Attackers Didn’t Wait for AI. They Built Workflows Around It.

Huntress reports that adversaries are integrating into AI workflows and search results—using SEO poisoning, fake AI tools, malvertising, and productized phishing platforms (like EvilTokens) to distribute credential-stealing malware and session token theft at scale. These operations generate tailored lures and on-demand infrastructure (e.g., via Railway), enabling rapid, stealthy compromises that blend into normal user activity and bypass typical defenses.