South Korea’s National Cyber Security Center, a division of the National Intelligence Service, issued a warning on June 10 2026 that North Korean hacking groups are increasingly turning to autonomous artificial intelligence—known as agentic AI—to carry out cyber attacks with little human oversight. The alert, included in the agency’s 2026 National Information Security White Paper, explains how the rapid rise of AI, combined with widespread cloud adoption and aging legacy systems, has broadened the attack surface for state‑backed threat actors.

Agentic AI differs from conventional tools in that it can set goals, analyze data, and manipulate external systems without continuous human direction. The Center notes that such agents can produce large volumes of phishing emails, develop ransomware payloads, and coordinate attacks at scale, all while cutting the number of personnel required and reducing operational costs.

Evidence of this trend comes from multiple sources. Anthropic’s Mythos model was reported to have generated Windows‑targeted attack code in just 31 minutes, illustrating the speed at which large‑language models can produce executable malicious content. Kaspersky and Google Threat Intelligence Group have identified North Korean groups linked to the APT43/Kimsuky campaign as using large‑language models to assist in code creation. Another actor, APT45, reportedly entered prompts at scale to search for software vulnerabilities and test the execution of attack code. Analysts suggest that North Korea began designing and testing AI‑automated attacks in 2025 and has now largely adopted the technology, enabling it to launch larger, more frequent operations.

The Center’s warning points out that many South Korean public and private systems remain vulnerable because of outdated infrastructure. The combination of cloud expansion and neglected legacy systems creates structural weaknesses that agentic AI can exploit, especially by manipulating AI systems already in use by target organizations. The agency estimates that North Korea stole a record 2.2 trillion won (about $1.46 billion) in virtual assets last year, underscoring the financial incentive behind these attacks.

In response, the National Cyber Security Center calls for a shift to autonomous security operations that can detect, isolate, and remediate threats at machine speed. The agency states that agentic AI will be able to carry out the full attack life cycle and generate tens of thousands of malicious actions per second. Experts argue that isolated defensive measures are insufficient and advocate for a national‑level control tower capable of continuous cyber response. A research professor at Korea University’s Human‑Inspired AI Research Institute noted that a governance system able to respond to hacking within 24 hours is needed, but delegated authority and coordination challenges make this difficult.

The warning arrives amid a broader context of increasing AI‑driven cyber threats worldwide. While the report does not provide specific remediation steps, it signals that South Korea is preparing to upgrade its defensive posture to match the autonomous capabilities of adversaries. The current situation remains fluid, with ongoing monitoring of North Korean hacking activity, continued assessment of AI‑generated threat vectors, and the development of autonomous defense tools. The extent to which South Korea will implement a national control tower, the timeline for deploying machine‑learning‑based detection systems, and the effectiveness of these measures against evolving agentic AI attacks remain open questions.