The latest Threat Insights Report from HP Wolf Security shows that attackers are using AI to scale and accelerate campaigns — with many prioritizing cost, effort and efficiency over quality.
Techniques include ‘vibe hacking’, where attackers are using AI to generate ready-made infection scripts to automate malware delivery. In one example a link within a fake invoice PDF triggers a silent download from a compromised site before redirecting victims to trusted platforms, like Booking.com.
Threat actors are assembling attacks using inexpensive, off-the-shelf ‘flat-pack’ malware components, likely purchased from hacker forums. While lures and final payloads change, attackers are reusing the same intermediate scripts and installers, allowing them to quickly build, customize, and scale campaigns with minimal effort. Notably, this isn’t the work of a single threat group , with multiple, unrelated actors using the same building blocks.
The report also highlights campaigns using distributed malware via search engine poisoning and malicious adverts that promote fake Microsoft Teams websites. Victims download a malicious installer bundle in which hidden Oyster Loader malware piggybacks on the Teams installation process, allowing the real app to install while the infection runs unnoticed — giving the attacker backdoor control of the user’s device.
Alex Holland, principal threat research at HP Security Lab, says, “It’s the classic project management triangle — speed, quality and cost. You often sacrifice one of them. What we’re seeing is many attackers are optimizing for speed and cost, not quality. They are not using AI to raise the bar; they’re using it to move faster and reduce effort. The campaigns themselves are basic but the uncomfortable reality is they still work.”
The report, based on data gathered from from October to December 2025, details how cybercriminals continue to diversify attack methods to bypass security tools with no reported breaches. At least 14 percent of email threats identified by HP Sure Click bypassed one or more email gateway scanners. Executable files were the most popular delivery type (37 percent), followed by .zip (11 percent) and .docx (10 percent).
Dr. Ian Pratt, global head of security for personal systems at HP, says, “AI-assisted attacks are shining a spotlight on the limitations of detection-led security. When attackers can generate and repackage malware in minutes, detection-based defences can’t keep up. Instead of trying to spot every variant, organizations need to reduce exposure. By containing high-risk activities — like opening untrusted attachments or clicking unknown links — within an isolated environment, businesses can stop threats before they cause damage and remove an entire class of risk.”
You can read more and get the full report on the Wolf Security blog.
Image credit: solarseven/depositphotos.com
