Iran has long used unconventional tactics and weapons in waging asymmetric warfare against the United States and its allies and partners. This has included the use of non-state proxies to maintain pressure on regional adversaries like Israel; cyberattacks, such as the ones carried out in 2022 and 2023 targeting critical infrastructure systems in the United States, Israel, and several other Middle East nations; and destabilizing information operations, like those announced this month implicating the U.S. presidential campaigns. Amid recent domestic uprisings, Iran has begun to incorporate Artificial Intelligence (AI) into its domestic surveillance efforts, fueling repression in furtherance of regime stability. What might this development portend with regard to Tehran’s future cyberspace and information operations? And does Iran have what it takes to advance their AI capabilities?
Earlier this year, the Institute for Security and Technology published a report on the malicious use of AI and outlined several possibilities relevant to Iran’s established pattern of behavior and apparent intentions. This includes the potential of AI expanding the ability of authoritarian states to commit human rights abuses, and to enhance their information operations and cyber attack capabilities. While Iran might have limited capabilities in some aspects of AI development, its collaboration with China and Russia enable myriad opportunities to develop and weaponize cutting-edge technologies like AI. Additionally, Iran postures itself in the global tech and AI race not only to target the United States and its allies, but also to keep pace with other regional powers.
Information Operations on Steroids
As foreign information operations come into shape, they depend on three conditions, among others: (1) the ability to overcome the language barrier, (2) the ability to generate plausible content, and (3) the ability to vet and select from a pool of potential targets. Iran’s recent activities show integrating the combination of these conditions.
In three instances this year, OpenAI reported that cyber actors—including Iranian-affiliated cyber actors—have been found to be utilizing ChatGPT for malicious and deceptive ends. In February 2024, they reported that two Iranian cyber actors, as well as others from China, North Korea and Russia, leveraged ChatGPT at different stages of their cyber operations. The report details how Iranian-affiliated threat actor “Crimson Sandstorm” used ChatGPT to generate email phishing content, including one pretending to come from an international development agency, which suggests that they are using AI to support their English language writing—an essential element of any influence operation. OpenAI’s second report in May 2024 sheds light on different cyber actors resorting to ChatGPT to execute deceptive information operations, while its August 2024 specifically focuses on Iranian-affiliated cyber actors’ AI-enabled information operations.
To meet the second condition discussed above, these actors have allegedly been generating legitimate-appearing content in an attempt to “manipulate public opinion or influence political outcomes while hiding the true identity […] of the actors behind them.” Additionally, OpenAI detected an Iranian threat activity cluster labeled “Storm-2035” that has been using ChatGPT to draft news articles on the U.S. presidential elections, the war in Gaza, and Israel’s participation in the 2024 Olympic Games and posting them on progressive and conservative media outlets. While these articles might on the surface appear legitimate and contain relevant and timely context, they are also seeded with a measure of inflammatory content intended to evoke political passions on either side of the divide. In another instance, Storm-2035 actors prompted OpenAI’s models to learn from existing social media comments and generate new ones in the same style, in both English and Spanish, that could be used to expand the scope of its information operations. Both of these use cases are making the legitimization of inflammatory content more accessible and less detectable through AI models, an underlying commonality that warrants concern.
As Iranian threat actors attempt to scale up their information operations, they could leverage GenAI to target protected classes such as race, gender, and political viewpoints to drive a wedge between different communities. AI has significant potential to generate personalized propaganda tailored to each individual’s digital profile; with content algorithmically optimized to erode trust in institutions and amplify societal divisions, malicious actors could unleash large-scale, but at the same time highly tailored, disinformation campaigns designed to destabilize entire societies.
Tailoring propaganda messaging to influence elections is not a new concept. For instance, the KGB used “active measures” that involved human intelligence elements to identify and manipulate targets, ultimately creating a broader propaganda machine capable of influencing foreign governments, inciting insurgencies, or even overthrowing governments. With current AI models, this process becomes significantly easier. Human capabilities can be replaced or enhanced with online surveillance with the help of AI. LLMs can also streamline the identification of targets and the creation of personalized messaging by compiling the individual’s profile and sizing up their characteristics, including socio-economic and political stances, to ultimately generate tailor-made content to influence and deceive.
AI-Enhanced Surveillance
Domestically, the Iranian regime has been weaponizing AI in its quest to crack down on gender equality, especially in locating women that were not abiding by the veil mandate. Earlier this year, the regime crafted draft legislation that explicitly calls for the use of AI-enabled facial recognition to “enforce strict morality codes” at scale. Amnesty International reports that the regime has warned more than a million women that their cars could be seized if surveillance cameras detect them without their headscarves.
Both the scale of AI-powered facial recognition and its centralization in the hands of a repressive regime raise concerns about women’s rights and broader domestic stability in Iran. Iran’s long-standing strategic partnership with China—especially given that China is the top foreign investor into Iran’s economy—has bolstered Iran’s state surveillance with an uptick in exports of Chinese facial recognition technologies in 2022, as domestic uprisings erupted in Iran. This flow of AI-enabled facial recognition from China to Iran could lower the cost and technical barrier for greater “gendered repression” in the country, and potentially inspire other authoritarian regimes to follow suit.
Iran could leverage AI to create more intrusive surveillance systems for tracking not only women but also for identifying and monitoring potential dissidents’ digital activities and analyzing their behaviors. AI can sift through vast data to spot valuable patterns, and advanced models can analyze text, images, and more to better understand targets. AI could enable large-scale censorship, quickly detecting and suppressing content unfavoring Tehran’s agenda. As a result, broader AI-enabled surveillance potentially prevents dissidents from being able to organize activities challenging the regime, while contributing to Tehran’s stability.
Does Iran Have What it Takes in the AI Domain?
Iran’s push to deploy AI capabilities is part of a larger technological arms race, involving activities like technology theft to gain a competitive edge against the United States and its allies. This push demonstrates Tehran’s ability to leverage the latest frontier technology to stay abreast of global trends. But does Iran have what it takes in the AI domain? Developing AI capabilities requires training data, computational power, and relevant expertise. Vali Nasr, Professor of International Affairs and Middle East Studies at the Johns Hopkins University School of Advanced International Studies notes that while Iran lacks training data to advance AI capabilities, it maintains decent technical capabilities in the form of well-educated and trained engineers and universities providing relevant technical expertise. According to Nasr, “the remaining gap in training data can be filled with the access to AI tools that the Russians and Chinese could provide to Iran.”
As part of the 25-year comprehensive partnership between Iran and China signed in 2021 between Iran and China signed in 2021, China has been the top investor in Iran’s technology and has been supplying Iran with AI-enabled facial recognition technologies. Meanwhile, Iran has been supplying Russia with drones and Moscow has been manufacturing Iranian-designed drones domestically. Notably, in February of 2024, Tehran’s Representative for Development of AI and Robotics and Moscow’s Representative of the Commission for the Implementation of the AI Ethics Code signed a memorandum of understanding to cooperate on AI ethics. The official statement from Russia’s AI governing body notes that signing of the memorandum marks a new step in the technological and cultural dialogue between Russia and Iran and emphasizes the trust that the Iranian side puts in Russia on AI-related matters.
Exchange of tech capabilities demonstrates that Russia, China, and Iran engage in complex trade-off activities that strategically benefit all sides. Additionally, the enhanced defense relationship between Russia and Iran signals that Moscow and Tehran could expand advanced technology transfers, including AI capabilities.
Iran’s established track record of leveraging cyberspace against its rivals, combined with potential advances in AI capabilities, opens new possibilities for its asymmetric playbook. As evidenced by Iran’s recent activities, Tehran does not want to fall behind in the AI arms race and is able and willing to incorporate AI in information operations, cyber espionage, and surveillance to crack down on internal opposition, as well as to target the United States and its partners.