AI Phishing-as-a-Service Surges 1,380% and New Defense Models Emerge

In This Article
Threat intelligence this week wasn’t about a single breach or a single malware family—it was about acceleration. Across June 21–28, 2026, multiple signals pointed to the same operational reality: AI is compressing the time between “new capability” and “mass exploitation,” while also reshaping how defenders build and deploy countermeasures.
On the offensive side, a Huntress-reported spike in phishing-as-a-service (PhaaS) activity tied to the EvilTokens group shows how cybercrime is productizing AI-enabled social engineering at scale—complete with subscription pricing, distribution via Telegram, and kits that can bypass multi-factor authentication (MFA) [1]. That’s not just a phishing story; it’s a supply-chain story for criminal capability, where “attack sophistication” becomes something you rent.
On the defensive side, China’s 360 Security Technology used ISC.AI 2026 to unveil “Yitian Tulong,” a pair of AI models aimed at automating vulnerability discovery and incident response—explicitly positioning one model as a domestic counterpart to Anthropic’s Mythos [2]. Meanwhile, broader reporting underscored that frontier AI models are increasingly relevant to both finding and exploiting vulnerabilities, and that deepfakes and chatbots are raising the ceiling on impersonation and authentication fraud [4].
Finally, the guilty pleas tied to the September 2024 Transport for London (TfL) cyber attack served as a reminder that “threat actor maturity” isn’t always correlated with age—and that high-impact disruption can come from young, highly capable operators associated with groups like Scattered Spider [3]. Taken together, this week’s intelligence points to a world where the fastest-moving variable is capability diffusion: who can get advanced tools, how quickly, and with what guardrails.
EvilTokens and the Startup-ization of AI Phishing Supply Chains
A key threat-intel datapoint this week came from Huntress reporting on EvilTokens, an AI-powered phishing-as-a-service (PhaaS) group whose activity surged by 1,380% between January and April 2026 compared to late 2025 [1]. The operational detail matters as much as the percentage: EvilTokens reportedly runs “like a tech startup,” selling AI-driven phishing kits via Telegram subscriptions priced between $600 and $1,500 [1]. That’s a mature commercialization model—one that lowers the barrier to entry for affiliates and buyers who may not have deep technical skills but can still execute high-impact campaigns.
The most consequential technical claim in the reporting is that these kits can bypass multi-factor authentication [1]. For defenders, that shifts the conversation from “train users not to click” to “assume credential theft plus session/MFA bypass is on the table.” In threat-intel terms, it’s a reminder that identity is the primary battleground—and that phishing kits are evolving from simple credential harvesters into end-to-end intrusion accelerators.
From an intelligence operations perspective, the Telegram subscription model also changes collection and disruption dynamics. When criminal tooling is packaged, priced, and distributed like software, defenders should expect faster iteration cycles, clearer “feature roadmaps,” and more consistent user support for attackers. That predictability can be exploited for detection and takedown strategies—but it also means defenders are facing an adversary ecosystem that can scale customer acquisition and “product-market fit.”
The broader implication: AI isn’t merely making phishing messages more convincing. It’s enabling a service economy where sophisticated attack flows become repeatable, purchasable, and continuously improved. That’s a structural shift in the threat landscape, and this week’s EvilTokens signal is a concrete example of how quickly that structure is maturing [1].
China’s “Yitian Tulong” Models: Automating Vulnerability Discovery and Response
On June 25, 2026, 360 Security Technology announced two AI models—Tulongfeng and Yitianzhen—under the collective name “Yitian Tulong,” positioned to automate vulnerability detection and incident response [2]. The announcement, made at the ISC.AI 2026 cybersecurity conference in Beijing, is notable not only for the capabilities claimed, but for the explicit framing: Tulongfeng was described as China’s counterpart to Anthropic’s advanced AI model Mythos [2]. That’s a strategic signal about parity ambitions in AI-driven cyber defense.
360 reported that Tulongfeng has identified more than 3,400 software vulnerabilities, with 105 acknowledged by the Chinese government [2]. Even without additional technical detail in the reporting, those numbers matter for threat intelligence because they suggest a pipeline: automated discovery feeding into coordinated acknowledgment and, presumably, remediation workflows. For defenders globally, the existence of large-scale automated vulnerability discovery increases the importance of patch velocity and asset inventory accuracy—because the window between “vulnerability exists” and “vulnerability is widely known/weaponized” continues to shrink.
This also intersects with the week’s broader AI competition narrative. Reporting on global AI “wars” highlighted concerns from the Five Eyes intelligence alliance about rapid frontier-model development worldwide, noting that while the U.S. leads with Anthropic’s Mythos, rivals are closing gaps with cost-effective innovation [5]. In that context, 360’s announcement reads as both a defensive product story and a geopolitical capability story: AI models are becoming national-scale instruments for cyber readiness.
For threat-intel teams, the practical takeaway is to treat AI-enabled vulnerability discovery as a baseline assumption. Whether used for defense or offense, automated discovery changes the tempo of exploitation. The organizations that win are the ones that can translate detection into action—faster than adversaries can translate discovery into intrusion.
The TfL Guilty Pleas: A Ground-Truth Reminder About Human Operators and Real-World Disruption
While AI dominated the week’s headlines, the guilty pleas connected to the September 2024 cyber attack on Transport for London (TfL) grounded the conversation in operational reality: cyber incidents are still executed by people, and the impacts are still measured in disrupted services and public harm.
According to ITPro, Thalha Jubair (20) and Owen Flowers (18) pleaded guilty under the UK Computer Misuse Act for their roles in the TfL attack, following what was described as a “lengthy, highly complex, and painstaking investigation” [3]. The reporting ties them to the Scattered Spider cybercrime group and notes the attack caused extensive disruption affecting approximately 10 million people and resulting in millions in damages [3]. Specific impacts included disruption to critical TfL services such as the Oyster refund and photocard systems [3].
For threat intelligence, this matters in three ways. First, it reinforces that “youth” is not a mitigating factor in capability; young, tech-savvy actors can participate in high-impact operations [3]. Second, it highlights the investigative burden: complex cases can take significant time and effort to unwind, which affects deterrence timelines and the speed at which lessons learned can be operationalized across sectors. Third, it underscores that critical services—especially those with high public dependency—remain attractive targets because disruption itself is leverage.
This case also complements the week’s PhaaS story: when sophisticated tooling is available as a service, the pool of potential operators expands. Even when AI is not the headline, the ecosystem that enables attacks—tools, communities, and repeatable playbooks—continues to professionalize. The TfL outcome is a reminder that attribution and accountability are possible, but they are resource-intensive—and they arrive after the damage is done [3].
Analysis & Implications: Threat Intelligence in an AI-Accelerated, Globally Competitive Era
This week’s signals converge on a single threat-intel theme: AI is compressing the cyber lifecycle—reconnaissance, exploitation, and response—while global competition is increasing the number of actors capable of operating at speed.
On the attacker side, EvilTokens illustrates how AI-enabled phishing is being packaged into a scalable commercial offering, with subscription pricing and distribution channels that resemble legitimate SaaS go-to-market mechanics [1]. The reported ability to bypass MFA is especially important because it challenges a common enterprise assumption: that MFA is a reliable backstop against credential theft [1]. Threat intelligence programs should treat this as a prompt to re-evaluate identity threat models, focusing on end-to-end session integrity and the full authentication journey rather than a single control.
On the defender side, 360’s “Yitian Tulong” announcement shows that AI is also being operationalized to automate vulnerability detection and incident response, with reported results in the thousands of vulnerabilities found and a subset acknowledged by government [2]. That aligns with broader warnings that AI is raising cyber threats by accelerating the speed and scale of attacks, shrinking response windows from months to hours, and enabling more convincing impersonation via chatbots and deepfakes [4]. In other words, AI is simultaneously increasing the volume of “things to fix” and decreasing the time available to fix them.
Layered on top is the geopolitical dimension. Axios reported that the Five Eyes intelligence alliance is concerned about the rapid global development of frontier AI models, noting that while the U.S. leads with Anthropic’s Mythos, rivals are closing the gap and Europe is advancing with initiatives like Italy’s Domyn announcing an open-source model supporting all 24 EU languages [5]. For threat intelligence, this matters because capability diffusion is not confined to criminal markets; it’s also shaped by national and regional AI ecosystems. As more advanced models proliferate, both defensive and offensive cyber capabilities can scale across more organizations and jurisdictions.
Finally, the TfL guilty pleas are a reminder that even in an AI-saturated narrative, the operational center of gravity remains human: planning, access, execution, and monetization are still driven by people and groups, and the societal impact is tangible [3]. The strategic implication for security leaders is to invest in intelligence that connects tooling trends (like PhaaS) to actor behavior (like Scattered Spider-linked operations) and to business impact (service disruption, fraud, and recovery cost). This week’s lesson is not “AI changes everything,” but “AI changes the speed at which everything changes.”
Conclusion: The New Baseline Is Speed—and the Fight Is Over Capability Diffusion
June 21–28, 2026 reinforced that threat intelligence can’t be a quarterly exercise when adversaries are iterating like product teams. EvilTokens’ reported 1,380% surge in AI-enabled PhaaS activity and its subscription-based kit economy show how quickly sophisticated attack paths can be commoditized and scaled [1]. At the same time, 360’s unveiling of “Yitian Tulong” highlights that defenders—backed by national and commercial incentives—are also racing to automate vulnerability discovery and incident response [2].
The uncomfortable truth is that both sides are becoming more automated, and the advantage increasingly goes to whoever can operationalize faster: detect earlier, patch sooner, respond quicker, and learn continuously. Meanwhile, the TfL case reminds us that the end result of these trends is not abstract—it’s millions in damages and disruption affecting millions of people [3].
For security teams, the takeaway is to treat AI as a tempo multiplier. Threat intelligence should prioritize signals that indicate scaling mechanisms (PhaaS subscriptions, automation claims, vulnerability discovery pipelines) and map them directly to controls that reduce blast radius when—not if—identity and social engineering defenses are tested. This week wasn’t just about new tools; it was about a new pace.
References
[1] Organised crime operating like a tech startup': EvilToken PHaaS group ramp up AI-enabled attacks by 1,380% in 2026 — TechRadar, June 24, 2026, https://www.techradar.com/pro/security/organised-crime-operating-like-a-tech-startup-eviltoken-phaas-group-ramp-up-ai-enabled-attacks-by-1-380-percent-in-2026?utm_source=openai
[2] Chinese cybersecurity company 360 unveils "China's version of Mythos", and Yitianzhen, to automate cyber defense — TechRadar, June 25, 2026, https://www.techradar.com/pro/security/chinese-cybersecurity-company-360-unveils-chinas-version-of-mythos-and-yitianzhen-to-automate-cyber-defense?utm_source=openai
[3] Duo accused of role in TfL cyber attack plead guilty after 'lengthy, highly complex, and painstaking investigation' — ITPro, June 24, 2026, https://www.itpro.com/security/cyber-attacks/duo-accused-of-role-in-tfl-cyber-attack-plead-guilty-after-lengthy-highly-complex-and-painstaking-investigation?utm_source=openai
[4] Artificial Intelligence is Raising Cyber Threats — The Kiplinger Letter, June 26, 2026, https://www.kiplinger.com/business/artificial-intelligence-cyber-threats-attacks?utm_source=openai
[5] Behind the Curtain: Global AI wars — Axios, June 24, 2026, https://www.axios.com/2026/06/24/ai-security-america-china-mythos-deepseek?utm_source=openai