Security firms reported the commercial availability of InboxPrime AI, an off‑the‑shelf, AI‑driven phishing toolkit that automates personalised, filter‑evasive campaigns. Analysts warn the kit lowers the skill needed for large‑scale credential harvesting and enables hybrid social‑engineering attacks.

Abnormal AI and industry reporting highlighted a growing market for AI‑powered phishing toolkits exemplified by InboxPrime AI, which packages generative message creation, delivery diagnostics, and evasion capabilities into a turnkey product for attackers. The toolkit can generate highly personalised emails at scale, test and tune content to maximize inbox delivery, and automate follow‑up sequences that combine spear‑phishing, vishing, and SSO‑targeting techniques. Researchers warn that these commodified tools lower the barrier to entry for criminal groups and enable rapid escalation of hybrid social‑engineering campaigns that bypass legacy email defenses. Combined with stolen credentials and sophisticated lures, such kits dramatically increase the attack surface for corporate SSO, BEC, and credential‑harvesting operations. Security analysts recommend deploying advanced email authentication and filtering, multifactor authentication, heuristic detection of unusual session behavior, and employee training focused on multi‑channel social‑engineering threats to mitigate risk from AI‑driven phishing toolkits.