AI Phishing Kits Turn Identity Attacks Into Subscriptions

The next wave of AI cybercrime does not look like a genius hacker asking a frontier model for zero-days. It looks more boring, and more dangerous: a subscription kit that helps mediocre attackers run polished identity attacks at scale.

Axios reports that Huntress researchers saw device-code phishing attacks jump 1,380% in the first four months of 2026 compared with the second half of 2025. The important part is not just the size of the spike. It is the mechanism behind it. Huntress linked much of the activity to phishing-as-a-service platforms that bundle identity-theft infrastructure, token interception tooling, phishing kits, and AI-powered workflows into something criminals can rent.

That changes the threat model. For years, AI phishing warnings focused on better-written emails: fewer typos, more believable personalization, cleaner localization. This report points to a more operational shift. Attackers are using automation and generative AI to personalize lures while also packaging the surrounding workflow, from victim targeting to token capture. Huntress told Axios that across hundreds of incidents, no two phishing lures were identical, a pattern that suggests personalization is becoming cheap enough to use broadly rather than selectively.

Device-code phishing is especially uncomfortable because it abuses a legitimate authentication flow. A victim is pushed to a real Microsoft login page and asked to enter a device code controlled by the attacker. Once the victim completes login and multi-factor authentication, the attacker can receive the resulting access token. In plain English: MFA can be present and the attack can still work, because the user is being tricked into authorizing the wrong session.

For companies, the takeaway is sharper than "train employees to spot AI emails." That advice is now too narrow. Security teams need to treat identity flows, token handling, conditional access, device-code policies, and session monitoring as frontline AI-risk controls. If attackers can rent a workflow that makes every lure unique, static awareness training and simple keyword filters lose power quickly.

The bigger signal for Daily AI Paper readers is that AI's security impact is arriving through productization. Criminal groups do not need the most expensive models if automation, cheap generation, and subscription software let them scale what already works. That is the same business logic driving legitimate AI adoption: take a messy expert workflow, wrap it in software, lower the skill floor, and sell repeatability.

This is why the story matters beyond cybersecurity teams. AI risk is becoming an operations problem. If your organization is deploying AI to move faster, assume adversaries are doing the same. The defensive edge will come from redesigning workflows that assume every message can be custom-written, every login path can be socially engineered, and every identity signal needs context beyond "the password and MFA passed."

More AI signals worth your next click

Turn a repeated Claude task into a reusable Skill

Turn ChatGPT Scheduled Tasks into a personal monitoring system

Media's AI playbook is moving from content to operations

Get tomorrow's AI signal before the scroll gets loud.