CyberWire Daily - The phishing kit that thinks like a human. [Research Saturday]
Episode Date: February 7, 2026Piotr Wojtyla, Head of Threat Intel and Platform at Abnormal AI, is discussing their work on "InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime." A new AI-powered phishing kit ca...lled InboxPrime AI is rapidly gaining traction in underground forums, automating the creation and delivery of highly believable phishing emails that mimic legitimate business communications and leverage Gmail’s web interface to evade detection. First spotted in October 2025, the kit combines AI-generated content, template variation, sender identity spoofing, and built-in spam checks to maximize inbox placement and dramatically lower the barrier to running large-scale phishing campaigns. Its shift to a one-time $1,000 purchase and growing user base underscore the industrialization of phishing and highlight how quickly AI-driven attack tools are outpacing legacy email defenses. The research can be found here: InboxPrime AI: New Phishing Kit Fueling Scalable, AI-Powered Cybercrime Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Most security conferences talk about zero-trust.
Zero-Trust world puts you inside.
This is a hands-on cybersecurity event designed for practitioners who want real skills, not just theory.
You'll take part in live hacking labs, where you'll attack real environments, see how modern threats actually work, and learn how to stop them before they turn into incidents.
But Zero Trust World is more than labs.
You'll also experience expert-led sessions, practical case studies, and technical deep dives focused on real-world implementation.
Whether your blue team, red team, or responsible for securing an entire organization, the content is built to be immediately useful.
You'll earn CPE credits, connect with peers across the industry, and leave with strategies you can put into action right away.
Join us March 4th through the 6th in Orlando, Florida.
Register now at ZTW.com and take your zero-trust strategy from theory to execution.
Hello, everyone, and welcome to the CyberWires Research Saturday.
I'm Dave Bittner, and this is our weekly conversation with researchers and analysts
tracking down the threats and vulnerabilities,
solving some of the hard problems and protecting ourselves in a rapidly evolving cyberspace.
Thanks for joining us.
We've been seeing a number of attacks that was leveraging accounts or were originating from
Gmail accounts, from legitimate infrastructure, and had a very nice and Polish AI generated content.
And we've been on the lookout for is there any particular tool, is there any particular capability,
is there any particular new thing that the attackers developed that might have support that
particular types of, you know, flavor of attacks. And that ultimately is how we arrived
at this particular tool is for research and the continuous monitoring of what the attackers are doing.
That's Piot Voicea, head of threat intelligence and platform at Abnormal AI.
The research we're discussing today is titled Inbox Prime AI, new fishing kit fueling scalable AI-powered cybercrime.
Well, for listeners who haven't seen your research, how would you describe inbox prime AI?
Well, ultimately you can think of it as a tool that allows you to send email attacks or craft email attacks.
And it has, it's a very point in clicky.
So it has a very friendly user interface, very intuitive interface.
It pretty much looks like a legitimate marketing software.
But the kicker or the big selling point is that it is, it is ANABLE.
So it allows you to.
to customize the content of the email,
whether it's subjects, whether it's the content
of the messages themselves,
with AI, which makes
those emails look extremely
professional. It makes them look
obviously the polish, they do grammatically correct.
So everything that AI has to offer.
And on top of that,
it has a number of different
templates and parameters, so you can
adjust the tone, you can adjust the language,
you can adjust the industry, you can adjust
the theme. So it has pre-built
pre-built themes within a tool itself.
And most importantly, it also operates as pretty much as a legitimate user
or as if it was a legitimate user coming from a Google infrastructure.
So to send those email attacks out, it leverages the Google Gmail infrastructure
and the accounts that are Gmail accounts.
So ultimately, it's a mix of the legitimate infrastructure,
and AI content that is pre-generated
and this very intuitive interface
that makes pretty much crafting attacks
extremely easy.
Yeah, one of the striking aspects of this
is, as you say, it operates through Gmail's web interface.
Why is that such a meaningful design choice here?
Well, when you think of email security
or one of the ways
how different companies and organizations
try to combat the problem of email attacks is pretty much to ensure that those emails are not spoof
that they're coming from the sender who claim who actually said that is going to send that email
or from the person who is actually associated with the organization that they claim to be
associated with. So for that, we have pretty much three particular records. So SBF,
DECMD mark that allow you to pretty much verify that the email,
is coming from legitimate infrastructure,
from a specific organization,
from a specific sender.
So if you leverage Google,
if you leverage Google,
if you leverage trusted infrastructure such as Google,
those headers will, all those checks will pass.
And that's one of the ways
how vendors and security solutions
check for security of the incoming email.
So it's one way to kind of bypass
those very simple check.
Let's call it that way.
And then the other thing is that, obviously,
that creates a lot more trust
and a lot more legitimacy with the recipient.
Sending an email from Gmail account
is probably better than, hey, I want a pon-you.com account.
Well, let's talk about the AI component.
So what role does AI play in generating these phishing emails themselves?
Yeah, so ultimately what we have here is we pretty much,
have a pre-build, you can think of it, not even templates, but pre-built parameters that
AI takes and then craft specific emails based on your need. So if you want to, if you, if you,
if you want to send an email that is coming from an HR person, if you want to send an email
that is focused, focus to specific recipient who might be a payroll analyst because you're,
you want to attempt a payroll fraud.
You can specifically call out what type of email you want to create,
what tone of that email should be,
whether you're an expert, whether you're a beginner,
you can create urgency.
You can be very specific with your knees,
and ultimately what the AI component of it will create
that entire content of the email for you.
So pretty much within number of clicks,
you have an entire content of an email ready.
And also, there's an ability for you to templateize that.
So if you want to create different variants of that template,
if you want to create a different types of that email
because you want to send different recipients,
there's an ability for you to include certain parts of that email as a template,
and then AI will take care of the rest of the generation of that content
and really make sure that it's exactly fit to your needs
and what you wanted to be before that's being sent out.
So that entire concept of creating the content is A-generated,
and then the intuitive interface
and the GMO infrastructure that is responsible sending,
that's pretty much just the orchestration of that tool.
So does this make it much easier for the attackers
to create a high level of polish
compared to older fishing operations?
Oh, 100%.
I think one of the key indicators,
especially in the world of the business email compromise
back in a day,
was really looking for typos,
grammar errors,
or even things that just don't sound right.
Like, I'm not a native English speaker.
So when I speak,
you can probably pick up on little things
when I say that just don't sound right.
Like, an English speaker might not
say in a specific way, or the way I put words together, it just doesn't make sense.
So it's similar concept applies to those emails.
Back in a day, you would have some of those emails that would just not sound right, or they would
have some errors, they would have some mistakes.
This completely removes that layer of ability for users to spot, hey, there's something off
about this email.
But not only that, it creates the polish, it creates the professionalism, it creates the
it creates pretty much the perfect lure
for what the attackers are after
because you can really adjust that
hook, you can really adjust that email
to whatever your need is
and make AI do its magic
and really polish it in a way that
those emails are a lot more polished or more slick
and ultimately can gain a lot more trust
from the recipients.
I have to say that
inbox prime looks more like
a commercial SaaS product than a crime tool.
It does.
It's quite interesting how some of those tools really focus on the user experience.
But at the same time, when you think about it, it really lowers the bar of entry for anyone.
So the price point is not that scary.
You can get that pretty much for $4,000.
But also, back in a day, a lot of before the, before the, the, the,
age of AI, having the knowledge and the know-how to create the infrastructure, the underlying
infrastructure, both to be able to send the emails, to be able to orchestrate the framework
that would actually be able to send emails from different accounts through different servers,
and then having templates and content, and then having the lending infrastructure.
There's so many different components to successful phishing operation.
and that requires a certain amount of skill
or access in terms of you buying those tools from someone else.
And this is a perfect example of that bar being so low now
that you can literally be someone who has no idea how any of this works
and then open a tool, click a few buttons,
and pretty much you're able to deliver a fishing campaign
and attack most of organizations around the world.
We'll be right back.
Ever wished you could rebuild your network from scratch to make it more secure, scalable, and simple?
Meet Meter, the company reimagining enterprise networking from the ground up.
Meter builds full-stack zero-trust networks, including hardware, firmware, and software,
all designed to work seamlessly together.
The result?
Fast, reliable, and secure connectivity without the constant patching, vendor-juggling, or hidden
costs. From wired and wireless to routing, switching firewalls, DNS security, and VPN,
every layer is integrated and continuously protected in one unified platform. And since it's delivered
as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles.
Meter even buys back your old infrastructure to make switching effortless. Transform complexity into
simplicity and give your team time to focus on what really matters, helping your business and
customers thrive. Learn more and book your demo at meter.com slash cyberwire. That's M-E-T-E-R.com
slash cyberwire. If securing your network feels harder than it should be, you're not imagining
it. Modern businesses need strong protection, but they don't always have the time, staff, or
patients for complex setups.
That's where Nordlayer comes in.
Nordlayer is a toggle-ready network security platform built for businesses.
It brings VPN, access control, and threat protection together in one place.
No hardware, no complicated configuration.
You can deploy it in minutes and be up and running in less than 10.
It's built on zero-trust principles, so only the right people can get access to the right resources.
It works across all major platforms, scales easily as your teams grow,
and integrates with what you already use.
And now, Nordlayer goes even further
through its partnership with CrowdStrike,
combining Nordlayer's network security
with Falcon endpoint protection
for small and mid-sized businesses.
Enterprise-grade security made manageable.
Try Nordlayer risk-free
and get up to 22% off yearly plans,
plus an extra 10% with the code Cyberwire10.
Visit Nordlayer.com slash Cyberwire Daily
to learn more.
Can we touch on the scalability here?
I mean, this has bulk management tools and things like proxies and templates, as you mentioned.
This is designed to be able to fit the needs of a lot of different types of operators.
That is correct.
Well, one thing that is worth keeping in mind is that when you're a cybercriminal,
you want to obviously perform your operations, probably in a way that,
won't land you a nice place in jail somewhere.
So you want to make sure that your operational security is up to a certain standard.
And you want to make sure that you don't expose your real IP address, your real location.
So having those basic capabilities in place that allow you to proxy your access to certain GMO accounts
for additional hops and layers, that is one of those ways how you can obscure and hide yourself.
Not to mention that obviously you can run the.
that tool from some sort of VPS somewhere in the internet and probably sit behind some sort of
tour browser, etc., etc. So there's a number of ways where you already have a pre-built
capabilities in the tool itself that can allow you to obscure some of your origin and some
of the origin of your attacks. But also to your point, there's additional things in place that
allow you to also adjust the quality of your emails. So there's like a quality assurance capability
that pretty much looks at the message
and ensures that like, hey, this could actually be flagged
by a spam filter or this could actually be flagged
by potential security filter.
So let's adjust this wording.
Let's adjust this sentence.
Let's adjust this even more.
So it doesn't hit on those very obvious, obvious,
you know, static signatures that some of the email security vendors might have.
And that also allows with the scale.
And the not only the scale of the attack,
but also allowing you to adjust it specifically to your needs.
And I think I also mentioned that the final piece when it comes to the scale is the template variation.
So you can pretty much adjust to templates with specific tags and pretty much specified like, hey, within that tag,
here's a number of different variations I want to iterate on when you create the emails.
So each email kind of comes out with a custom take on it, custom twist on it.
And we already touched on the Gmail aspect of it as well.
So you can pretty much have pre-configure email addresses.
And that also allows for a scale because it doesn't come from one specific address.
It origin is from multiple different addresses.
So ultimately, you can send as many operations as you want.
And there will be as custom as you want them to be.
Now, one of the things you pointed out was a shift in their business model here,
that this was originally sold as a subscription service, but they made some changes.
What's going on there?
Yeah, so originally, like you mentioned, it was sold as a subscription.
So there was an ongoing monthly payment versus a one-off payment.
Also in subscription-based services, you usually don't get the actual.
access to the underlying code, and you only get access as a user to the platform or to the tool itself.
So obviously, it's, you know, we don't sit in the mind of the attacker, so we can only speculate
about what might be the reasons for that. But often what that might suggest is a certain
level of market maturity, where there's enough confidence in the market and in the followers
and in the customers that you ultimately,
you know, there's a certain level of your brand and your tool being established
that allows you to make that shift.
Also, another thing that, you know, might be a reason for that change
is pretty much, you know, democratizing that access and lowering that bar
and pretty much reaching other customers that were previously not available
because some of the, some of the contractors don't,
want to leverage tools that they don't control.
And by giving access to the source code, you pretty much allow them to control fully the
tool itself having insight into the code.
So there's a level of transparency to that.
And finally, there's also an ability for those for actors to then customize that code
even further.
So you can then take that to in whatever direction you would like and create new modules,
create new capabilities.
So ultimately that can also, one of the big reasons for that change.
might be to drive more revenue from the type of buyers
who would not be the typical buyers for the subscription kind models,
type of models.
Do you think that adding AI in this way
and increasing the sophistication of this tool,
has that changed the economics of running fishing campaigns?
What I would say is that we're in a very interesting,
We're at the very interesting tipping point, I think, when it comes to fishing and email tags,
because we've already seen a number of use cases with many different AI tools.
Like we've seen sudden, you know, dark LLMs and dark chatbots that were built specifically for cybercrime.
We've seen some use cases where you can hijack or manipulate the legitimate LLMs, the chat GPs,
the clause of this world, and pretty much tell them to give you or create you a phishing page
or create you a phishing email. And you can bypass those safeguards that those models have
already in place. We see ultimately what I'm trying to, what I'm kind of going on a little bit
of a tangent here is that we see attackers adopting AI and it should not come as a shock
to anyone who's been in security because attackers are extremely innovative. They're extremely
creative and they will leverage whatever the next best thing is that will help them monetize
on their campaigns. So I am not surprised that AI and the usage of AI is whether it's this tool
or whether it's other tools that the attackers are using is present and it's only going to get
worse from here because it creates so much more efficiency. It creates a much higher quality
and it just makes pretty much something that was previously
might have been separated between many different groups
or many different people within one team
that were operating under specific threat group,
you can pretty much perform a lot of actions
in conjunction with AI as a single individual today.
You can create tools, you can sell those tools.
AI allows you to monetize in a completely different way
that I don't think was previously available to a lot of people.
So right now, your imagination is really,
and your creativity is really your own limitation
because you have a companion that is pretty much going to do
whatever you're going to ask it to do
if you have a good understanding
what you're trying to create.
So to kind of answer, you know,
this was a long time,
but to ultimately answer your question,
I do think that like leveraging AI,
whether it's indisputable tool or in general by fair actors,
really enables them to monetize
and make attacks even more efficient.
It really strikes me that, you know,
for the past couple years,
we've been talking about how these tools would be coming.
You know, anyone needed to prepare and brace themselves
that these types of tools were inevitable.
And now we're at the next step
where these tools are readily available,
they're easily available, they're affordable,
and so that's the world we're in now.
Exactly.
And we're, you know, just wait for the next year,
RSA where we're going to see that every company
is selling some form of AI agent.
and usually that is just a certain level of abstraction
representation of where we are as an industry.
So we're inching towards more autonomous capabilities.
We still have an assisted co-pilot type of attack tools right now,
but we're inching towards the world where those workflows
will be fully automated, will be autonomous.
And that is going to be also an extremely interesting point
in that fishing evolution,
where we're going to start seeing attacks that might be fully automated,
that might be actually done through a fully automated workflow
and through AI agents or some flavor of AI agent implementation by the productors.
So that is also going to be extremely interesting to see.
So what are your recommendations then?
For folks who are tasked with defending their organizations,
what's the best way to defend yourself against these sorts of things?
Yeah, so honestly, like,
one of the things that
I've been thinking about
coming into this conversation, but also
being part of many different conversations, just seeing
some of the attack trends and
some of the changes in what attackers do.
I feel like we're really at the stage where
you cannot trust the email content or the email that you're
receiving.
And ultimately, what you can
and should trust and kind of
like where that shift should happen in your mental model is from not trusting the email
and then focusing and trusting on the verification process.
So really, really thinking of like, okay, what is the way in which I can verify that the
information presented to me is actually what its claim that is that I see in front of
myself, in front of me.
So when I think about, you know, business email compromise attacks, if some, if you're
talking to the same vendor every day.
And let's say the fraud actor takes over the account on the vendor behalf.
And then pretty much tells you, hey, I just changed my bank details.
Can you please update that in your system?
If you see that email and you just go and action that,
that is likely going to expose you to an attack at some point.
However, if your mind shifts from this, okay, I cannot trust the information.
that is in front of me, but I can trust the verification process.
That can be as easy as you're picking up the phone and calling you and I'm like,
hey, I just got this.
You know, what do you need me to update?
Or any form of, there's a process, there's a process component, there's a human component,
there's a technological component.
Like with every other problem, it's exactly the same.
So what defenders can do is they can focus on pretty much every aspect of those few components.
and that starts with process, that starts with people,
and obviously there's a technology that can also support you.
So I can speak to each and every one of those individually,
but that concept of not trusting the emails
and not trusting the email content
and really trusting the verification process
or allowing yourself to have process in place,
whether it's your training, your ability to look at the email
through the lens. I'm like, if this was the attack,
what should I look for?
do I have a technology that allows me to verify if this is an attack?
Do I have a process in place that allows me to verify that this is an attack?
That is something where we as organizations and as defenders can really focus our attention
and hopefully make ourselves and others more secure.
That's Piaad Voitya from Abnormal AI.
The research is titled Inbox Prime AI, new fishing kit fueling scalable AI-powered cybercrime.
We'll have a link in the show notes.
And that's Research Saturday, brought to you by N2K CyberWire.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to Cyberwire at n2K.com.
This episode was produced by Liz Stokes.
We're mixed by Elliot Peltzman and Trey Hester.
Our executive producer is Jennifer Eibon, Peter Kilpie is our publisher, and I'm Dave Bittner.
Thanks for listening. We'll see you back here next time.
If you only attend one cybersecurity conference this year, make it R-SAC 2026.
It's happening March 23rd through the 26th in San Francisco,
bringing together the global security community for four days of expert insights,
hands-on learning, and real innovation.
I'll say this plainly, I never miss this conference.
the ideas and conversations stay with me all year.
Join thousands of practitioners and leaders
tackling today's toughest challenges
and shaping what comes next.
Register today at rsacconference.com slash cyberwire 26.
I'll see you in San Francisco.