AI-Powered Phishing Kits Like Bluekit Drive Surge in Sophisticated Attacks

Bluekit is an AI-enabled phishing platform that automates and enhances phishing attacks, including bypassing 2FA and mimicking many brands, which directly leads to harm such as credential theft and unauthorized access. The AI assistant helps craft convincing phishing emails, lowering barriers for attackers and increasing the risk and scale of harm. The event describes an active tool used for malicious purposes causing direct harm, fitting the definition of an AI Incident due to realized harm facilitated by AI systems.

The article explicitly states that AI is being used in phishing campaigns to automate and enhance attacks, leading to realized harm such as financial losses and credential theft. This fits the definition of an AI Incident because the AI system's use in phishing has directly led to harm to people and communities (financial fraud victims). The involvement of AI is clear and central to the harm described, and the harm is materialized, not just potential. Hence, this event qualifies as an AI Incident.

Bluekit is an AI system integrated into a phishing kit that automates and enhances phishing attacks, which are harmful activities causing violations of privacy and security rights. The AI assistant helps generate phishing campaign content, directly contributing to the harm. The article details the kit's capabilities and active development, indicating ongoing or imminent harm. This fits the definition of an AI Incident, as the AI system's use has directly led to harm through facilitating phishing attacks.

The article explicitly states that AI is being used in phishing campaigns to craft highly personalized messages and automate attack processes, which are active and ongoing harms to victims. Since phishing causes direct harm to individuals' security and privacy, and AI is a pivotal tool enabling these attacks, this qualifies as an AI Incident under the definition of harm to people resulting from the use of AI systems.