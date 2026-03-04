Cybercriminals leverage GenAI to accelerate attack creation

Campaigns prioritize speed and scale over sophistication

Report shows basic tactics still bypass defenses

Cybercriminals are “vibe-hacking” their way into enterprise environments, using Generative Artificial Intelligence (GenAI) to make launching attacks faster and easier, research has claimed, noting although the attacks are less sophisticated compared to non-AI ones, this is a tradeoff cybercriminals are apparently happy to take.

The latest Threat Insights Report from HP Wolf Security claims to have seen AI tools being used in different ways. In one campaign, a fake invoice PDF contained a link that triggered a download from a compromised site, before redirecting the victim to a trusted platform.

In another one, the crooks were using off-the-shelf malware components and optimizing them with custom lures and payloads. This allows them to “quickly build, customize, and scale campaigns with minimal effort”.

Piggyback attacks

The researchers also observed a so-called “piggyback” attack, in which malware was hidden in fake Teams installers.

Victims would download a malicious installer bundle with a hidden Oyster Loader malware piggybacking on the Teams installation process. So, while the real app is being installed, the victims don’t notice the infection happening in the background.

“It’s the classic project management triangle - speed, quality and cost. You often sacrifice one of them. What we’re seeing is many attackers are optimizing for speed and cost, not quality,” said Alex Holland, Principal Threat Research, HP Security Lab.

“They are not using AI to raise the bar; they’re using it to move faster and reduce effort. The campaigns themselves are basic but the uncomfortable reality is they still work.”

Looking at the report, it would seem that quality isn’t the defining factor here. As per HP’s telemetry, at least 14% of malicious emails managed to bypass one or more email gateway scanners, suggesting that the “low quality, high quantity” approach does work. The most popular delivery type were executable files (37%), .ZIP archives (11%), and .DOCX files (10%).

