Trending
Digital IT News
Threat Insights Report

HP Threat Insights Report Shows AI Attacks Evade Defenses

0
By on AI, Endpoints, News, Security, Survey Data
HP Inc. released its latest Threat Insights Report, revealing clear signs that attackers are leveraging AI to expand and speed up their campaigns—often favoring cost, efficiency, and minimal effort over sophistication. Although many of these AI-driven attacks are formulaic and low quality, they are still managing to evade enterprise security defenses.

The Threat Insights report provides an analysis of real-world cyberattacks, helping organizations keep up with the latest techniques cybercriminals are using to evade detection and breach PCs in the fast-changing cybercrime landscape. Based on the millions of endpoints running HP Wolf Security*, notable campaigns identified by HP Threat Researchers include:

  • Vibe-Hacking Scripts Using Booking.com Redirects: Attackers are using AI to generate ready-made infection scripts – known as vibe-hacking – to automate malware delivery. In one campaign, a link within a fake invoice PDF triggers a silent download from a compromised site before redirecting victims to trusted platforms, like Booking.com.
  • Flat-Pack Malware Speeds Up Campaign Building: Threat actors are assembling attacks using inexpensive, off-the-shelf malware components, likely purchased from hacker forums. While lures and final payloads change, attackers are reusing the same intermediate scripts and installers – allowing them to quickly build, customize, and scale campaigns with minimal effort. Notably, this isn’t the work of a single threat group; multiple, unrelated actors are using the same building blocks.
  • Malware Hidden in Fake Teams Installer ‘Piggyback’ Attack: Campaigns distributed malware using search engine poisoning and malicious adverts that promote fake Microsoft Teams websites. Victims download a malicious installer bundle in which hidden Oyster Loader malware piggybacks on the Teams installation process, allowing the real app to install while the infection runs unnoticed – giving the attacker backdoor control of the user’s device.

Alex Holland, Principal Threat Research, HP Security Lab, comments: “It’s the classic project management triangle – speed, quality and cost. You often sacrifice one of them. What we’re seeing is many attackers are optimizing for speed and cost, not quality. They are not using AI to raise the bar; they’re using it to move faster and reduce effort. The campaigns themselves are basic but the uncomfortable reality is they still work.”

By isolating threats that have evaded detection tools on PCs – but still allowing malware to detonate safely inside secure containers – HP Wolf Security has insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 60 billion email attachments, web pages, and downloaded files with no reported breaches.

The report, which examines data from October-December 2025, details how cybercriminals continue to diversify attack methods to bypass security tools with no reported breaches.

  • At least 14% of email threats identified by HP Sure Click bypassed one or more email gateway scanners.
  • Executable files were the most popular delivery type (37%), followed by .zip (11%) and .docx (10%).

Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc., comments: “AI-assisted attacks are shining a spotlight on the limitations of detection-led security. When attackers can generate and repackage malware in minutes, detection-based defences can’t keep up. Instead of trying to spot every variant, organizations need to reduce exposure. By containing high-risk activities – like opening untrusted attachments or clicking unknown links – within an isolated environment, businesses can stop threats before they cause damage and remove an entire class of risk.”

Review the research blog HP Wolf Security Threat Insights Report: March 2026 to view the Threat Insights Report here.

Related News:

HP Wolf Security Reports Animated Lures Trick Users Into Malware Infections

Darktrace Annual Threat Report 2026 Released

About the Data

This data was gathered from consenting HP Wolf Security customers from October – December 2025 with investigations conducted by the HP Threat Research Team.

*HP Wolf Security for Business requires Windows 10 or 11 Pro and higher, includes various HP security features and is available on HP Pro, Elite, RPOS, Thin Client and Workstation products. See product details for included

Share.

About Author

Taylor Graham, marketing grad with an inner nature to be a perpetual researchist, currently all things IT. Personally and professionally, Taylor is one to know with her tenacity and encouraging spirit. When not working you can find her spending time with friends and family.

Related Posts