Post by Expel

While AI isn’t writing novel malware yet. It’s doing something much more effective: convincing your users to do the work for them. Our Q1 2026 SOC data shows a definitive shift. Attackers are moving away from binary file execution and toward social engineering-based delivery. For the first time, ClickFix-based techniques have overtaken traditional malware execution. We’re seeing ChatGPT Stealer and InstallFix pose as legitimate browser extensions or cloning Anthropic’s official install instructions. It’s prompt poaching and credential weaponization at scale. See how attackers are using AI as bait and a delivery vehicle by exploiting the trust people place in AI tools to get malware onto their systems: https://lnkd.in/grD4zUvF