Researchers Spot Uptick in Use of Vercel for Phishing Campaigns
Researchers Spot Uptick in Use of Vercel for Phishing Campaigns
https://www.infosecurity-magazine.com/news/researchers-spot-uptick-vercel/
Publish Date: 2026-05-07 04:30:00
Source Domain: www.infosecurity-magazine.com
Low-skilled threat actors are abusing legitimate generative AI (Gen AI) platforms in growing numbers to create highly convincing phishing campaigns, Cofense has warned.
The security vendor said that it has observed a number of campaigns based around v0[.]dev, a powerful GenAI tool provided by web application development specialist Vercel.
“This AI tool is the driving force behind the malicious sign-in pages created by attackers. With just a few text prompts v0[.]dev can create a fully functioning malicious site that completely resembles real-life brands,” it explained in an article published on 6 May.
“Although Vercel has created a genuinely useful and innovative platform, threat actors are taking advantage of the platform and are abusing it for malicious gain.”
Read more on Vercel: Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool
There are several reasons why “minimally skilled” threat actors are turning to platforms like Vercel, according to the report.
The most obvious is that they’re remarkably simple to use. Users can apparently test Vercel’s various Gen AI models for free, before purchasing “tokens” to actually build their phishing pages.
Cofense said the Vercel’s pro tier offers most features for a minimum cost of $20 per month.
Vercel also provides hosting so threat actors don’t have to pay for their own phishing infrastructure, and if a site gets taken down it’s easy to start again.
“The Gen AI model adapts with the user’s input, creating better web pages with each attempt. With everything in Vercel being hosted in the cloud, creating and tearing down content is much easier,” Cofense claimed.
“Vercel’s Gen AI combines all of the components of a phishing kit purchased on the dark web into a simple interface requiring just a few natural language text prompts which can be done by just one minimally skilled threat actor.”
Integration with Telegram, AWS, Stripe and…
