Steve Schmidt, the chief security officer at Amazon, says his team has identified and blocked more than 1,800 attempts by North Korea to secure IT roles at the tech giant. He warns that this scheme is becoming more prevalent across the technology industry as the nation-state actor targets the lucrative salaries of generative artificial intelligence and machine learning jobs, and the troves of valuable data such workers have access to.
“A lot of people don’t think about organized efforts by other parties to get people hired into organizations who have interesting data,” says Schmidt, speaking at an event held by Amazon this week. “It’s actually pretty prolific.”
Schmidt says that in 2025, Amazon has seen a 27% increase in the number of North Korean applications on a quarter-over-quarter basis.
Notable cases throughout the year that point to the growing issue include four North Korean nationals being charged for allegedly scheming to get hired as remote IT workers and then steal nearly $1 million in cryptocurrency; a campaign to create a fake job-application platform to get hired at major AI companies; and a woman in Arizona who was sentenced to eight years in prison for her role in a $17 million scam to help North Koreans steal U.S. Identities to secure remote IT roles.
These identity theft schemes represent an ever-escalating confrontation between nation-state actors like North Korea and major Coins2Day 500 companies, as bad actors develop new deception techniques and businesses respond by bolstering their defenses. The cycle continues and escalates because, for countries like North Korea, these schemes can generate big financial windfalls and access to proprietary data.
AI is increasingly being used as a tool to monitor and identify these criminals, but also by the criminals themselves for attacks. Last month, Anthropic generated headlines when it disclosed that purported Chinese operators used that AI startup’s coding tool to target about 30 organizations.
Schmidt says the North Korean approach has changed over time, evolving from creating entirely fabricated profiles online to purchasing identities from Americans with legitimate backgrounds. The hackers will then aim to use these credentials to infiltrate an employer.
He says that Amazon has bolstered defenses through a mix of AI-enabled tools and human prevention efforts, a process he says the company has refined over the past two years. AI models have been trained to look for suspicious activity, including how North Korean operatives may list their contact information. They tend to use a plus symbol at the front of a phone number, which most Americans don’t do, and Amazon has identified around 200 different academic institutions that these IT workers use in their résumés.
These fake IT workers will also list nonexistent companies in their employment history. Some of these fake companies may actually have a registered business presence in a given state with a human who works for them to “verify” past employment, but they have no real operations.
Amazon now conducts more interviews in person and Schmidt says that the company’s mandate to bring workers fully back in the office also has some security benefits. “It is very, very hard to hide behind somebody else’s identity when you have to be in the office,” Schmidt tells Coins2Day.
Identity verification is now required at multiple stages throughout the interview process. And once someone is hired, Amazon keeps an eye on suspicious patterns of computer usage and the quality of work that’s being produced. Schmidt says the bad actors produce software code that is “markedly lower” in quality when working in the office versus when they are remote.
He calls for IT and human resources departments to more closely coordinate on hiring. At Amazon, the security team has access to the résumés, LinkedIn feeds, and other data that recruiters use to lure talent, and AI models are used to flag accounts that look suspicious. “It’s actually a lot cheaper for the HR organization if we discover the problem up front,” says Schmidt.
Amazon’s internally developed authentication system is called Midway; it both verifies an employee’s identity and controls access to their systems. The company relies on what’s known as “Universal 2nd Factor,” which uses physical security keys, rather than one-time passwords. Authentication requires a device that Amazon trusts, with the physical token and a pin that’s associated with that token.
Schmidt says Amazon’s security team is leveraging AI in quite a few ways, including speeding up security analysis (reviews that traditionally took hours and can now be completed in about 10 minutes); detecting and removing fake AI-written reviews on the company’s retail page; and identifying potential flaws in AI-written software code. The latter effort is called “autonomous threat analysis,” in which two sets of AI agents compete with each other to look for problems in the code and mitigate them before a product is launched.
As Amazon has embraced agentic AI capabilities, Schmidt says the company made an investment in Midway to build software that would allow it to securely identify the agent itself, as well as the action it has been authorized to take on behalf of a person. AI agents are like humans in that they need boundaries: An AI agent in robotics shouldn’t have access to the retail division, while a customer service agent shouldn’t touch Amazon Web Services.
“That agent that’s in the middle is not a service, which is the underlying layers of software talking to each other, and it’s not a human, it’s both together” says Schmidt. “We had to make that investment to ensure that we put the right boundaries around the agent.”
John Kell
Send thoughts or suggestions to CIO Intelligence here.
NEWS PACKETS
OpenAI debuts new model amid heightened competition. ChatGPT owner OpenAI recently debuted a new AI model called GPT-5.2, which Coins2Day reports beats other existing models by substantial margins in many categories and performed particularly well on a benchmark of complicated professional tasks including law, accounting, and finance. OpenAI reported that customers including legal AI startup Harvey and communications technology provider Zoom found that GPT-5.2 demonstrated a “state of the art” ability to use other software tools to complete tasks and also excelled at writing and debugging code. Separately this week, OpenAI also released a new flagship image-generation model that's more precise at editing and can generate images at a faster speed.
Disney signs a $1 billion licensing deal with OpenAI. Entertainment giant Disney announced it would make an equity investment in OpenAI and allow the AI giant’s Sora video model to use Disney characters and images from its franchises. CEO Bob Iger said that the Disney viewed technology advancements, including AI, as “opportunity, not threat. It’s going to happen regardless, and we’d rather participate in the rather dramatic growth, rather than just watching it happen and essentially being disrupted by it.” Disney will also receive warrants to buy additional equity in OpenAI; the entertainment company will leverage the company’s technology to build new products and tools, including for its streaming service Disney+, and deploy ChatGPT for its employees.
CoreWeave and other AI stocks are taking a hit. The Wall Street Journal reports on a big stock tumble for data-center operator CoreWeave, with shares losing $33 billion in value in just six weeks. The report attributes the selloff to worries about an AI bubble, pressure from a short seller, and the company's recent failed merger with crypto miner Core Scientific. Shares of Broadcom and Oracle have also faced pressure this week; market jitters are intensifying as these companies spend massively on AI in hopes that a big return on investment can be unlocked later. Coins2Day reports that the selloff may ultimately be healthy: The market is selling off select stocks of companies that have been spending too much, but investors remain broadly bullish on the overall market, with the S&P 500 index still up 16% for the year.
Airbnb CIO departs weeks after CTO’s exit. The online home-rental marketplace confirmed that CIO Lucius DiPhillips would leave Airbnb after nearly eight years to pursue a new career opportunity. DiPhillips, who had served as CIO since 2020, has also previously held technology leadership roles at eBay, PayPal, and Bank of America. The move comes after Airbnb announced in November that the company’s CTO, Ari Balogh, was departing. Airbnb is expected to roll out more AI updates within the company’s app in 2026, Bloomberg reports.
AI regulation picture heats up as 2025 winds down. The end of 2025 is proving to be a hot moment for news of AI regulation, with the top news story involving President Trump’s executive order, signed on Thursday, that aimed to set a federal regulatory framework to protect the nation’s “global A.I. Dominance” and potentially nix some state safety and consumer protection laws. Separately, attorneys general from dozens of U.S. States and territories sent a letter last week to top AI companies including OpenAI, Anthropic, Google, and Microsoft that warned them to fix “delusional outputs,” linking some troublesome AI usage to mental illness-related harm and dangerous interactions with children. In Europe, Google is facing a probe for potentially breaching European Commission rules by using online content for AI purposes.
ADOPTION CURVE
CIOs are sitting closer to the CEO, a role they increasingly covet for themselves. CIOs have captured more attention from the C-suite and boards as enterprises across all sectors embrace more generative AI tools to transform work and business strategy. That means these technologists are also getting more direct exposure to their CEOs. Today, 65% of CIOs report directly to the CEO, a big leap from 41% a decade ago, according to a recent survey conducted by Deloitte.
The consulting firm says that more direct access to the executive leadership team and an expanded mandate on fast-developing technologies is also fueling loftier career ambitions. The survey found that 67% of CIOs say that they would like to pursue a CEO job in the future. That’s higher than the rates among chief information and security officers (55%), chief data and analytics officers (42%), and chief technology officers (41%).
One notable CIO who made this exact leap is Jim Siders, who spent more than 12 years at software giant Palantir and recently departed to become CEO of Shield Technologies Partners, a new venture focused on IT services that’s a subsidiary of Thrive Holdings, which was launched in April by OpenAI and Thrive Capital.
Courtesy of Deloitte
JOBS RADAR
Hiring:
- Transdev North America is seeking a CIO, based in Lombard, Illinois. Posted salary range: $290K-$325K/year.
- Flournoy Health Systems is seeking a CTO, based in Atlanta. Posted salary range: $220K-$240K/year.
- Angle Health is seeking a head of IT and cybersecurity, based in New York City. Posted salary range: $200K-$300K/year.
- AHI Travel is seeking a VP of IT, based in the greater Chicago area. Posted salary range: $130K-$150K/year.
Hired:
- Leidos appointed Theodore "Ted" Tanner Jr. As CTO, who will take on the role on Jan. 5 to succeed Jim Carlini. Carlini had served in the role since 2019 and previously announced plans to step down. Tanner joins the IT services provider from AI modules maker BigBear.ai, where he served as chief technology and strategy officer. Tanner also previously worked for Apple and Microsoft.
- Tenable announced the appointment of Vlad Korsunsky as CTO, reporting to co-CEO Steve Vintz and based in the cybersecurity company’s Tenable Israel Innovation Center in Tel Aviv. Korsunsky joins Tenable after more than a decade at Microsoft, where he served as the corporate vice president of cloud and enterprise security.
- eXp Realty named Carrie Lysenko to serve as CTO of the cloud-based real estate brokerage, which is a subsidiary of eXp World Holdings. Lysenko joins the company after most recently serving as CEO of Canadian real estate brokerage Zoocasa. She also spent more than 14 years at The Weather Network.
- Papa announced the appointment of Thomas Carlough as CTO, overseeing all product, data, and engineering for the online platform that connects caregiver services to older adults. Most recently, Carlough served as CTO of health organization Wider Circle.
- Intel 471 promoted Steve Micallef to the CTO role and the cybersecurity company’s executive team. Micallef has worked for the company since 2022 and has more than 25 years of experience in cybersecurity and threat intelligence, including at UBS, Google, and the company he founded, SpiderFood, which was later acquired by Intel 471.
- MedSpeed appointed Dhiraj Patkar as chief product and technology officer. Patkar joins the health care same-day logistics provider after previously serving as senior vice president at consulting firm AVIA Health. Patkar also cofounded two health care companies, Medtelligent and Wishbone Club.
- PlanHub promoted Mourad Zerroug to the role of CTO, leading technology, engineering, data, AI, and product development. Zerroug initially joined the commercial construction-focused software provider in January as VP of engineering. Previously, Zerroug served as CTO at event marketing technology company Splash and as a VP at real estate software developer Lone Wolf Technologies.
FORTUNE AIQ: THE YEAR IN AI—AND WHAT'S AHEAD
Businesses took big steps forward on the AI journey in 2025, from hiring Chief AI Officers to experimenting with AI agents. The lessons learned—both good and bad–combined with the technology's latest innovations will make 2026 another decisive year. Explore all of Coins2Day AIQ, and read the latest playbook below:
–2025 was the year of agentic AI. How did we do?
–AI coding tools exploded in 2025. The first security exploits show what could go wrong.
–The big AI New Year’s resolution for businesses in 2026: ROI.
