CyberWire Daily: The Phishing Kit that Thinks Like a Human

Research Saturday
Date: February 7, 2026
Host: Dave Bittner (N2K Networks)
Guest: Piat Vojtya (Head of Threat Intelligence and Platform, Abnormal AI)
Episode Focus: In-depth analysis of "Inbox Prime AI"—an AI-powered phishing kit changing the landscape of cybercrime with scalable, personalized, and highly polished phishing attacks.

Episode Overview

This episode explores the emergence of Inbox Prime AI, a new phishing kit designed to mimic human-like email attacks at scale using artificial intelligence. The discussion centers on how this tool leverages trusted infrastructure (Gmail), creates highly personalized phishing content, lowers the bar for cybercriminals, and pushes defenders to rethink their approach to email security.

Key Discussion Points and Insights

1. The Discovery of Inbox Prime AI

[01:52] Context: Researchers noticed a surge in attacks leveraging Gmail accounts and polished AI-generated content.
- Quote: "We've been seeing a number of attacks that was leveraging accounts... from Gmail accounts for legitimate infrastructure and had a very nice and polished AI generated content."
  — Piat Vojtya ([01:52])
The research stems from continued monitoring of attacker behaviors and the discovery of a dedicated tool supporting such attacks.

2. What is Inbox Prime AI?

[02:56] Allows users to craft sophisticated phishing emails using a user-friendly, SaaS-like interface.
Operates much like legitimate marketing software but is tailored for phishing, with "point-and-click" capabilities.
Key features:
- AI-generated, highly customized content (tone, language, themes, industry focus).
- Polished, grammatically correct, professional output.
- Ability to mimic legitimate users by leveraging Gmail infrastructure for sending emails.
  - Quote: "It pretty much looks like a legitimate marketing software. But the kicker or the big selling point is that it is AI enabled." — Piat Vojtya ([02:56])

3. Why Using Gmail Matters

[04:43] Attackers exploit trust in Gmail’s infrastructure.
- Bypasses common email security checks (SPF, DKIM, DMARC).
- Increases credibility and likelihood of bypassing security tools and recipient suspicion.
- Quote: "If you leverage Google... all those checks will pass. And that's one of the ways how vendors and security solutions check for security of the incoming email." — Piat Vojtya ([04:43])

4. The Role of AI in Email Generation

[06:18] AI allows for quick, highly specific email crafting tailored to attack scenarios, such as targeting HR or payroll.
Facilitates template variation and rapid scaling of campaigns with different, personalized messages.
- Quote: "Within number of clicks you have an entire content of an email ready... AI will take care of the rest of the generation of that content." — Piat Vojtya ([06:18])

5. Lowering the Bar for Cybercriminals

[08:15] The AI-generated emails eliminate tell-tale signs like poor grammar or unnatural phrasing, making even novice attackers capable of producing professional phishing campaigns.
- Quote: "This completely removes that layer of ability for users to spot, hey, there's something off about this email." — Piat Vojtya ([08:15])
At ~$1000 per copy, the kit is accessible and user-friendly, moving phishing from a skill-based activity to a commodity.

6. Scalability and Operational Security

[14:20] Built-in tools for proxying, bulk management, and template variation allow large-scale and diverse campaigns.
Provides features to help attackers avoid detection and increase operational security—e.g., quality assurance to bypass spam filters, diversification of sender addresses.
- Quote: "You can specify... different variations I want you to iterate on when you create the emails. So each email kind of comes out with a custom take on it..." — Piat Vojtya ([14:20])

7. Evolution of the Business Model

[16:59] Shift from subscription-based to one-time purchase model, with access to source code for buyers.
- Signals market maturity and increased customer trust/desire for code control.
- Allows more customizability and broader adoption among less experienced attackers.
- Quote: "By giving access to the source code, you pretty much allow them to control fully the tool itself..." — Piat Vojtya ([17:11])

8. The Broader Impact of AI on Phishing Economics

[19:07] AI dramatically increases attack efficiency and quality, compresses time and resources needed for campaigns, and democratizes sophisticated attacks.
- Quote: "This AI allows you to monetize in a completely different way that I don't think was previously available to a lot of people." — Piat Vojtya ([19:22])
Attackers no longer need to form teams with specialized skills—AI can handle most stages, from content to infrastructure.

9. The Rushing Tide of Automation

[22:06] The industry is witnessing the transition from "copilot"-style AI attack tools toward fully autonomous agents.
- Future phishing kits may require minimal human input, further increasing scale and sophistication.
- Quote: "We're inching towards the world where those workflows will be fully automated, will be autonomous... that's going to be also an extremely interesting point in that phishing evolution..." — Piat Vojtya ([22:06])

10. Defensive Recommendations

[23:12] Traditional reliance on email scrutiny is no longer sufficient.
Defenders need to shift trust away from email content and strengthen verification processes:
- Don’t trust, verify: Always confirm sensitive requests (e.g., payment changes) via separate channels (calls, other validations).
- Combine process, people, and technology for layered defense: train staff, develop robust procedures, and use advanced technical controls.
  - Quote: "You cannot trust the email content or the email that you're receiving, and ultimately what you can and should trust... is the verification process." — Piat Vojtya ([23:19])

Notable Quotes

| Timestamp | Speaker | Quote | |-----------|--------------|--------------------------------------------------------------------------------------------------------| | 01:52 | Piat Vojtya | "We've been seeing a number of attacks... from Gmail... with very nice and polished AI generated content." | | 02:56 | Piat Vojtya | "It pretty much looks like a legitimate marketing software. But... it is AI enabled." | | 04:43 | Piat Vojtya | "If you leverage Google... all those checks will pass." | | 08:15 | Piat Vojtya | "This completely removes that layer of ability for users to spot... there's something off about this email."| | 14:20 | Piat Vojtya | "Each email comes out with a custom take on it, custom twist on it." | | 19:22 | Piat Vojtya | "This AI allows you to monetize in a completely different way that... was previously [not] available." | | 22:06 | Piat Vojtya | "We're inching towards the world where... workflows will be fully automated, will be autonomous." | | 23:19 | Piat Vojtya | "You cannot trust the email content... what you can and should trust... is the verification process." |

Key Timestamps

01:52 – Discovery of new, AI-powered phishing attacks via Gmail
02:56 – Overview and features of Inbox Prime AI
04:43 – Why using Gmail infrastructure increases success
06:18 – How AI personalizes and polishes phishing content
08:15 – Ease-of-use: lowering the skills barrier for attackers
14:20 – Scalability, proxy/bulk tools, and operational security
16:59 – Shifts in kit distribution/model and implications
19:07 – The impact of AI on phishing-as-a-business
22:06 – Automation and the future of attack workflows
23:12 – Defensive strategies and mental model shift for security teams

Memorable Moments

Podcast host Dave Bittner remarks:
- "Inbox prime looks more like a commercial SaaS product than a crime tool." ([09:37])
Piat highlights the tool’s democratizing impact, where anyone, regardless of technical skill, can launch sophisticated attacks with ease ([09:45]).
Discussion anticipates the future where cybercrime tools could become entirely autonomous, mirroring AI trends in the defensive side of the industry.

Defensive Takeaway:

Organizations must move from trusting email content to trusting robust verification processes—implementing practical, human, and technological checks to counter increasingly convincing phishing attacks. Continuous training and layered defenses are now essential, as the bar for launching sophisticated attacks is lower than ever.

Further Reading:
Research article: "Inbox Prime AI—New Phishing Kit Fueling Scalable AI Powered Cybercrime" (Link in episode show notes)

CyberWire Daily: The Phishing Kit that Thinks Like a Human

Episode Overview

Key Discussion Points and Insights

1. The Discovery of Inbox Prime AI

[01:52] Context: Researchers noticed a surge in attacks leveraging Gmail accounts and polished AI-generated content.
- Quote: "We've been seeing a number of attacks that was leveraging accounts... from Gmail accounts for legitimate infrastructure and had a very nice and polished AI generated content."
  — Piat Vojtya ([01:52])
The research stems from continued monitoring of attacker behaviors and the discovery of a dedicated tool supporting such attacks.

2. What is Inbox Prime AI?

[02:56] Allows users to craft sophisticated phishing emails using a user-friendly, SaaS-like interface.
Operates much like legitimate marketing software but is tailored for phishing, with "point-and-click" capabilities.
Key features:
- AI-generated, highly customized content (tone, language, themes, industry focus).
- Polished, grammatically correct, professional output.
- Ability to mimic legitimate users by leveraging Gmail infrastructure for sending emails.
  - Quote: "It pretty much looks like a legitimate marketing software. But the kicker or the big selling point is that it is AI enabled." — Piat Vojtya ([02:56])

3. Why Using Gmail Matters

[04:43] Attackers exploit trust in Gmail’s infrastructure.
- Bypasses common email security checks (SPF, DKIM, DMARC).
- Increases credibility and likelihood of bypassing security tools and recipient suspicion.
- Quote: "If you leverage Google... all those checks will pass. And that's one of the ways how vendors and security solutions check for security of the incoming email." — Piat Vojtya ([04:43])

4. The Role of AI in Email Generation

[06:18] AI allows for quick, highly specific email crafting tailored to attack scenarios, such as targeting HR or payroll.
Facilitates template variation and rapid scaling of campaigns with different, personalized messages.
- Quote: "Within number of clicks you have an entire content of an email ready... AI will take care of the rest of the generation of that content." — Piat Vojtya ([06:18])

5. Lowering the Bar for Cybercriminals

[08:15] The AI-generated emails eliminate tell-tale signs like poor grammar or unnatural phrasing, making even novice attackers capable of producing professional phishing campaigns.
- Quote: "This completely removes that layer of ability for users to spot, hey, there's something off about this email." — Piat Vojtya ([08:15])
At ~$1000 per copy, the kit is accessible and user-friendly, moving phishing from a skill-based activity to a commodity.

6. Scalability and Operational Security

[14:20] Built-in tools for proxying, bulk management, and template variation allow large-scale and diverse campaigns.
Provides features to help attackers avoid detection and increase operational security—e.g., quality assurance to bypass spam filters, diversification of sender addresses.
- Quote: "You can specify... different variations I want you to iterate on when you create the emails. So each email kind of comes out with a custom take on it..." — Piat Vojtya ([14:20])

7. Evolution of the Business Model

[16:59] Shift from subscription-based to one-time purchase model, with access to source code for buyers.
- Signals market maturity and increased customer trust/desire for code control.
- Allows more customizability and broader adoption among less experienced attackers.
- Quote: "By giving access to the source code, you pretty much allow them to control fully the tool itself..." — Piat Vojtya ([17:11])

8. The Broader Impact of AI on Phishing Economics

[19:07] AI dramatically increases attack efficiency and quality, compresses time and resources needed for campaigns, and democratizes sophisticated attacks.
- Quote: "This AI allows you to monetize in a completely different way that I don't think was previously available to a lot of people." — Piat Vojtya ([19:22])
Attackers no longer need to form teams with specialized skills—AI can handle most stages, from content to infrastructure.

9. The Rushing Tide of Automation

[22:06] The industry is witnessing the transition from "copilot"-style AI attack tools toward fully autonomous agents.
- Future phishing kits may require minimal human input, further increasing scale and sophistication.
- Quote: "We're inching towards the world where those workflows will be fully automated, will be autonomous... that's going to be also an extremely interesting point in that phishing evolution..." — Piat Vojtya ([22:06])

10. Defensive Recommendations

[23:12] Traditional reliance on email scrutiny is no longer sufficient.
Defenders need to shift trust away from email content and strengthen verification processes:
- Don’t trust, verify: Always confirm sensitive requests (e.g., payment changes) via separate channels (calls, other validations).
- Combine process, people, and technology for layered defense: train staff, develop robust procedures, and use advanced technical controls.
  - Quote: "You cannot trust the email content or the email that you're receiving, and ultimately what you can and should trust... is the verification process." — Piat Vojtya ([23:19])

Notable Quotes

Key Timestamps

01:52 – Discovery of new, AI-powered phishing attacks via Gmail
02:56 – Overview and features of Inbox Prime AI
04:43 – Why using Gmail infrastructure increases success
06:18 – How AI personalizes and polishes phishing content
08:15 – Ease-of-use: lowering the skills barrier for attackers
14:20 – Scalability, proxy/bulk tools, and operational security
16:59 – Shifts in kit distribution/model and implications
19:07 – The impact of AI on phishing-as-a-business
22:06 – Automation and the future of attack workflows
23:12 – Defensive strategies and mental model shift for security teams

Memorable Moments

Podcast host Dave Bittner remarks:
- "Inbox prime looks more like a commercial SaaS product than a crime tool." ([09:37])
Piat highlights the tool’s democratizing impact, where anyone, regardless of technical skill, can launch sophisticated attacks with ease ([09:45]).
Discussion anticipates the future where cybercrime tools could become entirely autonomous, mirroring AI trends in the defensive side of the industry.

Defensive Takeaway:

Further Reading:
Research article: "Inbox Prime AI—New Phishing Kit Fueling Scalable AI Powered Cybercrime" (Link in episode show notes)

wavePod

The phishing kit that thinks like a human. [Research Saturday]

Summary

CyberWire Daily: The Phishing Kit that Thinks Like a Human

Episode Overview

Key Discussion Points and Insights

1. The Discovery of Inbox Prime AI

2. What is Inbox Prime AI?

3. Why Using Gmail Matters

4. The Role of AI in Email Generation

5. Lowering the Bar for Cybercriminals

6. Scalability and Operational Security

7. Evolution of the Business Model

8. The Broader Impact of AI on Phishing Economics

9. The Rushing Tide of Automation

10. Defensive Recommendations

Notable Quotes

Key Timestamps

Memorable Moments

Defensive Takeaway:

Summary

CyberWire Daily: The Phishing Kit that Thinks Like a Human

Episode Overview

Key Discussion Points and Insights

1. The Discovery of Inbox Prime AI

2. What is Inbox Prime AI?

3. Why Using Gmail Matters

4. The Role of AI in Email Generation

5. Lowering the Bar for Cybercriminals

6. Scalability and Operational Security

7. Evolution of the Business Model

8. The Broader Impact of AI on Phishing Economics

9. The Rushing Tide of Automation

10. Defensive Recommendations

Notable Quotes

Key Timestamps

Memorable Moments

Defensive Takeaway: