'Organised crime operating like a tech startup': EvilToken PHaaS group ramp up AI-enabled attacks by 1,380% in 2026 (www.techradar.com)

A recent report by Huntress reveals a staggering 1,380% surge in AI-enabled phishing attacks by the organized crime group EvilTokens, highlighting the evolving landscape of phishing-as-a-service (PhaaS). This alarming increase, observed in early 2026 compared to the previous year, illustrates how cybercriminals are using artificial intelligence to enhance their attack strategies by enabling per-victim personalization and effectively bypassing multi-factor authentication (MFA). Membership tiers for these services are shockingly affordable, ranging from $600 to $1,500, effectively democratizing access to sophisticated phishing tools. The significance of this trend for the AI/ML community lies in the operational model adopted by these cybercriminals, resembling a tech startup, where scalability and personalized attacks are now achievable even by lower-tier threat actors. The report emphasizes that no two phishing lures are identical across hundreds of incidents, marking a departure from previous targeted campaigns that required meticulous crafting. By lowering the barrier to entry for effective phishing, EvilTokens not only amplifies the threat landscape but also signals a new era where AI is exploited to orchestrate highly effective cyberattacks. This development raises urgent concerns regarding cybersecurity preparedness and the need for robust defensive measures.