Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Threat Actors Are Increasingly Abusing Generative AI Tools for Phishing

    KnowBe4 Team | Aug 22, 2025

    ChatGPTCybercriminals are increasingly abusing AI-assisted website generators to quickly craft convincing phishing sites, according to researchers at Palo Alto Networks’ Unit 42.

    In many cases, even when these services have safeguards in place to prevent abuse, criminals are able to bypass these measures in order to create phishing pages. Unit 42 tested a popular website generator to see how easy it was to spin up a spoofed website.

    “The website builder only required a valid email address to establish a trial account and publish a page impersonating our company,” Unit 42 says.

    “Since these pages are intended to quickly establish a web presence for a new company or organization, they lack the design elements that criminals would otherwise use to spoof a targeted brand. In our test, the website builder promised to generate a free AI website in 60 seconds, which is an accurate statement. Our only input was a brief description of the company for an initial text prompt.”

    Additionally, the researchers found that approximately 40% of AI abuse by threat actors involved writing assistants or chatbots. These tools can help attackers write tailored phishing messages that are free from typos or grammatical errors.

    “Text generation tools — such as conversational, writing and meeting assistants — can enhance productivity, content creation and customer interaction,” Unit 42 says. “However, attackers can manipulate them to generate convincing phishing content, spread misinformation or leak confidential data.”

    AI tools are rapidly increasing in sophistication, and Unit 42 says misuse of these tools will keep pace. The researchers state, “Our telemetry reflects the growing adoption of GenAI applications and services, and we expect a corresponding increase in attacks that take advantage of GenAI as time passes.”

    AI-powered security awareness training can give your organization an essential layer of defense against evolving social engineering attacks. KnowBe4 enables your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    Unit 42 has the story.

    Topics: Social Engineering Human Risk Management AI

    See AIDA in Action

    Autonomous agents detect, respond, and adapt faster than humanly possible.

    Request a Demo

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk and agent security best practices, compliance strategies and industry research to help organizations strengthen their digital defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog

    Posts By Topic

    View All