2026-06-10 00:00
← BackAI has become a tool for many cybercriminals seeking to advance and accelerate their attacks, but according to new threat intelligence from Microsoft Security, AI’s capabilities aren’t the only aspect malicious actors are leveraging. The concept of AI itself is being exploited, with malicious actors using the hype surrounding AI as a social engineering lure. John Bruggeman, vCISO at CBTS, states, “Everybody wants to try the newest AI tool, it’s human nature. Microsoft’s Threat Intelligence research shows how that curiosity is being used as a lure for phishing attacks. Attackers are taking very well known and trusted AI names and wrapping above average tricks around the lures to disguise their criminal activity. The attackers, code named Storm 3075 by Microsoft, are conducting phishing attacks for credential theft, payment fraud, malvertising, and malware delivery. Victims who might normally pause before clicking are being pulled by human curiosity and fake urgency. They want access to the latest AI tool, maintain their current subscription, access the newest AI model, or the cool capability, and that excitement can cause them to act too quickly instead of thinking first.
Microsoft is not saying ChatGPT, Claude, DeepSeek, or Copilot were compromised, but that their brands are being abused.”
AI has become a tool for many cybercriminals seeking to advance and accelerate their attacks, but according to new threat intelligence from Microsoft Security, AI’s capabilities aren’t the only aspect malicious actors are leveraging. The concept of AI itself is being exploited, with malicious actors using the hype surrounding AI as a social engineering lure. John Bruggeman, vCISO at CBTS, states, “Everybody wants to try the newest AI tool, it’s human nature. Microsoft’s Threat Intelligence research shows how that curiosity is being used as a lure for phishing attacks. Attackers are taking very well known and trusted AI names and wrapping above average tricks around the lures to disguise their criminal activity. The attackers, code named Storm 3075 by Microsoft, are conducting phishing attacks for credential theft, payment fraud, malvertising, and malware delivery. Victims who might normally pause before clicking are being pulled by human curiosity and fake urgency. They want access to the latest AI tool, maintain their current subscription, access the newest AI model, or the cool capability, and that excitement can cause them to act too quickly instead of thinking first.
Microsoft is not saying ChatGPT, Claude, DeepSeek, or Copilot were compromised, but that their brands are being abused.”