ByteSizedSecurity Cybersecurity Insights & Analysis
DevSecOps 5 min read Updated

AI Simulations: A New Frontier for Cyber Threats

Marc David
Marc David Senior Security Engineer · CISSP
AI Security Social Engineering Disinformation
AI Simulations: A New Frontier for Cyber Threats

AI Can Now Simulate Entire Populations. Security Teams Should Pay Attention.

TL;DR: Multi-agent AI simulation technology creates thousands of virtual personas to predict public opinion and consumer behavior in minutes. The same capability is a roadmap for adversarial social engineering, disinformation modeling, and influence operations at scale. Here’s what security professionals need to understand.

The Technology

In early March 2026, a service called MiroFish went viral on GitHub. Built by a 20-year-old Chinese college student, it takes a data input (a news article, a policy draft, a financial report) and automatically generates thousands of AI personas, each with unique personalities and biases. These personas are placed in a simulated social media environment, and the system watches how they react, debate, and shift positions over time.

You can inject unexpected variables mid-simulation. You can pull a specific AI agent aside and ask, “What made you change your position?” You can run the whole thing again with different parameters.

An investor committed $9M within 24 hours of the public release.

MiroFish isn’t alone. Aaru, a U.S. company founded by three teenagers in 2024, hit a $1 billion valuation by selling this concept to enterprises. When a company tells Aaru “we want to know how 50-year-old conservative men in Seoul with two kids will react to our new product,” Aaru generates virtual consumers matching that profile and delivers 5,000 responses in two minutes. Their client list includes McDonald’s and Bayer.

The accuracy is striking. In the 2024 New York Democratic primary, Aaru’s AI voting simulation differed from the actual result by only 371 votes.

Stanford researchers were early pioneers here. Dr. Park Junseong’s 2023 study placed 25 AI agents in a virtual town called “Smallville” where they autonomously formed relationships and hosted parties. A 2024 follow-up cloned 1,052 real Americans into AI agents and validated how closely they replicated human behavior. That team has since launched Simile, a commercial platform, with OpenAI co-founder Andrej Karpathy as an investor.

Even the research giants are moving in. Nielsen launched BASES AI Screener, combining real purchase data with generative AI. Ipsos commercialized Personabot for real-time virtual consumer conversations.

Why Security Professionals Should Care

The legitimate use cases are clear: faster market research, cheaper polling, better product testing. But every capability described above has a direct adversarial application.

  1. Social Engineering Gets a Simulation Lab

Phishing and social engineering campaigns have always involved guesswork. What subject line works best? What pretext is most believable for this demographic? Multi-agent simulation gives attackers a testing ground. Model your target population, run thousands of simulated interactions, and optimize your attack before sending a single real email.

This isn’t theoretical. If Aaru predicts how a specific demographic reacts to a product pitch with enough accuracy to be off by only 371 votes in an election, an adversary predicts how the same demographic responds to a carefully crafted lure.

  1. Disinformation Modeling at Scale

MiroFish already demonstrates this use case (for legitimate purposes): input a piece of content and watch how it spreads through a simulated population. Watch how sentiment shifts. See which personas become amplifiers and which resist.

Now flip the intent. An influence operation pre-tests dozens of narrative variations, identifies which framing spreads fastest, which populations are most susceptible, and which counter-narratives need to be preemptively neutralized. The simulation runs in hours. The real campaign launches with data-backed confidence.

  1. Synthetic Consensus

If AI personas accurately replicate human opinion formation, they are also deployed directly. Fake grassroots campaigns, astroturfing, and manufactured public sentiment become easier when you have a system that already models how real people think and talk. The same tool that predicts opinion can generate it.

  1. Targeting and Profiling

The ability to specify a demographic profile (“50-year-old male, two children, conservative”) and predict behavior creates a precision-targeting capability. In marketing, it’s personalization. In the hands of a threat actor, it’s profiling for spear-phishing, influence operations, or social manipulation.

What the Researchers Say

The experts are measured. They describe these systems as “tools for exploring possibilities, not absolute predictors.” They note that AI struggles to simulate physical experiences or truly unpredictable behavior. Fair points.

But security has always been about preparing for the adversary who uses a tool differently than its creators intended. The gap between “exploring possibilities” and “planning attacks” comes down to intent, not capability.

What To Watch

A few things to track as this space matures:

Cost is dropping fast. Running thousands of AI agents simultaneously now costs tens of dollars, down from hundreds. The barrier to entry is getting lower every quarter.

Open-source availability. MiroFish is on GitHub. The underlying techniques are well-documented in academic papers. This is not locked behind corporate walls.

Commercial validation. When Nielsen, Ipsos, and billion-dollar startups are all building this, the technology works. The question of adversarial use is “when,” not “if.”

Regulatory vacuum. There’s no framework governing the use of simulated populations for influence testing. Election integrity, consumer protection, and information security regulations haven’t caught up.

The Bottom Line

Multi-agent AI simulation is a legitimate and valuable technology for market research and social science. It’s also a dual-use capability that gives adversaries a way to rehearse influence operations, optimize social engineering, and manufacture consensus at scale.

Security teams should be tracking this space. Red teams should be considering it as a methodology. And policy discussions about AI governance need to include the offensive potential of simulated populations.

The technology simulates how people think. The security implications of that are significant, and they’re arriving faster than the safeguards.

AI’s dual-use nature is playing out across the industry. For a real-world example of AI governance failures, see how CISA’s own acting director triggered security alerts using ChatGPT. And on the credential theft front, AI has made stealing and deploying credentials 84% more effective year over year.

Source: AI Simulations Replace Polls in Minutes, The Chosun Daily (https://www.chosun.com/english/industry-en/2026/04/02/WJ5VST6GR5DN5MRQNIEBEOHZVA/)

Share This Article

Comments