Nisos identified a suspected DPRK IT worker applying for a remote Lead AI Architect role by combining pre-employment OSINT with targeted interview questions. The applicant allegedly used stolen personally identifiable information, a newly created Gmail account, a likely VoIP phone number, Astrill VPN-linked IP addresses, and an AI-generated resume that mirrored the job description. During the virtual interview, the candidate’s behavior suggested reliance on a conversational AI chatbot or scripted responses, including hesitation when asked a fabricated local-context question about a recent Florida hurricane. Nisos also found multiple resume-platform accounts using the same name but different locations, universities, and employers, all apparently tied to the real addresses of an identity-theft victim. The investigation further connected the activity to a Florida laptop farm where DPRK IT workers used Raspberry Pi-based KVM devices and Tailscale mesh VPNs to remotely access desktops across US residences.