Amazon has successfully blocked over 1,800 suspected North Korean operatives from securing employment at the tech giant over the past 20 months, according to Stephen Schmidt, the company’s Chief Security Officer. In a detailed LinkedIn post, Schmidt revealed that North Korean nationals have been systematically attempting to infiltrate remote tech positions across global companies with a clear objective: secure employment, collect wages, and funnel the money back to fund the regime’s weapons programs.
Amazon’s defense strategy combines AI-powered screening with human verification to detect and prevent these fraudulent applications. The company’s artificial intelligence model specifically searches for connections to approximately 200 “high-risk institutions” while analyzing anomalies across applications and identifying geographic inconsistencies. Once the AI flags suspicious applications, human reviewers conduct thorough background checks, verify credentials, and carry out detailed interviews to confirm the findings.
Schmidt noted that fraudsters are becoming increasingly sophisticated in their tactics. Many target real software engineers to gain credibility, while others attempt to take over dormant LinkedIn accounts or purchase access to existing profiles. AI and machine-learning roles have become prime targets due to exceptionally high demand in these fields, making them attractive entry points for operatives.
The CSO explained that subtle details often expose these fraudulent applications. For instance, applicants frequently format U.S. phone numbers with “+1” rather than “1” – a seemingly minor detail that, when combined with other indicators, reveals a pattern. These operatives typically work with “laptop farms” – US-based locations that maintain a domestic presence while workers actually operate remotely from North Korea.
The threat is escalating rapidly. Amazon detected 27% more North Korea-linked applications quarter over quarter in 2024, and Schmidt emphasized this isn’t an Amazon-specific problem but likely occurring “at scale across the industry.” CrowdStrike’s 2025 Threat Hunting Report corroborated this assessment, identifying the North Korean remote-worker scheme as a growing threat.
The Justice Department has taken aggressive action against these schemes. In July, an Arizona woman received a 102-month prison sentence for assisting North Korean IT workers in securing remote positions at over 300 US companies, generating more than $17 million in illicit revenue. In June, authorities searched 29 known or suspected laptop farms across 16 US states, discovering that North Korean actors had obtained employment with more than 100 US companies, including Fortune 500 firms.
Key Quotes
Their objective is typically straightforward: get hired, get paid, and funnel wages back to fund the regime’s weapons programs
Stephen Schmidt, Amazon’s Chief Security Officer, explained the clear motivation behind North Korean operatives seeking remote tech positions, highlighting the direct connection between these employment schemes and funding for weapons development.
Small details give them away. For example, these applicants often format U.S. phone numbers with ‘+1’ rather than ‘1.’ Alone, this means nothing. Combined with other indicators, it paints a picture
Schmidt described how Amazon’s AI system identifies patterns by combining multiple subtle anomalies that individually seem insignificant but collectively reveal fraudulent applications, demonstrating the power of machine learning in pattern recognition.
This isn’t Amazon-specific. This is likely happening at scale across the industry
The CSO warned that this threat extends far beyond Amazon, suggesting that the entire tech industry faces systematic infiltration attempts from North Korean operatives, emphasizing the need for industry-wide vigilance and cooperation.
Our Take
Amazon’s deployment of AI to combat state-sponsored infiltration represents a fascinating case study in defensive AI applications. The irony that North Korean operatives specifically target AI and machine-learning roles while being thwarted by AI systems underscores how artificial intelligence has become both the target and the solution in modern security threats. This arms race between AI-powered fraud detection and increasingly sophisticated social engineering tactics will likely accelerate, pushing companies to develop more advanced screening algorithms. The 27% quarterly increase in attempts suggests North Korea views this as a viable revenue stream despite detection efforts, indicating they’re either improving their methods or simply scaling operations. This story also raises important questions about remote work verification standards across the industry and whether current practices are adequate against state-level threats.
Why This Matters
This story highlights a critical intersection of AI technology, cybersecurity, and national security threats. Amazon’s use of AI-powered screening demonstrates how artificial intelligence is becoming essential for detecting sophisticated fraud at scale – a capability that would be nearly impossible with manual review alone given the volume of applications tech companies receive.
The targeting of AI and machine-learning roles specifically reveals that North Korea recognizes these positions as both lucrative and strategically valuable, potentially seeking not just funding but also access to cutting-edge technology and intellectual property. This creates a dual threat: financial support for weapons programs and potential technology theft.
For the broader tech industry, this represents a wake-up call about remote work vulnerabilities. As companies continue embracing distributed workforces, they must invest in sophisticated verification systems. The 27% quarter-over-quarter increase in attempts suggests this threat will only intensify, requiring industry-wide collaboration and advanced AI detection systems to combat organized state-sponsored infiltration efforts that threaten both corporate security and national interests.