A new cybersecurity report has revealed that attackers are increasingly using artificial intelligence to scale and accelerate cyber campaigns, with many prioritising cost, efficiency and speed over quality.

Research by HP Wolf Security also found that despite being formulaic and often low-effort, these AI-assisted attacks are successfully bypassing enterprise security defenses.

The HP Wolf Security March Threat Insights Report analysed real-world cyberattacks and highlighted emerging techniques used by cybercriminals to evade detection and compromise PCs in the rapidly evolving cybercrime landscape.

Notable campaigns identified by HP Threat Researchers include, Vibe-Hacking Scripts Using Booking.com Redirects, where attackers are using AI to generate ready-made infection scripts – known as vibe-hacking – to automate malware delivery.

According to the report, in one campaign, a link within a fake invoice PDF triggers a silent download from a compromised site before redirecting victims to trusted platforms, like Booking.com.

Also identified is the Flat-Pack Malware Speeds Up Campaign Building, where threat actors are assembling attacks using inexpensive, off-the-shelf malware components, likely purchased from hacker forums.

The report stated that while lures and final payloads change, attackers are reusing the same intermediate scripts and installers – allowing them to quickly build, customize, and scale campaigns with minimal effort.

The new cybersecurity report further uncovered a campaign that distributed malware using search engine poisoning and malicious adverts that promote fake Microsoft Teams installer, using a technique known as a “piggyback” attack.

According to the report, attackers distribute the malware through search engine poisoning and malicious online advertisements that direct unsuspecting users to fake Microsoft Teams websites.

The reported noted that victims who download the installer unknowingly install a malicious bundle containing the Oyster Loader malware piggybacks.

The report explained that the malware secretly runs alongside the legitimate Teams installation process, allowing the real application to install normally while the infection runs unnoticed.

This, according to the report, enables attackers to gain backdoor access to the victim’s device without immediate detection.

Principal Threat Research, HP Security Lab, Alex Holland, said: “It’s the classic project management triangle – speed, quality and cost. You often sacrifice one of them. What we’re seeing is many attackers are optimizing for speed and cost, not quality. They are not using AI to raise the bar; they’re using it to move faster and reduce effort. The campaigns themselves are basic but the uncomfortable reality is they still work.”

By isolating threats that have evaded detection tools on PCs – but still allowing malware to detonate safely inside secure containers – HP Wolf Security has insight into the latest techniques used by cybercriminals.

To date, HP Wolf Security customers have clicked on over 60 billion email attachments, web pages, and downloaded files with no reported breaches.

The report, which examines data from October-December 2025, details how cybercriminals continue to diversify attack methods to bypass security tools with no reported breaches.

According to the report, at least 14 per cent of email threats identified by HP Sure Click bypassed one or more email gateway scanners.

Executable files were the most popular delivery type at 37 per cent followed by .zip at 11 per cent and .docx at 10 per cent.

Global Head of Security for Personal Systems at HP Inc., Dr Ian Pratt, stressed that AI-assisted attacks are shining a spotlight on the limitations of detection-led security.

Pratt explained that when attackers can generate and repackage malware in minutes, detection-based defences can’t keep up.

“Instead of trying to spot every variant, organisations need to reduce exposure. By containing high-risk activities – like opening untrusted attachments or clicking unknown links – within an isolated environment, businesses can stop threats before they cause damage and remove an entire class of risk,” Pratt said