Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security

Sep 29, 2025
Ravie Lakshmanan

Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models (LLMs) to obfuscate payloads and evade security defenses.

"Appearing to be aided by a large language model (LLM), the activity obfuscated its behavior within an SVG file, leveraging business terminology and a synthetic structure to disguise its malicious intent," the Microsoft Threat Intelligence team said in an analysis published last week.

The activity, detected on August 28, 2025, shows how threat actors are increasingly adopting artificial intelligence (AI) tools into their workflows, often with the goal of crafting more convincing phishing lures, automating malware obfuscation, and generating code that mimics legitimate content.

In the attack chain documented by the Windows maker, bad actors have been observed leveraging an already compromised business email account to send phishing messages to steal victims' credentials. The messages feature lure masquerading as a file-sharing notification to entice them into opening what ostensibly appears to be a PDF document, but, in reality, is a Scalable Vector Graphics (SVG) file.
https://thehackernews.com/2025/09/microsoft-flags-ai-driven-phishing-llm.html?_m=3n%2e009a%2e3785%2eqb0ao44uux%2e2tma

Be careful out there.