Full Report
The following is the Hebrew translation of the key findings from the Citizen Lab report titled We Think You Want a Revolution: PRISONBREAK – An AI-enabled Influence Operation Aimed at Overthrowing the Iranian Regime ממצאי הדו״ח רשת מתואמת של יותר מ 50 פרופילי משתמשים בדויים ב X מבצעים באמצעות בינה מלאכותית קמפיין השפעה. הקמפיין שמשתמש... Read more »
Analysis Summary
# Threat Actor: Prisonbreak (AI-enabled Influence Operation)
## Attribution & Identity
The operation is attributed, based on the available evidence, to an unidentified **unit within the Israeli government or a contractor hired to work for them**. The network employing these tactics is referred to as "Prisonbreak."
## Activity Summary
Prisonbreak is an **AI-enabled influence operation** conducted via a coordinated network of over 50 fake user profiles on the X platform (formerly Twitter).
* **Objective:** To incite the Iranian public to revolt against the governing Islamic Republic of Iran regime.
* **Timeline:** The network was established in 2023, but almost all activity commenced in 2025 and remains ongoing.
* **Coordination:** Some of the profile activity appeared to be coordinated, at least partially, with the military operation conducted by the IDF against Iranian targets in June 2025.
* **Reach:** While genuine engagement from "PRISONBREAK" users appears limited, some posts garnered thousands of views. The operation disseminated messages across numerous communities on X and may have also paid for amplification.
## Tactics, Techniques & Procedures
- Use of **AI to generate content** for an influence campaign.
- Operation built around a **coordinated network of fake user profiles** on X.
- Disseminating **incitement messages** aimed at domestic unrest.
- *No specific MITRE ATT&CK IDs were provided in the source material.*
## Targeting
- Sectors: Political/Governmental stability (indirectly targeting the Iranian regime).
- Geography: **Iran** (targeting the Iranian public).
- Victims: The governing structure of the Islamic Republic of Iran.
## Tools & Infrastructure
- Malware families used: N/A (This is an influence operation, not malware-focused).
- Infrastructure (C2, domains, IPs): **X (formerly Twitter)** platform utilized for content dissemination.
## Implications
The operation represents a sophisticated use of Artificial Intelligence and coordinated inauthentic behavior (CIB) executed via social media platforms to conduct information warfare directed at regime change within a foreign nation (Iran). If confirmed, state-sponsored use of AI disinformation highlights a growing vector in geopolitical conflict.
## Mitigations
- Heightened monitoring for large, coordinated networks of inauthentic accounts utilizing AI-generated content targeting domestic instability narratives.
- Review platform security policies regarding the amplification (paid or organic) of narratives identified as part of state-sponsored influence operations.