"AI is amazing, it makes our job easier. But the same AI that’s useful can be easily manipulated by threat actors, we’ve seen it in social engineering and in our day-to-day investigations," said Mary Asaolu, senior security researcher at Microsoft, at Infosecurity Europe on June 3.
Microsoft DART’s warning at Infosecurity Europe
The Microsoft Detection and Response Team (DART) used its Infosecurity Europe presentation, titled "Securing AI in the Age of Intelligent Threats," to urge organizations and security teams to treat AI as both asset and attack surface. DART’s advice, delivered by senior researchers on June 3, emphasized that AI adoption inside enterprises can create new avenues for compromise if left unmanaged. The team framed the challenge as operational as well as technical: employees seeking AI tools create openings that attackers will exploit.
The JustAskJacky campaign: an AI assistant that was a backdoor
Microsoft researchers described a real-world campaign they named "JustAskJacky." The attack lured users into installing an apparent AI assistant — a program that, at first glance, behaved like a legitimate productivity tool. In delivery and presentation it used professional-looking interfaces and even valid digital signatures, factors the researchers said made the software harder for users and security tools to distinguish from legitimate applications.
Once installed, the application deployed a Java-written backdoor and established persistence by creating a scheduled task that runs every four hours to maintain control and send telemetry. The implant remained undetected until DART was engaged by an organization to investigate an unrelated issue; only then did the team discover the masquerading assistant.
AI code flaws as an exploitable layer — Meaghan Bradshaw’s finding
"AI really is the emergent angle," said Meaghan Bradshaw, principal security researcher at Microsoft. Bradshaw warned that AI introduces another layer of risk inside applications: "Nearly half of AI code contains flaws. Attackers can exploit it to compromise applications or data." That assessment framed the campaign as part of a broader trend in which cybercriminals incorporate AI-related tooling into their attack chains.
Practical guidance from Microsoft’s researchers
Microsoft offered specific, repeatable steps for organizations worried about AI-related threats. Bradshaw urged companies to inventory and assess nonstandard applications: "One of the most common recommendations we give customers is to take the time to assess nonstandard applications installed. If there is no business need, get rid of them." Her point: unvetted AI tools sought out by employees can become a single foothold that allows broader compromise.
Mary Asaolu framed the response as a leadership and governance task as much as a technical one. "Provide a clear roadmap for safe adoption," she said. "Make AI security a leadership priority, ensuing you have security reviews in place and AI is at a board discission level." She also recommended that organizations "Ensure AI is used responsibility, make sure that good AI is the default behavior. And ensure security teams are equipped and coordinated for carrying out risk assessments and monitoring for unusual behavior."
What this means for security teams, procurement leaders, and end users
- Security teams: Treat AI-enabled or AI-branded software as a distinct risk class — monitor for unusual telemetry and persistence mechanisms (for example, scheduled tasks that run on a regular cadence), and include AI code in code-review and testing processes.
- Procurement and leadership: Place AI adoption on the roadmap and board agenda, require security reviews for nonstandard or third-party AI assistants, and remove tools that lack a clear business need.
- End users and teams adopting AI: Be skeptical of seemingly helpful AI assistants; employees searching for productivity gains can inadvertently lower their guard and install software that appears legitimate but contains backdoors.
The Microsoft account of JustAskJacky is a concrete reminder that well-presented software and valid signatures are no guarantee of safety. The finding that a malicious AI assistant remained in situ until DART’s separate investigation underscores the difficulty of detecting threats that mimic legitimate tools. Microsoft’s counsel — governance at the board level, clear adoption roadmaps, active assessment of nonstandard applications, and security teams prepared to hunt for unusual behavior — sets a pragmatic course: treat AI as a capability that must be managed as deliberately as any other enterprise technology.
