AI-Augmented EvilTokens Phishing Campaign Compromises Hundreds Daily

The article explicitly mentions an AI-driven infrastructure automating phishing attacks that have already caused hundreds of compromises daily, indicating realized harm. The AI system's use directly leads to violations of security and unauthorized access, which constitutes harm to persons and organizations. Therefore, this qualifies as an AI Incident due to the direct and ongoing harm caused by the AI-enabled phishing campaign.

The event explicitly involves AI systems used to generate personalized phishing emails, which are a critical part of the attack chain leading to successful compromises and data theft. The harm includes unauthorized access to corporate accounts, theft of financial data, and violation of privacy and security rights of organizations and individuals. The AI system's role is pivotal in enabling the scale and sophistication of the phishing campaign, directly causing harm. Hence, this is an AI Incident rather than a hazard or complementary information.

The EvilTokens platform explicitly integrates AI systems (large language models) to automate the analysis of stolen emails and the generation of tailored BEC attack emails. This AI involvement is central to the malicious use of the system, which has already been adopted by cybercriminals and is actively causing harm through financial fraud. The event details the operation, capabilities, and impact of this AI-augmented phishing kit, demonstrating direct causation of harm (financial losses and compromise of accounts). Hence, it qualifies as an AI Incident under the framework, as the AI system's use has directly led to significant harm to individuals and organizations.