Bad Actors Use AI to Quickly Create Phishing Sites in Just Seconds.

2025-07-03

Security Threats in the Age of AI

A recent discovery by security firm Okta has revealed that cybercriminals are utilizing Vercel’s v0 generative artificial intelligence tool to create highly convincing phishing websites with minimal effort. These fake sites, crafted from simple prompts, pose a significant threat to various organizations and individuals.

Phishing Sites Generated by AI

The AI platform has been used to replicate the sign-in pages of well-known brands such as Microsoft 365 and crypto companies, making it difficult for users to distinguish between legitimate and fake websites. Vercel’s intention was to assist web developers in building sophisticated interfaces using natural language instructions. However, the tool is now being exploited by bad actors to create deceptive phishing sites.

Notably, there are publicly available GitHub repositories that contain the v0 application along with manuals guiding others on how to create their own AI-driven phishing tools. This sharing of resources among criminals contributes to a concerning trend in cybercrime practices, as more platforms offer cybercrime-as-a-service, enabling bad actors to purchase ready-made tools like ransomware and DDoS attacks.

Evolution of AI-Centric Cyberattacks

The rise in these AI-based phishing tactics marks a significant shift. Traditionally, deepfake technology was the primary focus for cybercriminals, but they have rapidly adapted to using AI more effectively. This adaptation is due to the lack of regulatory and operational constraints that businesses—especially financial institutions—face.

This development poses new challenges for organizations. Phishing sites created with Vercel’s platform are highly realistic, making them harder to spot compared to earlier phishing attempts characterized by misspellings or suspicious domain names. Consequently, user education alone is insufficient; organizations need stronger authentication methods to ensure only authorized individuals gain access to critical systems.

Strengthening Anti-Phishing Measures

To combat the threat of AI-driven phishing, companies should implement rigorous verification processes and continuous authentication checks. By treating authentication as an ongoing process, organizations can minimize the risk of unauthorized access and potential damage from cybercriminals.