Threat Actors Use AI To Bypass Defenses

In 2025, cybersecurity reporting documents a sharp rise in AI-generated phishing, QR-code “quishing,” and large malware campaigns distributing RenEngine, HijackLoader, Lumma, and ACR Stealer. Kaspersky tracked RenEngine activity since March 2025 and reports hundreds of thousands of global infections with thousands of new victims daily. The report warns that generative AI and QR lures evade URL-based defenses, urging combined computer-vision detection, behavior-based endpoint protection, and user training.
Key Points
- 1Leverages generative AI and QR quishing to mass-produce convincing phishing lures and portals
- 2Erodes traditional detections by mimicking brand tone and avoiding URL-based scanners
- 3Advise defenders to add QR detection, behavior-based EDR, block pirated-software, and user training
Scoring Rationale
Strong relevance and actionable mitigation guidance; limitation: observational industry reporting lacks novel defensive innovations or techniques
Sources
Public references used for this report.
Practice with real Ad Tech data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Ad Tech problems
