An unknown individual used AI-generated voice cloning and text messages to impersonate Secretary of State Marco Rubio, contacting at least five high-level officials in mid-June. The impersonator created a Signal account with the display name "marco.rubio@state.gov" (not Rubio’s actual email) and left voicemails for two targets while inviting others to communicate via encrypted messaging. The targets included three foreign ministers, a U.S. governor, and a member of Congress. According to a July 3 State Department cable, the actor aimed to "manipulate targeted individuals with the goal of gaining access to information or accounts".
The State Department alerted all diplomatic posts worldwide, urging staff to warn external partners about impersonation attempts and report incidents to the Bureau of Diplomatic Security. A senior official confirmed the department is "aware of this incident and is currently investigating," emphasizing ongoing efforts to bolster cybersecurity. While no direct threat to departmental systems was identified, the cable warned that "information shared with a third party could be exposed if targeted individuals are compromised". The FBI declined to comment, though it had previously issued warnings about AI-enabled impersonation schemes targeting senior officials.
This incident mirrors earlier campaigns, including an April 2025 phishing operation attributed to a Russia-linked actor (associated with the SVR intelligence agency). In that case, hackers posed as fictitious State Department officials to target think tanks, Eastern European activists, dissidents, and former officials. The attackers demonstrated "extensive knowledge of the department’s naming conventions and internal documentation," using fake "@state.gov" emails to trick targets into granting access to their Gmail accounts. Separately, federal authorities are investigating the impersonation of White House Chief of Staff Susie Wiles, highlighting a trend of exploiting commercial apps like Signal for espionage.
Experts note Signal’s popularity among officials makes it a prime target. UC Berkeley’s Hany Farid explained that impersonators need only "15–20 seconds of audio" to clone a voice using readily available tools. The app’s end-to-end encryption, while securing communications complicates tracing malicious actors. This incident echoes March’s "Signalgate," where sensitive discussions about U.S. strikes in Yemen were leaked after a journalist was accidentally added to a group chat involving Rubio and other officials.
David Axelrod, former Obama adviser, called the Rubio impersonation a warning about AI’s "implications for democracy." The State Department advised partners to verify unexpected outreach through official channels and report suspicious activity to the FBI. With similar incidents reported in Canada and Ukraine, the episode underscores urgent needs for international cybersecurity cooperation and enhanced authentication protocols for digital diplomacy.