The US-Iran war is reshaping the global cybersecurity agenda

The advent of AI has thrown up a host of new and daunting challenges, as the technology is being used to enhance concealment, improve deception and turbocharge tool development

Shutterstock

The US-Iran war is reshaping the global cybersecurity agenda

Marco Mossad

last update on 01 Apr 2026

When it comes to cybersecurity, one of the biggest annual get-togethers is the RSA Conference (or RSAC) in San Francisco, which brings together industry experts, companies, and decision-makers. This year, it was overshadowed by the war in Iran. As the event drew to a close, the FBI revealed that its director, Kash Patel, had had his personal email account hacked by an Iran-linked group.

The RSAC reflects the major trends shaping the global cybersecurity debate, from advanced attacks and digital defence methods to artificial intelligence (AI) and infrastructure security, but this year felt more political. Although European voices were still prominent in discussions, many US officials who had attended previously were absent, after US federal agencies withdrew following the appointment of Jen Easterly, former director of the Cybersecurity and Infrastructure Security Agency, as the conference’s chief executive in January 2026.

Although it wasn't an official conference talking point, Iran was nevertheless the big topic of conversation because the impact of the war was evident at multiple levels, from delegates' travel movements to the kinds of threats now topping the agenda. War in the Middle East made this year’s most important cyber issues feel more immediate and urgent.

There were reports that Israeli cyber companies were keen to attend, despite the country being at war, but were forced to adjust their plans due to travel disruption and airspace restrictions, with some relying on their US-based teams to represent them. Beyond logistics, however, the conference discussions were also influenced.

A digital casus belli

This year, sessions repeatedly returned to a central question: when might a cyberattack warrant a direct military response? After all, if digital attacks disrupt vital facilities such as communications networks or power stations, their effect is no longer merely virtual or technical.

In the Middle East today, this question is no longer theoretical. War means the debate is now closely tied to deterrence, escalation, and the boundaries of state response. Hive Pro, a consultancy, presented the Iranian threat as a hybrid cyber-kinetic escalation that could not be isolated from the wider war, noting that the risk was to specific sectors and infrastructure, including energy, telecoms, and financial services.

There are ongoing assessments of cyber adversaries, their methods and tactics, the most exploited vulnerabilities, and defensive measures, but recent reports of Iranian activity suggest clear, specific attack patterns. For example, Unit 42, the threat intelligence and incident response team at Palo Alto Networks, said it had identified an active phishing campaign using a malicious version of the Israeli Red Alert app on Android. The fake version is used to install surveillance tools and steal data.

Estimates suggest that there are currently around 60 hacking groups active in relation to the war, with some operating within what has been described as an “electronic operations room” since late February 2026. This highlights an important dimension of the Iranian threat: it does not always appear as direct state attacks. More often, it takes the form of a complex network that includes state-linked entities, digital personas, hacking groups, and aligned or allied factions.

Around 60 hacking groups are currently active in the US-Iran war, with some working in an "electronic operations room" since late February 2026

Using AI for hacks

An Iranian group known to Unit 42 as 'Boggy Serpens' (also long known as 'MuddyWater') is considered one of Iran's most prominent cyber-espionage actors, previously linked to the targeting of diplomatic entities and vital sectors. It appears to be moving with the times; researchers recently noted an evolution in its social engineering techniques, the use of AI-enhanced malware, and advanced techniques designed to evade detection inside targeted networks.

AI is now being used by malicious cyber actors to enhance concealment, turbocharge tool development, and improve deception. This lets hackers not just breach systems and steal data but disrupt services and undermine public trust and confidence. As the hack of Patel's email (by the Iran-linked group Handala) shows, targets are not limited to companies and infrastructure. Operations are increasingly becoming a type of psychological warfare.

A pro-Iranian hacker group called Handala Hack Team has claimed responsibility for breaching FBI Director Kash Patel's email account. It has already published personal photos and other material online, which it says is in retaliation to "US actions against Iran" pic.twitter.com/VLe4vhoJ93
— TRT World (@trtworld) March 31, 2026

This was addressed at the conference in San Francisco. AI is no longer treated as just a technical issue, but as the arena through which cybersecurity is being redefined. Delegates' questions included how to secure so-called 'AI agents' now operating inside organisations as entities able to access data, make decisions, and carry out tasks with near-autonomous capacity.

Judging from the messaging of major companies such as Cisco and Microsoft, it is no longer just about managing access permissions, but about controlling the actions an AI agent performs after being granted those permissions. As new digital actors, they do not fit the model of a traditional human user or of conventional static software.

For years, cybersecurity has focused on protecting users, verifying identities, and preventing breaches. The challenge today is broader and more complex. Digital agents move within systems, hold permissions, make decisions, and carry out tasks with near-autonomous independence. This creates a need to define levels of authority, impose continuous oversight, and develop the ability to interpret their behaviour and understand the drivers behind their decisions. The upshot is that AI is now a distinct security issue requiring integrated layers of control and oversight.

Iranian hackers are increasingly using AI-enhanced malware and advanced techniques to evade detection within targeted networks

Call for tighter controls

The conversation around governance, AI regulation, digital identity and strengthening institutional resilience included figures such as Richard Horne, head of the UK National Cyber Security Centre. He called for tighter controls on the use of AI tools in writing code, warning that rapid adoption should not outpace the embedding of security.

Despina Spanou from the European Commission and Paolo De Rosa from the European Digital Identity Wallet project also took part, signalling that Europe wants to help shape the rules of the new digital environment. This starkly contrasts with the American absences. All of which begs the question: who sets the rules for this new world? AI is changing the landscape at a rapid pace, yet leaving the conference, it felt as though the centres of gravity in the global debate are being redistributed between those who develop the technology and those who seek to regulate it.

+ / -