Peter-verreussel/Getty Images
As AI evolves to successfully take on business, personal, and even medical use cases, its capabilities also increasingly make it a security threat.
On Tuesday, researchers at identity validator Okta published a report that found hackers are using v0, an AI website creation tool from Vercel, to create "phishing sites that impersonate legitimate sign-in webpages" using text prompts. Hackers replicated Okta's own login page and other sites, including Microsoft 365, several cryptocurrency companies, and an Okta customer.
Also: Cloudflare just changed the internet, and it's bad news for the AI giants
Okta noted that hackers stored the resources for their phishing pages, including replicated company logos, on Vercel's infrastructure to make their sites look more legitimate. "This is an attempt to evade detection based on resources extracted from CDN logs or hosted on disparate or known-malicious infrastructure," according to the report.
The researchers, who were able to reproduce the findings in a video demo, called this "a new evolution in the weaponization of gen AI." The Okta report noted how AI tools make it easy for hackers to scale their operations to previously unseen heights. Brett Winterford, vice president of Okta Threat Intelligence, told Axios that it was the first time Okta had witnessed threat actors using AI to build phishing infrastructure instead of the phishing content alone, like email text.
While Vercel's v0 is proprietary, there are countless public clones of the application on GitHub -- a drawback of the open-source repository. "This open-source proliferation effectively democratizes advanced phishing capabilities, providing the tools for adversaries to create their own phishing infrastructure.
Also: How to protect yourself from phishing attacks in Chrome and Firefox
In response to the report, Vercel restricted access to the fabricated sites and is collaborating with Okta for future reporting. The report noted that Okta hasn't seen evidence that the hackers' attempts to pull credentials were successful yet.
How to protect your business
... continue reading