Phishing is already a favored technique among criminals, and a demonstration by Symantec showcased how AI agents can supercharge these attacks.
The security company tasked OpenAI’s recently launched Operator agent with carrying out a phishing attack on a member of Symantec’s organization from start to finish. First, the agent identified the person who performed a specific role within the organization and located their email address. Then, Operator created a PowerShell script designed to gather systems information and sent an email the target using a “convincing lure.”
Teaching AI Cybercrime
The AI model initially refused the instructions on grounds they involved “sending unsolicited emails and potentially sensitive information” that could violate privacy and security rules. However, after researchers convinced Operator that they had proper authorization, the agent complied—a vulnerability that is also present in OpenAI’s ChatGPT.
Once assigned the task, Operator located its target using publicly available data. While the target’s email address was private, the AI agent deduced it by analyzing similar addresses within the same company.
Operator then studied websites to learn about PowerShell scripts, after which it drafted its own and sent the email. According to Symantec, the email—sent from a fake account—was reasonably convincing.
Working With Little Prompting
AI has quickly become a mainstay in fraud attacks, enabling bad actors to create deepfakes and cheapfakes that can fool consumers into making a financial mistake. However, at this stage, most of these attacks aren’t sophisticated enough to convince most individuals.
The attack orchestrated by Operator was relatively straightforward and did not reach the same level of most human-generated phishing attacks, which are increasingly hard to spot.
However, AI agents pose a formidable challenge because they can operate tirelessly with minimal input to accomplish their goals. This autonomy allows criminals to scale their attacks on a much wider scale with fewer technological barriers to entry.
