New Bluekit Phishing Kit Bundles AI Assistant and 40 Templates Into Single Platform

A newly identified phishing-as-a-service platform called Bluekit offers more than 40 ready-made templates targeting widely used online services and includes an integrated AI assistant designed to help cybercriminals draft phishing campaigns, according to an analysis by cybersecurity company Varonis.

The kit's template library covers a broad range of targets, including email providers such as Outlook, Hotmail, Gmail, Yahoo, and ProtonMail, as well as cloud services like iCloud, developer platforms including GitHub, and cryptocurrency services such as Ledger.

What distinguishes Bluekit from earlier phishing tools is its AI Assistant panel, which supports multiple large language models — among them Llama, GPT-4.1, Claude, Gemini, and DeepSeek — to help operators generate phishing email drafts with less manual effort.

Varonis reviewed a limited version of the AI Assistant panel and found the outputs to be preliminary in nature, with placeholder content throughout. "The draft included a useful structure, but it still depended on generic link fields, placeholder QR blocks, and copy that would need cleanup before use," the firm said. "Bluekit's AI Assistant looked more like a way to generate a campaign skeleton than a finished phishing flow."

Beyond the AI component, the platform consolidates the entire attack lifecycle into one dashboard. Operators can purchase and register domains, configure phishing page behavior, set up redirects, and monitor victim sessions in real time — all from a single interface.

The platform also includes a suite of anti-analysis controls, allowing operators to block traffic from VPN or proxy services, filter out headless user agents, and apply fingerprint-based restrictions to reduce the chance of detection by security researchers.

After a target submits credentials, stolen data is exfiltrated through private Telegram channels accessible only to the operators. Post-capture monitoring tracks cookies, local storage, and live session state, giving attackers a detailed view of what the victim encountered after logging in.

Varonis described Bluekit as an "all-in-one" platform that places fully functional phishing infrastructure within reach of lower-tier cybercriminals who would otherwise lack the technical skills to build such tooling independently.

The platform appears to be under active development, with frequent updates suggesting it is still evolving — a factor that analysts say could accelerate its adoption in criminal communities.

The emergence of Bluekit reflects a broader pattern of cybercrime platforms incorporating AI capabilities to lower operational barriers. Abnormal Security recently documented a separate platform called ATHR, a voice phishing service that uses AI agents to conduct social engineering attacks over phone calls.

As AI tooling becomes more accessible and integrated into off-the-shelf criminal platforms, security teams face growing pressure to adapt detection and response capabilities to threats that can be stood up with minimal expertise and scaled with automated assistance.