Tuesday, 26 August 2025
29.1 C
Singapore
28.7 C
Thailand
19.2 C
Indonesia
27.6 C
Philippines

Okta warns of AI-powered phishing infrastructure built with v0.dev

Okta reports that attackers are using AI tool v0.dev to rapidly create phishing infrastructure, urging organisations to adopt passwordless security.

Okta Threat Intelligence has identified a new trend in phishing attacks, where cybercriminals are using generative AI tools to develop phishing infrastructure with minimal technical effort. The team observed a series of campaigns using v0.dev, a platform created by Vercel that allows users to generate user interfaces with simple natural language prompts.

These campaigns involve the creation of fake sign-in pages that mimic well-known brands, including Okta, Microsoft 365, and various cryptocurrency platforms. The use of v0.dev enables attackers to quickly build and deploy phishing sites that look highly convincing, significantly increasing the speed and scale of their operations.

“This marks an expected turning point in adversarial use of AI,” said Brett Winterford, Vice President at Okta Threat Intelligence. “We had anticipated we would soon enough see attackers stepping up from using AI to create convincing phishing lures, to now using AI to create the infrastructure that supports phishing campaigns at scale. With these tools, the least skilled adversary can build convincing phishing infrastructure in seconds. This is a wake-up call for every organisation that relies on outdated defences like password-based logins. You can’t rely on perimeter defence and awareness campaigns alone to mitigate attacks: you need passwordless solutions that remove the ability of users to submit a credential to an attacker.”

Growing access to advanced phishing capabilities

In addition to leveraging v0.dev, threat actors have also been seen cloning the platform’s capabilities from public GitHub repositories or building their own custom generative AI tools. This trend is further lowering the barriers to entry for cybercrime, enabling even less experienced individuals to launch sophisticated phishing attacks.

By removing the need for traditional web development skills, AI tools like v0.dev are changing the phishing landscape. These platforms allow attackers to produce tailored, realistic-looking phishing pages in seconds, increasing the risk of successful credential theft.

Okta urges shift to phishing-resistant security

To counter this evolving threat, Okta Threat Intelligence is encouraging organisations to adopt phishing-resistant authentication solutions. Recommendations include deploying Okta FastPass, which uses cryptographic methods to ensure a user can only log in from the device they originally enrolled with.

Device trust policies can also be enforced, ensuring that only approved or compliant devices have access to critical applications. Okta’s Behaviour Detection and Network Zones can trigger additional verification steps when suspicious activity is detected, such as login attempts from unusual locations or devices.

Security awareness training should also be updated to reflect the new tactics enabled by generative AI. Employees need to be educated not only on traditional phishing techniques, but also on the increasing sophistication of AI-powered attacks that exploit human trust and system weaknesses.

Okta Threat Intelligence continues to monitor developments in this area closely. Customers of Okta can access the full security advisory, including mitigation steps and technical indicators, via the Okta Security Trust Center.

Hot this week

Keeper Security launches biometric login with passkeys

Keeper Security introduces biometric passkey login, allowing secure passwordless access to vaults through Windows Hello and Apple Touch ID.

Google Cloud unveils new AI security capabilities at Security Summit 2025

Google Cloud reveals new AI-powered security tools at Security Summit 2025 to protect AI systems and boost cyber defence.

Meta introduces an AI dubbing tool for Instagram and Facebook videos

Meta rolls out an AI dubbing tool for Instagram and Facebook reels, starting with English-Spanish translations for eligible creators.

Spotify introduces new DJ-style mixing tool for playlists

Spotify tests new Mix feature for Premium users, offering DJ-style transitions and custom playlist mixing options.

Zoho showcases AI-powered business solutions at Zoholics Hong Kong

Zoho unveils AI-powered solutions including Zia LLM, Zia Hubs, and enhanced CRM at Zoholics Hong Kong to support business growth.

Google rolls out QR code verification for secure messaging

Google is testing QR code verification in Messages, making it easier for users to confirm the identity of contacts and secure RCS chats.

NVIDIA unveils Jetson Thor, its next-generation robotics computing platform

NVIDIA launches Jetson Thor, a next-gen AI robotics platform with 7.5x computing power, designed for developers and large-scale robotics projects.

Apple set to bring back Touch ID with upcoming foldable iPhone

Apple is expected to launch its first foldable iPhone in 2026, featuring Touch ID, four cameras and a slim in-cell display design.

Apple’s upcoming iPhone strategy signals a major design shift

Apple is set to launch a slimmer iPhone Air next month, with a foldable model expected in 2026 and a curved-glass 20th anniversary device planned for 2027.

Related Articles

Popular Categories