AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Image
Episode 3  •  Mar 6, 2026  •  15 Min

Deepfakes, Spyware Skits & LLMs for Hire

How Attackers Are Weaponizing Automation, Trust, and LLMs

This week’s headlines reinforce a few consistent patterns. Attackers are manipulating AI-driven workflows to trigger actions across SaaS platforms. Trusted marketplace integrations are becoming long-term attack paths. Advanced mobile spyware is becoming more accessible. And AI-assisted reconnaissance is shrinking the window between exposure and exploitation.

None of this represents a brand-new exploit class. What’s changing is where risk concentrates: in automation, third-party integrations, mobile endpoints, and response speed.

Key Takeaways:

Promptware Leveraging Google Calendar Invites
Cyber Security News

  • What matters: Calendar invites aren’t new, but integrating AI assistants into systems that can take action introduces risk. Prompt injection exposure depends on the quality of the model and the surrounding software, and weaknesses in one implementation likely indicate weaknesses elsewhere.
  • What’s overhyped: The delivery vector itself isn’t novel. This is an old technique being adapted to an AI-enabled environment, not a fundamentally new class of attack.

First Malicious Outlook Add-In Stealing Credentials
The Hacker News

  • What matters: Domain takeovers can occur in places people don’t typically look, including multi-tenant Microsoft applications. In this case, the abandoned domain was tied to an Outlook add-in that applied across tenants and had permissions to read and write mail. The combination of multi-tenant exposure and privileged permissions increases impact. Third-party applications and add-ins require active review as part of risk management.
  • What’s overhyped: Domain takeover itself isn’t new, and the core mechanism is familiar from subdomain takeover patterns. The difference here is where it occurred, not how it worked.

ZeroDayRAT Mobile Spyware Kit
SecurityWeek

  • What matters: Mobile exploitation typically requires user interaction, such as installing an application, but this toolkit appears to leverage a browser-based vulnerability where simply visiting a webpage can establish access. The tooling is packaged as an all-in-one system with a dashboard for operators, enabling payload customization and deployment through phishing or coercion. It can escalate privileges, access sensors, GPS, camera, microphone, and other device data. More broadly, capabilities traditionally associated with nation-state actors are being packaged and commoditized for broader use, lowering the barrier to entry.
  • What’s overhyped: Malware being sold via Telegram or underground channels is not new. The “nation-state grade” label depends on the level of compromise achieved; if it is user-level rather than kernel-level, it is materially different from tools like Pegasus. Many mobile compromises still depend on user behavior, such as installing untrusted applications, particularly in less restrictive app ecosystems.

AI-Assisted Deepfake CEO + Zoom Scam
PC Gamer

  • What matters: Deepfake technology is being used not just for fraud, but to gain initial access into environments. The attack chain is consistent: fake calendar invite, Zoom call with real-time video or voice impersonation, and instructions delivered under the authority of executive leadership. In this case, the impersonation was used in a “ClickFix” scenario to persuade the victim to run commands, establish a foothold, and then pivot within the environment. The targeting focus remains cryptocurrency and finance-related organizations.
  • What’s overhyped: The attack chain itself is not new. Similar executive impersonation campaigns using video occurred as early as 2024, following the same pattern of calendar invite, trusted call, and authority-based instruction. The difference is continued use and refinement, not a new methodology.

Poland Energy Grid Cyberattack & CISA Warning
Cyber Scoop

  • What matters: The core issue is segmentation between corporate IT environments and operational technology environments. In this case, an exposed edge device connected to the internet lacked proper segmentation from the internal network, enabling lateral movement. As IT and OT systems converge, including cloud-managed device updates delivered over the air, historical separation weakens, increasing pivot risk.
  • What’s overhyped: The pivot itself is not novel. The underlying issue remains basic network-level segmentation rather than advanced tradecraft.

Nation-State Hackers Using Gemini
The Record

  • What matters: LLMs are being used by threat actors to automate reconnaissance, exploitation, and post-exploitation activities, including gaining situational awareness and pivoting laterally. Prior incidents have shown LLMs conducting these tasks across multiple organizations. Commercial frontier models provide some monitoring through API usage, but open-source and locally run models remove that oversight. The result is increased automation and operational efficiency for attackers.
  • What’s overhyped: This is not the first instance of LLMs being used by adversaries. The development reflects continued automation and efficiency gains rather than a new category of attack.
Sean McMillan Headshot

Sean McMillan

Community Manager

Sean McMillan is Community Manager at Bishop Fox, focused on making complex security topics easier to understand and more interesting to follow. He holds a bachelor’s degree in Mass Communication and Media Studies from Arizona State University and brings over a decade of experience in podcasting, live hosting, and audience engagement. As host of Initial Access, he works with practitioners to explore how real-world attacks actually happen.

More by Sean McMillan
Leron Gray Headshot BF

Leron Gray

Senior Security Consultant - Red Team

Leron Gray is a Senior Security Consultant II on Bishop Fox's Red Team. He previously worked at Microsoft on the Azure Red Team and as a Cryptologic Technician (Networks) for the U.S. Navy.

Leron holds a Masters in Cyber Defense from Dakota State University and is a PhD candidate for Cyber Operations. He has a graduate certification in penetration testing and ethical hacking from SANS Technology Institute.

More by Leron Gray
Brandon Kovacs Headshot

Brandon Kovacs

Senior Security Consultant

Brandon Kovacs (CRT, OSCP) is a Senior Security Consultant at Bishop Fox, where he specializes in red teaming, network penetration testing, and physical penetration testing. As a red team operator, he is adept at identifying critical attack chains that an external attacker could use to fully compromise organizations and reach high-value targets.

To support physical and external testing, Brandon has built the 2023 edition of Bishop Fox’s Tastic RFID Thief to include Wi-Fi and remote control, allowing for more effective capture of RFID badges from a few feet away. He actively performs research and development into artificial intelligence for use in offensive security engagements.

Brandon is also recognized as a deepfake expert, conducting speaking sessions and live demonstrations at several global security and technology conferences. His research focuses on using AI and high-quality deepfakes to perform social engineering.

More by Brandon Kovacs

Subscribe to our PODCAST

Real talk on the threats, trends, and tactics shaping security today

Listen Anywhere

Spotify iHeartRadio YouTube Apple Podcasts Amazon Music

Recommened Resources

You might be interested in these related Resources.

Datasheets

AI-Powered Application Penetration Testing Datasheet

AI-Powered Application Penetration Testing Datasheet

Most enterprises are managing dozens — sometimes hundreds — of applications with the same constrained budgets and headcount. Bishop Fox AI-Powered Application Penetration Testing delivers validated, expert-reviewed findings across your entire portfolio without the noise or overhead.

Download Datasheet
Guides

Secure AI-Assisted Development: 15 Guardrails for Shipping AI-Generated Code

Secure AI-Assisted Development: 15 Guardrails for Shipping AI-Generated Code

Before releasing AI-developed software, use our recommended security guardrails checklist to learn how to constrain generated code, enforce security controls, and prevent silent risk from prompt to production.

Read Guide
Reports

2026 GigaOm Radar for Attack Surface Management

2026 GigaOm Radar for Attack Surface Management

Get an overview of the 2026 Attack Surface Management (ASM) market — along with the key features and business criteria met by the top solutions — and learn why Bishop Fox was named Leader and Fast Mover by the analysts at GigaOm.

Read Report