Cybercriminals are increasingly exploiting the trust organizations place in artificial intelligence platforms to conduct sophisticated phishing attacks, according to a new report from cybersecurity firm Cato Networks. <\/p>\n
The company\u2019s Managed Detection and Response (MDR)<\/a> service recently uncovered a campaign where threat actors leveraged Simplified AI, a popular marketing platform, to steal Microsoft 365 credentials from US-based organizations.<\/p>\n The attack, discovered in July 2025, successfully compromised at least one US investment firm before being detected and contained. <\/p>\n While the campaign is no longer active, security experts warn it represents a dangerous evolution in cybercrime<\/a> tactics that could affect organizations across all industries.<\/p>\n \u201cThreat actors are no longer relying on suspicious servers or cheap lookalike domains,\u201d the Cato Networks report states. <\/p>\n \u201cInstead, they abuse the reputation and infrastructure of trusted AI platforms that employees already rely on, allowing them to bypass defenses and slip into organizations under the cover of legitimacy.\u201d<\/p>\n The sophisticated attack began with emails impersonating executives from a global pharmaceutical distributor, complete with authentic company logos and executive names verified through LinkedIn. <\/p>\n The emails contained password-protected PDF attachments designed to evade automated security scanners that cannot inspect encrypted files.<\/p>\n The phishing campaign employed a multi-layered approach that exploited both social engineering<\/a> and technical evasion tactics:<\/p>\n The attack highlights how cybercriminals are adapting to the rapid adoption of AI tools in corporate environments. <\/p>\n AI marketing platforms<\/a> like Simplified AI have become commonplace in enterprises, with IT departments routinely whitelisting their domains and allowing employee access.<\/p>\n \u201cFor CISOs and IT leaders, approving such services often seems straightforward: allow access, whitelist the domain, and enable the marketing team to innovate,\u201d the report notes<\/a>.<\/p>\n \u201cBut what if the very same platform is leveraged by threat actors to steal from you?\u201d<\/p>\n This incident reflects broader concerns about \u201cshadow AI\u201d usage in enterprises, where employees increasingly rely on AI tools without proper security oversight. <\/p>\n The attackers\u2019 use of established platforms makes detection significantly more challenging for traditional security measures.<\/p>\n Security experts recommend several protective measures:<\/p>\n The attack serves as a wake-up call for organizations to reassess their approach to AI platform security, treating AI traffic with the same scrutiny applied to unknown domains while balancing security needs with business innovation requirements.<\/p>\n Find this Story Interesting! Follow us on Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>.<\/p>\n The post Hackers Use AI Platforms to Steal Microsoft 365 Credentials in Phishing Campaign<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nWeaponizing Trusted AI Platforms<\/strong><\/h2>\n
![\"Hackers](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg3pNjlekjqH5NkRBijgn3_7tQ6yIOn86adeohR8p-4pqLOBH7TQjj0OFI19t64cJ4nWvOftgAQD4woklaC5e8zv9hIgMw_I9KxifmTlaO8yyERzOUG1CI-QdqhaCfZ-uUXrvF8ZthqP3yv44s9UUxkXJRkPa5KVofmIG-WmPI-QoO9XZEXgHbonF3jkKzG\/s583\/Figure-1-7.png_imresizer.webp?ssl=1\")
\n
![\"Hackers](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjLvVDAb3KVOBh_vdwcBY-bhcEAhClNoxbodtpE-aXg6a3F6vfVq0xK4aL7z1lelFBt7xlVCU4UzKFabkh1YxlnNTs5cd7M66nlJ4VzpiCEyl-owzv9YOAGny_eluvAtZqWuZOv_aHPnKTyWM7-6seRzgEHTGAbdgg__r1WR_fRpKuvrNzx4damjsAgIbFe\/s1357\/Figure-2-6.png_imresizer.webp?ssl=1\")
Mitigations<\/strong><\/h2>\n
\n