HP has published its latest Security Threat Report, in which warns against the use of AI attacks to expand and accelerate malicious campaigns. C Many prioritize low cost and speed over technical sophistication. Although these are simple attacks with few resources, AI-assisted attacks are managing to evade companies’ defensive systems.
HP’s alert is not new and confirms that the massive and accelerated implementation of artificial intelligence models is a great challenge in terms of computer security. And as generative AI tools have become more powerful, affordable and accessible, cybercriminals increasingly adopt them to support all types of attacks.
HP’s report analyzes real-world cyberattacks and helps organizations understand the techniques cybercriminals use to evade detection systems and compromise computer security. Based on analysis of millions of devices protected with HP Wolf Security, top campaigns identified by HP threat researchers include:
– Scripts de vibe-hacking that use redirects to Booking.com– Attackers are using artificial intelligence to generate out-of-the-box infection scripts, known as vibe-hacking, to automate malware distribution. In one of the detected campaigns, a link included in a fake PDF invoice initiates a silent download from a compromised website and subsequently redirects the victim to a trusted platform such as Booking.com, with the aim of not raising suspicions.
– Flat-pack malware speeds up campaign creation: Malicious actors are mounting attacks with inexpensive, off-the-shelf malware components, likely purchased from hacker forums. Although the lures and final payloads vary, they reuse the same intermediate scripts and installers. This allows them to create, personalize and scale campaigns with minimal effort. The researchers point out that this is not a single group, but rather multiple actors using the same basic components.
– Malware hidden in a fake Teams installer, piggyback attack: Campaigns that distributed malware through fraudulent search engine positioning and sponsored malicious ads that promoted fake Microsoft Teams pages have also been detected. Victims download an infected installer in which the Oyster Loader malware runs during the installation process. While the legitimate app is installed normally, the infection goes unnoticed and grants the attacker remote access to the device.
AI attacks are a big problem
«It is the classic triangle of project management: speed, quality and cost. Normally one of these elements is sacrificed. What we are seeing is that many attackers prioritize speed and cost, not quality. They don’t use AI to make attacks more sophisticated, but rather to execute them faster and with less effort. The campaigns are basic, but they are still effective »explains Alex Holland, principal threat researcher at the HP Security Lab.
By isolating threats that evade detection systems, but allowing malware to activate in a controlled manner within secure containers, HP Wolf Security gains up-to-date visibility into the techniques used by cybercriminals. To date, customers have opened more than 60 billion attachments, web pages, and downloaded files without reporting violations.
The report, which analyzes data from October to December 2025, shows how Cybercriminals continue to diversify their methods to bypass traditional detection tools:
- At least 14% of email threats identified by HP Sure Click bypassed one or more gateway scanners.
- Executable files were the most popular delivery type (37%), followed by .zip (11%) and .docx (10%) files.
«AI attacks reveal the limitations of detection-based security. When attackers can generate and repackage malware in minutes, traditional defenses can’t keep up. Instead of trying to detect all variants, organizations should reduce their risk exposure. If they contain high-risk activities, such as opening untrusted attachments or clicking on unknown links, in isolated environments, they can stop threats before they cause damage and eliminate an entire category of risks.warns Ian Pratt, global director of security for personal systems at HP.
