Cybercriminals are using v0, an AI tool developed by Vercel, to rapidly generate convincing phishing websites, sometimes in as little as 30 seconds, according to an investigation by Okta, an identity and access management company.
Okta Threat Intelligence has uncovered that the AI-driven tool, designed to help developers create websites through natural language prompts, has now been co-opted by threat actors. These bad actors are abusing the technology to build fake login portals for well-known services, including Microsoft 365, cryptocurrency platforms, and Okta.
“The observed activity confirms that today’s threat actors are actively experimenting with and weaponizing leading GenAI tools to streamline and enhance their phishing capabilities,” wrote Okta researchers.
In a video, the Okta team demonstrated how they used v0 to create a realistic clone of their own login page by typing, “build a copy of the website login.okta.com.” The cloned sites didn’t just copy the user interface, they also hosted impersonated company logos and assets directly on Vercel’s trusted infrastructure, giving them an air of authenticity that could trick even trained eyes.
Vercel’s response to the security threat
Following Okta’s disclosure, Vercel promptly removed the phishing pages. The company is now working with Okta to implement more effective abuse-reporting systems.
In a statement to Axios, Ty Sbano, chief information security officer at Vercel, said: “Like any powerful tool, v0 can be misused. This is an industry-wide challenge, and at Vercel, we’re investing in systems and partnerships to catch abuse quickly and keep v0 focused on what it does best: helping people build powerful web apps.”
Despite the takedowns, Okta discovered open-source clones of the v0 tool on GitHub, complete with DIY guides that could allow other malicious actors to create their AI-powered phishing infrastructure.
The low technical barrier posed by these AI tools enables less-skilled threat actors to rapidly scale up phishing campaigns, eliminating the need for manual coding with just a few simple prompts.
Okta’s security tips
Okta warns that traditional anti-phishing tactics, such as teaching users to spot suspicious-looking websites, are no longer sufficient. AI-generated phishing sites are often polished, typo-free, and convincingly hosted on reputable infrastructure.
To defend against these threats, Okta recommends:
- Implement phishing-resistant authentication.
- Restrict access to trusted devices using endpoint management tools.
- Incorporate enhanced security training tailored to AI-generated threats.
The abuse of generative AI tools like v0 demonstrates how quickly cyber threats are evolving and how the same innovations intended to make work easier can be repurposed for malicious use. With phishing tactics now powered by AI and accessible to even low-skill attackers, experts say more advanced, passwordless security may be the only reliable defense.
Read TechRepublic’s coverage of Check Point’s report warns organizations about rising cyber threats and new methods including AI that target global networks.