Asger Risom
North Korea is intensifying efforts to place covert IT workers inside major technology companies, according to Amazon’s top security executive.
North Korea is intensifying efforts to place covert IT workers inside major technology companies, according to Amazon’s top security executive.
The strategy, he says, is aimed at siphoning salaries and gaining access to sensitive systems, especially as AI-related roles multiply.
Amazon claims it has spent the past two years adapting its defenses to stay ahead.
Blocking the attempts
Steve Schmidt, Amazon’s senior vice president and chief security officer, said the company has identified and stopped more than 1,800 attempts by North Korean actors to secure IT jobs.
Speaking at an Amazon-hosted event, Schmidt said applications linked to North Korea rose 27% quarter over quarter in 2025. “It’s actually pretty prolific,” he said, warning that many organizations underestimate how organized these hiring schemes are.
The targets, he said, are high-paying AI and machine learning roles and the valuable data such workers can reach.
A wider pattern
According to Schmidt, Amazon’s experience mirrors a broader trend across the tech sector. He pointed to recent cases cited by Fortune, including North Korean nationals charged with stealing cryptocurrency after securing remote IT work, fake job platforms targeting AI firms, and a U.S. resident sentenced for helping steal identities used in hiring fraud.
These schemes, he said, are escalating as companies harden defenses and state-backed actors refine deception tactics to keep revenue flowing back to Pyongyang.
How tactics evolved
Schmidt said North Korean operatives have shifted from fully fabricated online profiles to buying real U.S. identities.
Amazon trains AI models to flag suspicious patterns, such as unusual phone-number formatting and repeated use of the same academic institutions. The company has identified roughly 200 schools that frequently appear on suspect résumés.
Fake employers also appear in work histories. Some have a registered business and a person who can “verify” employment, despite having no real operations.
Inside Amazon’s defenses
Amazon now relies more on in-person interviews and sees security benefits from its return-to-office policy. “It is very, very hard to hide behind somebody else’s identity when you have to be in the office,” Schmidt told Fortune.
Identity checks happen at multiple hiring stages, followed by ongoing monitoring of system usage and work quality. Schmidt said suspect code quality often drops sharply when bad actors are onsite.
The company uses its internal authentication system, Midway, alongside physical security keys under Universal 2nd Factor standards.
AI fighting AI
Schmidt said Amazon also uses AI to accelerate security reviews, remove fake retail reviews, and analyze AI-generated code. In “autonomous threat analysis,” competing AI agents search for vulnerabilities before software launches.
As AI agents gain autonomy, Amazon has also invested in ensuring each agent’s identity and permissions are tightly bounded. “We had to make that investment to ensure that we put the right boundaries around the agent,” Schmidt said.
Sources: Amazon, Fortune, Anthropic
