In a concerning evolution of cybercrime, security researchers have identified a new threat known as “VibeScamming” – where malicious actors leverage generative AI to create sophisticated phishing campaigns with minimal effort. Their investigation, published as the “VibeScamming Benchmark v1.0,” systematically tested three major AI systems – ChatGPT, Claude, and Lovable – against a series of increasingly complex requests designed to simulate real-world phishing development scenarios. The benchmark testing showed that certain platforms not only generate realistic login pages mimicking legitimate services but also provide code for credential exfiltration, detection evasion, and hosting solutions. According to the research led by Nati Tal, Head of Guardio Labs, the threat isn’t merely theoretical – it represents a predicted evolution of cybercrime that was flagged in security forecasts for 2025. What previously required specialized knowledge in web development, social engineering, and server management can now be accomplished through conversational prompts to AI assistants, which can generate everything from convincing Microsoft login pages to credential harvesting systems. Guard.io researchers identified this emerging threat in early 2025, conducting extensive testing to evaluate how easily popular AI platforms could be manipulated into creating malicious content. Other evasion techniques included dynamically building page elements to avoid pattern matching, inserting invisible characters into text to disrupt detection patterns, and replacing Latin characters with visually similar Unicode or Cyrillic alternatives. The findings reveal a disturbing reality: while some AI platforms demonstrate robust ethical guardrails, others can be easily co-opted into providing complete, production-ready phishing infrastructure. The research team plans to expand the benchmark to additional platforms and scenarios, emphasizing that AI safety must extend beyond protecting the model itself to preventing harm caused by misuse. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This technique, inspired by the concept of “VibeCoding” (using natural language to build complete applications), allows even total beginners to launch convincing scam operations without coding skills. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The benchmark demonstrated how quickly an unskilled operator could progress from a basic concept to a fully operational phishing campaign targeting Microsoft Office 365 credentials. When prompted, certain platforms provided comprehensive anti-detection code capable of evading security scanners and analysis tools. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 21 Apr 2025 14:15:14 +0000