“Everybody wants to try the newest AI tool, it’s human nature. Microsoft’s Threat Intelligence research shows how that curiosity is being used as a lure for phishing attacks. Attackers are taking very well known and trusted AI names and wrapping above average tricks around the lures to disguise their criminal activity. The attackers, code named Storm 3075 by Microsoft, are conducting phishing attacks for credential theft, payment fraud, malvertising, and malware delivery. Victims who might normally pause before clicking are being pulled by human curiosity and fake urgency. They want access to the latest AI tool, maintain their current subscription, access the newest AI model, or the cool capability, and that excitement can cause them to act too quickly instead of thinking first. Microsoft is not saying ChatGPT, Claude, DeepSeek, or Copilot were compromised, but that their brands are being abused.” — John Bruggeman, vCISO at CBTS
Microsoft threat intelligence: Storm 3075 and AI-branded lures
Microsoft Security’s threat intelligence, as described by John Bruggeman of CBTS, shows attackers exploiting the global interest in AI as a social engineering vector. Microsoft has identified the actors as code named Storm 3075 and tied their campaigns to credential theft, payment fraud, malvertising, and malware delivery. Crucially, Microsoft is not asserting that products were compromised; rather, Bruggeman relays that “their brands are being abused.”
DeepSeek V4 preview: a fake GitHub organization and convincing artifacts
Bruggeman singled out a campaign that followed DeepSeek’s preview of its V4 model. “Within hours of DeepSeek previewing their latest version, V4, attackers created a fake GitHub organization and repository. They copied real branding and benchmark data, added AI and SEO-search-friendly content, and pushed malicious archives that looked like installers,” he explains. The malicious repository appeared in GitHub and in search results on Google, Bing, or AI-assisted search tools — a presence that, Bruggeman notes, “added legitimacy to the malware.”
Brands in play: ChatGPT, Claude, DeepSeek and Copilot
Microsoft’s analysis highlights multiple well-known AI brands appearing in malicious campaigns. Campaigns identified include those leveraging the brands of ChatGPT, Claude and DeepSeek. The pattern is not sophisticated novel code in every case, but timing, packaging and the use of trusted names to trigger curiosity and urgency.
CBTS guidance: governance, blocks, monitoring, and targeted training
Bruggeman offers concrete defensive steps grounded in the specific tactics observed. He recommends that organizations publish “a clear list of approved tools,” and block “obvious lookalike domains and very recently registered domains” to blunt the effectiveness of fake sites and repositories. He also urges monitoring of “suspicious downloads and sign-ins,” and training employees specifically on “AI-themed lures,” warning that “generic phishing examples from five years ago are going to cut it today.” In his view, the companies that have a handle on AI governance—defined as policies and procedures—will “make safe AI use easy, risky AI use visible, and malicious activity hard to ignore.”
What this means for technologists, procurement leaders, and end users
- Technologists and security teams: Expect to hunt for lookalike domains and newly created repositories in response to model previews and marketing pushes, and to monitor downloads and sign-ins tied to AI-brand search traffic.
- Affected enterprises and procurement leaders: Formalize a clear list of approved AI tools and fold domain-blocking and approval workflows into procurement and rollout processes so that employee curiosity does not outpace governance.
- End users and the general public: Be alert to AI-branded lures that rely on excitement and perceived urgency; the observed campaigns trade on curiosity for the “latest model” or “maintain their current subscription,” and these emotional hooks can override normal caution.
Microsoft’s research and Bruggeman’s field observations converge on a basic but consequential point: the promise of AI is now a social-engineering tool in its own right. The defense prescription is similarly straightforward—clear governance, proactive blocking, focused monitoring, and fresh, targeted training—because, as Bruggeman warns, “the threat landscape continues to evolve, our defenses have to evolve too.”
