The other side of AI Agents: more patient and personalized scammers

📄Full Article· Automatically extracted by trafilaturaGemini 翻譯1233 words

AI models can do more than just write code, generate images, and answer questions; when used by malicious actors, they can act as scammers, using personalized phishing messages to gain your trust step by step. (Context: Anthropic triggers a Claude Code subscription cancellation wave, giving OpenAI Codex a massive marketing show) (Background: Bloomberg reports Claude Mythos has been accessed without authorization! The hardest breach to prevent at Anthropic is always "people") attack. This attack was tailor-made, precisely citing his writing direction, research interests, and the AI projects he follows, nearly causing him to click on a suspicious link. Wired reporter Will Knight personally experienced a social engineering attack orchestrated entirely by the open-source model DeepSeek-V3. Fortunately, this was not a real attack, but a simulation test tool developed by a startup called Charlemagne Labs, yet the capabilities it demonstrated are impossible to ignore. Five AI models, all tested for scams The tool developed by Charlemagne Labs allows different AI models to play the roles of "attacker" and "victim," engaging in a complete dialogue game. This setup allows for hundreds to thousands of tests to be run in a short time, systematically evaluating the capability boundaries of AI in social engineering attacks. In the test, Knight used five mainstream models: Anthropic's Claude 3 Haiku, OpenAI's GPT-4o, Nvidia's Nemotron, DeepSeek's V3, and Alibaba's Qwen. Each model was assigned to act as an attacker, designing personalized scam scripts for the target. The results were not uniform. Some models performed clumsily—responding chaotically, revealing flaws, or even refusing to continue playing the scammer midway through the test. But a few were alarming: DeepSeek-V3 performed exceptionally fluently in complete multi-turn dialogues, knowing when to provide details and when to maintain suspense, packaging phishing messages from "suspicious-looking cold messages" into "convincing collaboration invitations." The key lies in the degree of automation of the entire process. Knight even had OpenClaw automatically collect public information and contact details of potential targets, then handed them over to the attack model to generate personalized messages. From target screening to message generation, almost no human intervention is required. The "kill chain" of phishing attacks is becoming fully automated Traditional phishing attacks have a clear weakness: mass-produced messages are easily identified, while personalized attacks are time-consuming and labor-intensive. The emergence of AI is eliminating this contradiction. "90% of enterprise attacks start with human weakness," said Jeremy Philip Galen, co-founder of Charlemagne Labs and former social engineering prevention project manager at Meta. The observation from Rachel Tobac, CEO of social penetration testing company SocialProof, is more direct: "I don't think AI makes attacks more persuasive, but it allows one person to scale an attack by ten or a hundred times. The kill chain is being fully automated." The gap between this and traditional phishing attacks can be illustrated by numbers: the click-through rate of traditional mass phishing emails is about 12%, while highly personalized AI phishing attacks can reach 54%. The gap is not a small improvement, but a fundamental leap. The natural "sycophantic tendency" of AI models becomes a weapon for attacks here—it makes messages read enthusiastically, thoughtfully, and in line with expectations, making it harder for victims to detect anomalies.

Data Status✓ Full text extractedRead Original (動區 BlockTempo)

🔍Historical Similar Events· Keyword + Asset Matching6 items

2026-04-23

PrimePiper: A prime broker for AI agent trading, enabling AI agents to trade securely in global markets.

Similarity 120%關鍵字 agent同分類 zh

2026-04-23

Introduction to Claude Code's new feature /ultrareview: Cloud-based multi-agent deep code review, now free for a limited time for Pro and Max users

Similarity 120%關鍵字 agent同分類 zh

2026-04-23

Beating GPT-5.4 at 2 cents per query: Perplexity reveals post-training recipe for search agents

Similarity 120%關鍵字 agent同分類 zh

2026-04-23