Microsoft recently warned about a new kind of phishing attack that shows just how quickly cybercriminals are adopting artificial intelligence. In this case, attackers used AI-generated code to hide malicious content inside what looked like an ordinary file, making it difficult for traditional security systems to recognize the threat.
According to Microsoft's researchers, the attack involved a seemingly harmless SVG file that was designed to redirect anyone who opened it to a fake webpage meant to steal login credentials. What made this campaign especially concerning was the way it was written. The code inside the file was unusually complex and verbose - something that Microsoft's own Security Copilot described as "not typical of human authors." In other words, it looked like something produced by a large language model rather than a person.
The phishing emails themselves came from a legitimate but compromised small business account. To appear trustworthy, the attackers posed as a file-sharing service, using language that sounded natural and professional. They also used a tactic where the “from” and “to” fields matched the same address, while the actual targets were hidden in the BCC field. This clever trick helped them avoid detection by basic email filters that look for suspicious sender patterns.
While this particular campaign was limited in scope and mostly affected organizations in the United States, it represents a much larger shift in how cyberattacks are being carried out. Artificial intelligence is now being used on both sides of the cybersecurity battlefield. Defenders use AI to detect and respond to threats faster, while attackers are using it to craft messages that sound human, hide malicious code in new ways, and automate tasks that once required skill and time.
For small businesses and nonprofits, this trend underscores an important reality: phishing attacks are no longer easy to spot by spelling mistakes or obvious red flags. As AI-generated content becomes more convincing, awareness and layered defenses matter more than ever. Simple practices like verifying unexpected emails, using multi-factor authentication, and keeping devices updated can make a significant difference.
Artificial intelligence is changing cybersecurity in real time. Understanding how it is being used by attackers is the first step toward staying safe from it. By remaining cautious, keeping systems current, and encouraging staff to pause before clicking, small organizations can stay one step ahead in an increasingly AI-driven threat landscape.
Read the article from Microsoft here.
Ben Loveless
Co-founder and Developer
