The First Robot Cyberwar: Microsoft Defeated an AI Hacker. But For How Long?
Business terms were used as an instrument for masterful obfuscation for the first time.
Specialists from Microsoft Threat Intelligence have documented an attack in which threat actors, for the first time, used artificial intelligence to disguise phishing code. The objective was to steal credentials from companies in the United States.
A malicious SVG file concealed its true functionality behind a layer of pseudo-business terminology and an imitation of an analytics dashboard, allowing it to bypass simple checks. Analysis revealed that the code structure was uncharacteristic of manual writing and was likely created by a generative model.
The emails were sent from a compromised corporate account, with the 'To' field matching the sender's address, while the actual recipient addresses were placed in the BCC field. The attachment mimicked a PDF document but was actually an SVG file with embedded JavaScript. Upon opening, the file redirected the victim to a CAPTCHA page, after which, according to Microsoft, a fake login form for harvesting passwords was supposed to load.
The main feature of the attack was its atypical obfuscation. The SVG code contained elements with names like "Business Performance Dashboard," which remained invisible due to zero opacity. Furthermore, the malicious functionality was masked using a set of business terms ("revenue," "operations," "dashboard," "kpi," etc.) that were converted into symbols and commands through a multi-stage algorithm. The script executed a browser redirect to a malicious resource, initiated environment fingerprinting, and tracked sessions.
Microsoft's analytical system concluded that the code was highly likely created by artificial intelligence. Telltale signs included overly descriptive function names with hexadecimal suffixes, excessive modularity, repetitive logic blocks, cumbersome comments in the style of business documentation, and the formal use of XML constructions, which is characteristic of generative models.
Despite the sophisticated disguise, the campaign was stopped by cloud-based Microsoft Defender. Heuristics were triggered by a combination of signs: suspicious use of BCC, self-sending emails, an SVG attachment disguised as a PDF, a redirect to a previously identified phishing domain (kmnl[.]cpfcenters[.]de), the presence of hidden logic, and session tracking.
Microsoft emphasized that the use of AI does not negate the ability to detect attacks. On the contrary, synthetic code often leaves additional artifacts that can be used for analysis. The company recommends that administrators enable link checking on click (Safe Links), activate the Zero-hour Auto Purge function to quarantine already delivered messages, use browsers with SmartScreen support, and implement phishing-resistant multi-factor authentication via Microsoft Entra.
This case demonstrates that threat actors are already actively experimenting with neural networks to enhance stealth, but defense systems, also powered by AI, are capable of effectively countering such campaigns.
