AI-powered tools accelerate phishing threats, Okta warns

Okta has reported that cybercriminals are exploiting a generative AI tool to produce sophisticated phishing infrastructure targeting organisations and individuals.

AI-driven phishing infrastructure

Okta Threat Intelligence has observed an uptick in the use of v0.dev, an AI-powered platform developed by Vercel, to generate phishing sites that convincingly mimic login pages for prominent brands such as Microsoft 365 and Okta, as well as cryptocurrency companies. The platform enables users to create web interfaces using straightforward natural language prompts, lowering the barrier for threat actors to develop and launch these fraudulent websites.

According to Okta, attackers are able to construct convincing phishing infrastructure in a matter of seconds using minimal input. The process includes replicating brand assets such as logos and hosting the fake pages directly on Vercel's infrastructure. This technique elevates the scale, speed and plausibility of phishing campaigns, making detection and prevention more challenging for organisations utilising traditional defences.

"This marks an expected turning point in adversarial use of AI. We had anticipated we would soon enough see attackers stepping up from using AI to create convincing phishing lures, to now using AI to create the infrastructure that supports phishing campaigns at scale. With these tools, the least skilled adversary can build convincing phishing infrastructure in seconds. This is a wake-up call for every organisation that relies on outdated defences, such as password-based logins. You can't rely on perimeter defence and awareness campaigns alone to mitigate attacks: you need passwordless solutions that remove the ability of users to submit a credential to an attacker."

Okta's 2025 Customer Identity Trends Report reveals that password-based authentication remains widespread throughout the Asia-Pacific region. The report found that 76% of Australians still depend on passwords, with only 55% expressing confidence in their security. In India, 82% of consumers consider passwords convenient, and 80% believe them to be secure, yet 22% admit to reusing the same password across accounts. Password reuse is also prevalent in Japan, with 71% of people admitting to the practice, surpassing the global average.

Efforts to disrupt malicious activity

To combat this trend, Okta has worked with Vercel to restrict access to identified phishing sites and to implement strategies for reporting and mitigating ongoing threats. Hosting phishing components on a reputable platform like Vercel allows malicious actors to enhance the credibility of their campaigns and evade detection mechanisms that usually flag illicit domains or resources.

Okta researchers have demonstrated that using natural language prompts, high-fidelity phishing sites can be generated within minutes. These sites not only imitate the sign-in experiences of well-known brands but also consolidate all page components on the same trusted hosting platform—a method which Okta notes is a deliberate effort by cybercriminals to avoid detection and improve the success rate of their phishing attempts.

Open-source distribution and scalability

Further analysis found that actors are leveraging public repositories on GitHub to either clone the v0.dev application or develop their own generative tools, broadening accessibility to advanced phishing capabilities. This open-source approach means not just established cybercriminals but also less experienced individuals can rapidly construct effective phishing campaigns.

This development signals a significant shift in the phishing threat landscape, with attackers moving from AI-generated content to the use of AI to create the infrastructure underpinning their campaigns. As generative AI tools become more accessible and user-friendly, organisations are increasingly at risk if they rely solely on traditional awareness training and outdated security measures.

Brett Winterford, Vice President at Okta Threat Intelligence, commented further on the evolving threat:

"Organisations can no longer rely on teaching users how to identify suspicious phishing sites based on imperfect imitation of legitimate services. The only reliable defence is to cryptographically bind a user's authenticator to the legitimate site they enrolled in."

Winterford refers to Okta's FastPass technology, a passwordless authentication method within Okta Verify. This method enforces phishing resistance by ensuring users can sign in only to the original domain where they registered, effectively neutralising credential theft attempts.

Recommendations for mitigation

In response to the growing prevalence of AI-generated phishing attacks, Okta Threat Intelligence recommends several measures: enforce phishing-resistant authentication such as Okta FastPass; bind access to trusted, compliant devices; invoke step-up authentication through behavioural detection and network zoning when anomalies are identified; and enhance employee awareness programmes to reflect the sophistication of emerging AI-enabled social engineering tactics.

Okta Threat Intelligence continues to monitor the evolving threat landscape and works with industry partners to develop response strategies and keep organisations informed on identity-based security trends.