Microsoft offers free cyber security assistance to all European governments to help them fend off hackers. The European Security Program is specifically intended to address cyber threats involving artificial intelligence, such as deepfakes.
Redmond has witnessed AI being used by hackers for reconnaissance, social engineering, vulnerability research, brute-force attacks, and more. Central to the European Security Program is fighting AI with AI, such as by using it to deliver tailored threat insights to each government in real time.
The programme is designed to be an expansion of its existing Government Security Program but tailored to Europe. Microsoft has introduced three new elements:
- Enhanced AI-based threat intelligence shared with European governments.
- Collaborations with third-party cyber researchers.
- Initiatives with law enforcement.
The threat intelligence data will come from Microsoft’s Digital Crimes Unit and Threat Analysis Center. Cyber researchers that Microsoft will be working more closely with include those from the European law enforcement agency Europol, the non-profit CyberPeace, and the Western Balkans Cyber Capacity Centre, the latter of which will provide direct assistance to Ukraine.
Microsoft will also work with internet service providers to support affected users and provide all nations involved in the program with a dedicated point of contact to escalate any concerns. Governments from all EU member states and accession countries, as well as European Free Trade Association members, the UK, Monaco, and the Vatican, can sign up.
SEE: Chinese state-sponsored attack uses custom router implant to target European governments
Europe is increasingly targeted by state-sponsored attackers using AI
Research from Microsoft has found that almost every country in Europe is targeted by state-sponsored threat groups from China, Russia, Iran, and North Korea.
Russia is particularly focused on Ukraine and the countries that support it, while China has been observed targeting academic institutions for sensitive research data or spying on think tanks. Attackers from Iran and North Korea predominantly use credential theft or vulnerability exploitation to access government and corporate networks.
In April, a Google report revealed that North Korean hackers were disguising themselves as IT workers and applying for jobs in Europe to both generate revenue and access sensitive company data. They were known to use AI to generate profile photos, create deepfakes for video interviews, and translate communications into target languages using AI writing tools.
AI can lower the barrier to entry for cyber crimes, as less-skilled criminals can use it to generate deepfakes, write malware, automate ransomware, scan networks for entry points, spread misinformation, and more, or even employ one of the increasing number of ransomware-as-a-service outfits.
“We have seen the emergence of illicit websites rapidly gaining followings by leaking ransomware insights to be used by criminal groups to conduct attacks across Europe,” Brad Smith, Microsoft’s vice-chair and president, wrote in a blog post.
Skilled criminals can also use AI to scale up their operations. Research has found that many of today’s easily accessible AI chatbots, including ChatGPT, Gemini, and Claude, can be manipulated using prompt-based attacks to generate harmful content. Jailbroken versions, such as WormGPT and GhostGPT, are also circulating on underground forums, often offered at a low or no cost.
SEE: Cyber Attacks Are Up 47% in 2025 – AI is One Key Factor
“This is why Microsoft now tracks any malicious use of new AI models we release and proactively prevents known threat actors from using our AI products,” Smith said.
In March, a report from Europol found that organised crime gangs in Europe are using AI for fraud, data theft, and money laundering.
“The same qualities that make AI revolutionary — accessibility, adaptability, and sophistication — also make it a powerful tool for criminal networks,” the authors said in a press release.
Microsoft wants to forge a closer relationship with Europe
In its official announcement of the European Security Program, Microsoft cites its involvement in the takedown of the Lumma infostealer malware, which infected numerous European devices, as evidence of its commitment to enhancing the region’s cyber resilience.
In April, Microsoft announced five digital commitments to Europe, including expanding its cloud and AI infrastructure, protecting user data, bolstering its cyber security, and strengthening its economic competitiveness, something that it has struggled with.
While many tech companies and political leaders, especially those from the US, have turned against Europe due to its pro-regulatory stance, Microsoft is moving closer. Perhaps it wants to demonstrate goodwill and align more closely with EU regulatory expectations after facing its own antitrust investigations, notably concerning the bundling of its Teams application with Office 365.
SEE: Landmark EU Data Boundary for Microsoft Cloud is Complete
“At Microsoft, our commitment to Europe is deep, enduring, and unwavering,” Smith wrote in the blog. “We believe that Europe’s digital future is one of the most important opportunities of our time — and protecting that future is a responsibility we share.
“We will stand shoulder to shoulder with European governments, institutions, and communities to defend against threats, build capacity, and strengthen resilience. We are proud to be a trusted partner to Europe, and we will continue to work every day to earn trust through transparency, collaboration, and a steadfast commitment to protecting what matters most.”
