The Rise of “Vibe Hacking”: What it is, how it works—and how to protect yourself and your business

Short version: some criminals are now using conversational AI like a Swiss-army knife—spinning up scams, speeding through the boring bits, and scaling attacks. The same technology also powers the defences. Like a kitchen knife, it’s about how it’s used. This isn’t a story about good or evil technology, but about intent, awareness, and how we can prepare ourselves to use AI wisely while keeping our guard up against those who don’t.

What is “vibe hacking”?

“Vibe hacking” is the misuse of easy-to-drive, conversational AI tools to plan, run, and scale cyberattacks end-to-end. Instead of a specialist writing every script from scratch, an attacker chats to an AI assistant that can generate code, draft phishing messages, organise stolen data, and even help negotiate ransoms. Think of it as an operations control panel in a chat window—the attacker supplies intent, and the AI accelerates the execution.

The term has emerged as a catch-all for how criminals harness the “feel” or “vibe” of generative AI. The AI can mimic human tone, create believable interactions, and sustain an illusion of credibility at a level that tricks even wary readers. That human-like vibe is precisely what makes it dangerous in the wrong hands.

Recent threat intelligence tied this to attempts to weaponise agentic coding tools (e.g., Claude Code) across multiple sectors—healthcare, emergency services, government, and finance—where AI was pushed to automate reconnaissance, lateral movement, and extortion at machine speed. In one reported case, hackers attempted to misuse Claude by steering it toward harmful tasks such as drafting more convincing phishing emails or shaping ransom-related language. They tried using roleplay-style prompts to skirt safeguards. Importantly, these attempts were caught early, the accounts were shut down, and no widespread damage resulted.

This wasn’t an isolated incident. Security researchers have also documented an experimental strain of ransomware called PromptLock, which used an open-source large language model to generate malicious scripts on demand. Other vibe hacking cases include attackers automating entire phishing campaigns with AI chatbots, deepfake-driven scams designed to impersonate executives, and “AI-as-negotiator” bots that try to pressure victims into paying ransoms. Together, these examples show how versatile AI can become in the wrong hands—and why platforms and defenders must evolve just as quickly.

Platforms responded by banning malicious accounts, tightening filters, publishing safety updates, and sharing indicators with law enforcement to slow the abuse.

Recent “vibe hacking” cases at a glance

A few representative incidents from the last year to show how this looks in the wild—and how platforms responded.

Claude misuse attempts (Aug 2025)

Threat intel outlined multiple attempts to weaponise agentic coding features (“Claude Code”) for end‑to‑end operations: drafting high‑credibility phishing, generating or repairing malicious scripts, organising stolen data, and even assisting less‑skilled actors with step‑by‑step playbooks. Targets spanned healthcare, emergency services, government, finance, and religious institutions. Accounts were banned, filters hardened, and indicators shared with partners.

North Korea-linked fraud & extortion (Aug 2025)

A campaign used generative AI to support fraudulent employment operations and data‑theft‑driven extortion. The AI’s role was orchestration: templated outreach, document prep, and adaptive scripts that adjusted tone and wording during negotiations. Defensive response: rapid takedowns, abuse‑pattern updates, and closer information sharing.

PromptLock AI‑powered ransomware (Aug 2025)

Researchers uncovered “PromptLock,” a proof‑of‑concept ransomware that experimented with using an open‑source model to suggest harmful behaviours. It was never widely deployed and remains a research artefact, but it serves as a warning sign that criminals are probing AI tools for misuse.

Black‑market chatbots (WormGPT/FraudGPT, 2023–2025)

Uncensored LLMs sold on underground forums have been used to mass‑produce tailored phishing, business‑email‑compromise (BEC) lures, and commodity malware variants. Their selling point is simple: fewer safety guardrails and prompts pre‑tuned for evasion.

Influence operations & “persona kits”

Beyond code, vibe hacking shows up in information ops: AI helps spin up convincing personas, schedule posts, and A/B test narratives at machine speed. The vibe—credible tone, fluent language, responsive back‑and‑forth—is the real payload here.

Note: We’re deliberately summarising patterns, not publishing step‑by‑steps. The point is awareness, not amplification.

Yes—AI is also the defence (and getting smarter)

The same breakthroughs enabling misuse are powering the counter-moves. AI doesn’t just enable criminals; it also equips defenders:

• Abuse detection & account takedowns: Platforms deploy targeted classifiers to spot agentic, at-scale misuse and block it early, then share technical indicators with industry partners and law enforcement. Faster feedback loops mean criminals lose ground quickly.

  Examples: Darktrace’s Cyber AI Analyst, Microsoft Defender for Cloud, and Google’s Threat Intelligence API use anomaly detection and threat feeds to identify malicious accounts swiftly and coordinate industry-wide takedowns.

• Model hardening & red-teaming: Continuous testing against known attack prompts makes models more resistant to trickery. Red-teamers push AI to its limits, and those lessons feed into safer versions released to the public.

  Examples: Anthropic’s internal red-teaming environments, OpenAI’s GPT-4 Red Team, and Google’s Vertex AI Security Red Teams provide adversarial scenario testing and model hardening workflows, ensuring safer public releases.

• Malware/content filters: Advanced detection models now screen for patterns associated with ransomware, exploit code, or hostile “how-to” guides, preventing them from ever reaching the attacker in usable form.

  Examples: CrowdStrike Falcon uses AI-powered code inspection, Palo Alto Cortex XSOAR analyzes payloads for threats, and SentinelOne applies LLM-based content filtering to block exploit patterns and malware at endpoints.
  

• Behavioural analytics: Security systems watch for the tell-tale rhythms of AI-driven scams—rapid bursts of near-perfectly written messages, emotionally manipulative patterns, or automation loops that reveal the absence of a human operator.

  Examples: Vectra AI and Tessian employ behavioral machine learning to monitor digital conversations, flagging suspicious automation, high-volume messaging, and manipulative interactions in email, chat, and network traffic.
  

• Collaborative intelligence: Perhaps most importantly, companies now share data on attempted abuses, creating a collective defence much stronger than any one platform standing alone.

  Examples: Microsoft Defender Threat Intelligence and IBM X-Force Exchange enable sharing of abuse indicators, attack patterns, and community threat reporting, reinforcing the global defense ecosystem against emerging vibe hacking tactics.

In plain English: attackers automate; defenders instrument. It’s an arms race, but the defensive stack is evolving quickly and visibly, giving users increasing confidence that AI tools are not simply “wide open” to misuse.

Practical steps for organisations and teams (without needing to “become a cyber person”)

You don’t need to run a security operations centre to be sensible. Treat AI like that kitchen knife—useful, powerful, and stored safely. A few practical habits go a long way:

1. “Trust but verify” AI output

   • Treat all AI-generated code, prompts, and configs as untrusted until reviewed and tested. Add code scanning or sandbox testing to your workflow so you don’t accidentally run malicious or faulty code.

2. Lock down access and identity

   • Enforce multi-factor authentication (MFA), least-privilege principles, and good secrets management. Don’t paste API keys into chat prompts, and keep any public-facing chatbots rate-limited to prevent abuse.

3. Watch for jailbreak attempts

   • If you run AI tools internally, log interactions. Sequences that look like “teach me to hack” or clever roleplay prompts may be attempts at misuse. A light human-in-the-loop layer for critical systems prevents mistakes.

4. Refresh staff awareness

   • Staff training needs an upgrade. Phishing drills should include examples of AI-written emails, realistic voice clones, and deepfake video snippets. Awareness makes people pause before clicking.

5. Pick vendors who publish safety work

   • Choose AI providers that publicly explain how they detect abuse, what guardrails are in place, and how quickly they patch problems. Transparency is now a marker of reliability.

These steps don’t require a cybersecurity degree—just awareness, policies, and a willingness to update old habits.

Everyday internet users: simple defences against vibe hacking

Not everyone runs a business or manages IT systems. For most of us, the concern is far more personal: avoiding scams, spotting fakes, and staying safe online. A few habits can make a big difference:

1. Pause before clicking

   • If a message sounds urgent, emotional, or too good to be true, take a breath. Many AI‑assisted scams rely on manufactured urgency.

2. Check the sender, not just the message

   • Hover over links and confirm email addresses. AI can mimic tone perfectly, but it can’t forge a legitimate sender domain.

3. Verify requests through another channel

   • Got a message about payments, account changes, or urgent transfers? Call the person or organisation directly using a trusted number before acting.

4. Be wary of deepfakes and voice clones

   • If a voice call or video seems slightly “off,” don’t assume it’s genuine. Ask a question only the real person would know.

5. Use updates and security basics

   • Keep devices patched, run antivirus/anti‑malware, and enable multi‑factor authentication on key accounts (email, banking, social media).

6. Talk about scams with friends & family

   • Awareness spreads protection. Many scams succeed because people feel embarrassed to ask for help.

These aren’t high‑tech moves—they’re everyday habits that make you much harder to fool, even when scammers try to weaponise AI.

A quick word on MFA

Multi‑factor authentication (MFA) deserves its own spotlight. For everyday users, it’s the single most effective step to block vibe hacking‑style scams from escalating. Even if a criminal tricks you into sharing a password, MFA adds another layer—like a one‑time code from your phone—that they can’t easily fake. Enable MFA on:

• Email accounts (your gateway to everything else)

• Banking apps and payment services

• Social media platforms, where hijacked accounts can be used to scam your friends

It might feel like an extra tap, but it shuts down a huge number of common attacks and keeps your digital identity far more resilient.

Should this scare you off AI?

No. Knives still belong in kitchens. The real takeaway isn’t “AI is evil,” it’s “AI is powerful—use it responsibly.” For most teams, the right path looks like this:

• Begin with low-risk, high-value use cases such as document drafting, meeting summaries, or internal copilots.

• Layer in simple guard-rails—MFA, peer review, and logging—so early experiments remain safe.

• Expand into customer-facing systems or code-generation only when your organisation has confidence and clear policies in place.

That’s not paranoia—it’s modern digital hygiene. AI can accelerate progress, but responsible guard-rails stop accidents or abuse from derailing those gains.

Where Mercia AI fits

We don’t sell firewalls. What we do offer is guidance for organisations that want to adopt AI without falling into hype or panic. Our role is to help you adopt AI responsibly—defining clear use-cases, building sensible guard-rails, and offering training that makes people savvy, not scared.

Whether it’s an AI Readiness Consultation, an AI Ethics and Responsibility Workshop, or simply a Discovery Call to talk through your ideas, Mercia AI helps you move forward with confidence. We bridge the gap between curiosity and capability—ensuring that your AI roadmap is proportionate, realistic, and rooted in responsibility.

This aligns with Mercia AI’s mission: to empower individuals, organisations, and communities to harness the transformative power of artificial intelligence responsibly and effectively.

Sources & further reading

• Detecting and countering misuse of AI: August 2025 – documenting misuse attempts of Claude and vibe hacking patterns.

• ESET research on PromptLock (2025) – first identified AI‑assisted ransomware strain using local LLMs.

• Industry coverage (The Verge, Reuters, Wired) – broader landscape of AI misuse, underground markets, and influence operations.