Google Threat Intelligence Group observed government-backed actors, including DPRK-linked threat actors, using large language models in late 2025 to support technical research, targeting, reconnaissance, and phishing-lure development. The report says these actors gained productivity benefits across the attack lifecycle, especially by accelerating OSINT synthesis, victim profiling, and social-engineering preparation. GTIG also describes broader adversarial AI trends such as model extraction attempts, interest in agentic AI for tooling and malware development, AI-integrated malware experiments like HONESTCUE, and jailbreak-based underground services. The DPRK relevance is contextual rather than an IOC-heavy campaign writeup: it shows how North Korean operators are adopting AI-enabled workflows without evidence that APT actors have achieved breakthrough capabilities that fundamentally change the threat landscape.