compromised accounts or by deploying open-source models such as Meta’s Llama on privately controlled infrastructure.

The spread of AI extends beyond malware. Ukraine said AI-enhanced phishing campaigns made social engineering attacks more effective, while researchers documented personalized Ukrainian-language voice deepfakes targeting members of the country’s armed forces. AI chatbots were also allegedly used to automate recruitment efforts aimed at persuading civilians to conduct sabotage operations and gather intelligence.

The report also warns that Russia is increasingly attempting to manipulate the AI ecosystem itself.

Researchers described a strategy they called “AI poisoning,” in which large volumes of AI-generated disinformation are pushed online to contaminate the information consumed by public chatbot systems and future AI models.

“Artificial intelligence is creating a significant imbalance in cyberspace by giving the attacking side a strategic advantage,” researchers wrote.

The report argues that while attackers are rapidly adopting AI to automate and scale operations, defensive applications remain comparatively limited — largely focused on helping analysts process data and streamline routine security tasks.

“This gap is further widened by the failure of developers of defensive systems to fully account for the realities of modern cyberwarfare,” the report stated, “making AI more of a breakthrough tool for offensive operations than an effective tool for defense support.”