- Hackers use AI-driven site builders to quickly make phishing sites
- Thousands of organizations have already been targeted
- Liverable is introduction different protections to fight the threat
Lovable, a popular AI site builder that allows users to create quality sites by talking to the platform, is greatly abused in various cyber criminal activities, experts have warned.
Proofpoint security researchers have revealed how since February 2025 they have seen “tens of thousands” of lovable URLs used in malicious campaigns distributed through phishing -e emails.
“Cyber criminals are increasingly using an AI-generated site builder called Lovable to create and host credentials, malware and fraud sites,” Proofpoint said in his report.
Lovely strikes back
The company added that it has observed, “Several campaigns that utilize lovable services to distribute multifactor authentication (MFA) phishing sets such as Tycoon, malware such as cryptocurrency drawing or malware loaders and phishing sets targeted against credit cards and personal information.”
Ever since the emergence of the first Chatgpt version, security researchers have warned about AI tools that lower the barrier to cybercrime entry.
First, threat actors used generative AI to design compelling phishing -e emails or write malware code quickly and effectively. When site builders also started integrating AI, criminals found a new toy to play with.
In February 2025, Proofpoint claims to have seen a campaign that exploited files that share themes to distribute credentials, which included “hundreds of thousands of messages” and affected more than 5,000 organizations.
Fortunately, lovable does not sit with his hands crossed. A legitimation phishing cluster with hundreds of domains was taken down by lovable the same week it was reported.
The company also told Proofpoint that the recently implemented AI-driven security protection to make phishing sites impossible, including real-time detections to prevent the creation of malicious websites when users ask for the tool, and automated daily scanning of published projects to mark potentially false projects.
