Experts warn this top GenAI tool is being used to build phishing websites
Attackers are building phishing sites with natural language prompts

- Okta warns GenAI tool v0.dev is being exploited to build phishing sites
- The malicious sites are being hosted on Vercel infrastructure to appear more legitimate
- AI tools are also commonly citing false URLs, putting unsuspecting users at risk of attacks
New Okta research has revealed how threat actors are using Vercel's v0.dev to build realistic phishing sites which mimic legitimate sign-in pages, with researchers successful reproducing the alleged technique to prove its feasibility.
v0.dev allows users to create web interfaces from simple, natural language prompts, which researchers say is concerning because the technology has now been proven to lower the technical barrier for phishing attacks and other types of cybercrime.
Although Vercel and Okta have worked together to restrict access to known sites, many argue there's very little that can be done to prevent such attacks now AI tools have become so widespread.
GenAI is now creating phishing sites
Okta found the fake phishing sites to be impersonating company logos and other assets to reduce detection by unsuspecting victims, with the sites hosted on Vercel's infrastructure to appear more legitimate. Microsoft 365 and fake crypto sites were among the most popular.
The open source availability of v0.dev clones and guides on GitHub has also broadened access to these capabilities for less experienced developers and attackers.
Okta is recommending that all users set up multi-factor authentication on supported accounts, binding authenticators to original domains via tools like Okta FastPass to ensure that fake sites don't get access to your credentials.
"Organizations can no longer rely on teaching users how to identify suspicious phishing sites based on imperfect imitation of legitimate services," Okta's researchers noted.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Companies should also update their cybersecurity training programs to address risks from AI-generated phishing attacks and social engineering.
The news comes soon after another report revealed around one-third of GenAI chatbot responses containing login URLs were false, with attackers registering false domains that are cited by tools like ChatGPT to establish their own phishing campaigns.
You might also like
- Protect your digital footprint by installing the best VPNs
- Consider using the best password managers and best authenticator apps
- AI is making phishing emails far more convincing with fewer typos and better formatting: Here's how to stay safe
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.