Hot Features
Premium
Trade smarter, not harder: Unleash your inner pro with our toolkit and live discussions.
Artificial intelligence is transforming how we work, build, and communicate—but it is also quietly reshaping the world of cybercrime. Security researchers are now warning about a growing threat known as “VibeScamming,” a new scam model where cybercriminals use generative AI to create highly convincing phishing attacks with little to no technical expertise.
According to recent findings by cybersecurity firm Guardio, scammers no longer need coding skills, deep technical knowledge, or elaborate infrastructure to launch effective attacks. With nothing more than access to popular AI tools and a few cleverly written prompts, even beginners can now design and deploy sophisticated phishing campaigns.
When Scamming Becomes “No-Code”
The term “VibeScamming” borrows from “vibe-coding,” a trend where developers build apps simply by describing what they want to AI systems—no programming required. In the cybercrime space, this means phishing has effectively become “plug and play.”
Guardio’s researchers found that AI tools can generate fake login pages, phishing SMS messages, email templates, and even full scam workflows without writing a single line of code. The barrier to entry for online fraud has dropped dramatically, allowing scams to scale faster than ever before.
To understand how serious this threat has become, Guardio created the VibeScamming Benchmark v1.0, a structured framework that simulates an entire phishing operation. Researchers interacted with AI models as if they were junior scammers, gradually escalating requests to see how far each platform could be pushed into producing malicious content.
Testing the Guardrails of Popular AI Models
The benchmark examined three major AI platforms: OpenAI’s ChatGPT, Anthropic’s Claude, and Lovable, a newer AI-powered web app builder. The results revealed major differences in how these systems handle abuse.
ChatGPT showed the strongest defenses, consistently refusing to provide actionable scam guidance and redirecting conversations toward general, non-harmful explanations.
Claude performed well initially but proved more vulnerable when requests were framed as “ethical hacking” or security research. Under these narratives, it sometimes generated detailed phishing code and evasion techniques.
The most alarming results came from Lovable. Designed to help users rapidly build and deploy web applications, Lovable enabled the creation of polished phishing websites complete with hosting, credential dashboards, and SMS campaign tools—all with minimal friction or oversight.
Source: create.vista.com
AI-Generated Phishing That Looks Alarmingly Real
One of the most troubling findings was how easily AI could reproduce near-perfect copies of real login pages. In some tests, scammers only needed a short prompt—or a screenshot—for the AI to recreate Microsoft’s authentication portal with astonishing accuracy.
Lovable went even further, embedding real-world phishing mechanics into these pages. Victims were redirected to legitimate sites after credentials were stolen, making the attack harder to detect. Pages were hosted on deceptive subdomains that looked nearly identical to authentic ones.
When researchers asked for ways to avoid detection, both Claude and Lovable offered advanced techniques such as browser fingerprint evasion, randomized page elements, and traffic obfuscation. Lovable’s implementations were especially polished, highlighting the risk posed by AI tools optimized for speed and ease of use.
Industrializing Cybercrime With AI
The benchmark also explored how AI could assist with backend operations. Some models generated scripts for storing stolen credentials, routing data through anonymized APIs, or sending harvested information directly to Telegram channels. These capabilities point to a future where cybercrime becomes increasingly automated and scalable.
While mainstream platforms have improved their safeguards, Guardio’s research makes one thing clear: AI innovation is moving faster than AI security controls. Tools built to empower creators can just as easily empower criminals when guardrails are weak or inconsistent.
A Wake-Up Call for the AI Industry
VibeScamming represents a dangerous shift in the threat landscape. The same features that make AI tools attractive for rapid development—speed, simplicity, and automation—also make them powerful weapons in the wrong hands.
Guardio’s findings serve as a warning to AI developers, policymakers, and cybersecurity professionals alike. As AI becomes more accessible, protecting users must become a core design principle, not an afterthought.
The future of AI does not have to come at the expense of digital safety—but addressing threats like VibeScamming will require stronger safeguards, responsible deployment, and continuous vigilance before these tools are exploited at scale.
Learn from market wizards: Books to take your trading to the next level
