Microsoft has flagged a new phishing campaign that appears to leverage large language models (LLMs) to craft obfuscated SVG payloads, making them appear like legitimate business analytics dashboards. The attack chain uses compromised business email accounts, self-addressed emails, and SVG files containing business-related terminology and modular, over-engineered code that mimics legitimate content. This enables phishing lures to evade static analysis and detection tools. While the campaign was limited in scope and blocked, Microsoft warns that AI-assisted obfuscation and synthetic phishing techniques are growing trends, with attackers increasingly adopting LLMs to automate and enhance their tactics.
You can read more via this Microsoft blog post: https://www.microsoft.com/en-us/security/blog/2025/09/24/ai-vs-ai-detecting-an-ai-obfuscated-phishing-campaign/
Anders Askasen, VP of Product Marketing, Radiant Logic had this comment:
“AI-driven phishing shows us that the frontline isn’t the payload, it’s the person behind the login. Attackers aren’t just tricking defensive filters anymore, they are using LLMs to mimic the texture of legitimate business data. That’s why identity observability is critical. If you can unify identity data into one source of truth, you can see when an account behaves out of character, when credentials are being replayed, or when entitlements don’t match expected patterns. The only way to counter AI-scaled deception is with unified identity intelligence that lets defenders observe, correlate, and act in real time.”
Andrew Obadiaru, CISO, Cobalt follows with this comment:
“Phishing has always been about social engineering, but AI is fundamentally changing the game by making attacks harder to detect both technically and psychologically. The use of LLMs to generate verbose, business-like code isn’t just obfuscation—it’s camouflage that blends seamlessly into enterprise workflows. Security teams can’t rely on static filters or signature-based defenses to catch this. The focus must shift to behavioral detection, red-teaming against AI-assisted tactics, and shortening remediation cycles before attackers can exploit the gap.”
This highlights the fact that we all need to work harder than ever to stay ahead of the bad guys. Because they continue to evolve their tactics to allow them to succeed in making your life as miserable as possible.
Like this:
Like Loading...
Related
This entry was posted on September 29, 2025 at 1:21 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Phishing Campaign Uses LLMs To Craft SVG Payloads To Pwn You
Microsoft has flagged a new phishing campaign that appears to leverage large language models (LLMs) to craft obfuscated SVG payloads, making them appear like legitimate business analytics dashboards. The attack chain uses compromised business email accounts, self-addressed emails, and SVG files containing business-related terminology and modular, over-engineered code that mimics legitimate content. This enables phishing lures to evade static analysis and detection tools. While the campaign was limited in scope and blocked, Microsoft warns that AI-assisted obfuscation and synthetic phishing techniques are growing trends, with attackers increasingly adopting LLMs to automate and enhance their tactics.
You can read more via this Microsoft blog post: https://www.microsoft.com/en-us/security/blog/2025/09/24/ai-vs-ai-detecting-an-ai-obfuscated-phishing-campaign/
Anders Askasen, VP of Product Marketing, Radiant Logic had this comment:
“AI-driven phishing shows us that the frontline isn’t the payload, it’s the person behind the login. Attackers aren’t just tricking defensive filters anymore, they are using LLMs to mimic the texture of legitimate business data. That’s why identity observability is critical. If you can unify identity data into one source of truth, you can see when an account behaves out of character, when credentials are being replayed, or when entitlements don’t match expected patterns. The only way to counter AI-scaled deception is with unified identity intelligence that lets defenders observe, correlate, and act in real time.”
Andrew Obadiaru, CISO, Cobalt follows with this comment:
“Phishing has always been about social engineering, but AI is fundamentally changing the game by making attacks harder to detect both technically and psychologically. The use of LLMs to generate verbose, business-like code isn’t just obfuscation—it’s camouflage that blends seamlessly into enterprise workflows. Security teams can’t rely on static filters or signature-based defenses to catch this. The focus must shift to behavioral detection, red-teaming against AI-assisted tactics, and shortening remediation cycles before attackers can exploit the gap.”
This highlights the fact that we all need to work harder than ever to stay ahead of the bad guys. Because they continue to evolve their tactics to allow them to succeed in making your life as miserable as possible.
Share this:
Like this:
Related
This entry was posted on September 29, 2025 at 1:21 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.