AI has become a tool for many cybercriminals seeking to advance and accelerate their attacks, but according to new threat intelligence from Microsoft Security, AI’s capabilities aren’t the only aspect malicious actors are leveraging. The concept of AI itself is being exploited, with malicious actors using the hype surrounding AI as a social engineering lure. 

John Bruggeman, vCISO at CBTS, states, “Everybody wants to try the newest AI tool, it’s human nature. Microsoft’s Threat Intelligence research shows how that curiosity is being used as a lure for phishing attacks. Attackers are taking very well known and trusted AI names and wrapping above average tricks around the lures to disguise their criminal activity. The attackers, code named Storm 3075 by Microsoft, are conducting phishing attacks for credential theft, payment fraud, malvertising, and malware delivery. Victims who might normally pause before clicking are being pulled by human curiosity and fake urgency. They want access to the latest AI tool, maintain their current subscription, access the newest AI model, or the cool capability, and that excitement can cause them to act too quickly instead of thinking first. Microsoft is not saying ChatGPT, Claude, DeepSeek, or Copilot were compromised, but that their brands are being abused.”

Campaigns identified by Microsoft include those leveraging the brands of ChatGPT, Claude and DeepSeek. According to Bruggeman, the targeted action involving DeepSeek’s branding stands out. 

“Within hours of DeepSeek previewing their latest version, V4, attackers created a fake GitHub organization and repository. They copied real branding and benchmark data, added AI and SEO-search-friendly content, and pushed malicious archives that looked like installers,” he explains. “What the attacker did was not particularly exotic, but it was well timed and convincingly packaged. A user searching for the newest model could very easily end up in the wrong place, especially because the malicious repository showed up in GitHub, Google, Bing, or AI-assisted search results. The search results added legitimacy to the malware.”

These malicious campaigns only add to the growing threat of shadow AI. 

“Cybersecurity and business leaders should be aware, this is where AI adoption can messy,” Bruggeman warns. “Employees are searching, testing, downloading, and experimenting faster than most organizations can govern. The companies that have a handle on AI governance (policies and procedures) well will be the ones that make safe AI use easy, risky AI use visible, and malicious activity hard to ignore. That means publishing a clear list of approved tools, blocking obvious lookalike domains and very recently registered domains can help stop this kind of threat. Monitoring suspicious downloads and sign-ins, and training employees on the AI-themed lures should also be done right now, don’t think that generic phishing examples from five years ago are going to cut it today. The threat landscape continues to evolve, our defenses have to evolve too.”