Okta Threat Intelligence has identified a new trend in phishing attacks, where cybercriminals are using generative AI tools to develop phishing infrastructure with minimal technical effort. The team observed a series of campaigns using v0.dev, a platform created by Vercel that allows users to generate user interfaces with simple natural language prompts.
These campaigns involve the creation of fake sign-in pages that mimic well-known brands, including Okta, Microsoft 365, and various cryptocurrency platforms. The use of v0.dev enables attackers to quickly build and deploy phishing sites that look highly convincing, significantly increasing the speed and scale of their operations.
“This marks an expected turning point in adversarial use of AI,” said Brett Winterford, Vice President at Okta Threat Intelligence. “We had anticipated we would soon enough see attackers stepping up from using AI to create convincing phishing lures, to now using AI to create the infrastructure that supports phishing campaigns at scale. With these tools, the least skilled adversary can build convincing phishing infrastructure in seconds. This is a wake-up call for every organisation that relies on outdated defences like password-based logins. You can’t rely on perimeter defence and awareness campaigns alone to mitigate attacks: you need passwordless solutions that remove the ability of users to submit a credential to an attacker.”
Growing access to advanced phishing capabilities
In addition to leveraging v0.dev, threat actors have also been seen cloning the platform’s capabilities from public GitHub repositories or building their own custom generative AI tools. This trend is further lowering the barriers to entry for cybercrime, enabling even less experienced individuals to launch sophisticated phishing attacks.
By removing the need for traditional web development skills, AI tools like v0.dev are changing the phishing landscape. These platforms allow attackers to produce tailored, realistic-looking phishing pages in seconds, increasing the risk of successful credential theft.
Okta urges shift to phishing-resistant security
To counter this evolving threat, Okta Threat Intelligence is encouraging organisations to adopt phishing-resistant authentication solutions. Recommendations include deploying Okta FastPass, which uses cryptographic methods to ensure a user can only log in from the device they originally enrolled with.
Device trust policies can also be enforced, ensuring that only approved or compliant devices have access to critical applications. Okta’s Behaviour Detection and Network Zones can trigger additional verification steps when suspicious activity is detected, such as login attempts from unusual locations or devices.
Security awareness training should also be updated to reflect the new tactics enabled by generative AI. Employees need to be educated not only on traditional phishing techniques, but also on the increasing sophistication of AI-powered attacks that exploit human trust and system weaknesses.
Okta Threat Intelligence continues to monitor developments in this area closely. Customers of Okta can access the full security advisory, including mitigation steps and technical indicators, via the Okta Security Trust Center.
