Varonis Threat Labs discovers evolving Bluekit phishing kit with AI and MFA bypass
Updated
Updated · TechRadar · Apr 30
Varonis Threat Labs discovers evolving Bluekit phishing kit with AI and MFA bypass
6 articles · Updated · TechRadar · Apr 30
Researchers said Bluekit mimics more than 40 brands, centralises domain registration, hosting and data theft, and sends real-time Telegram alerts to attackers.
The kit can draft phishing emails with jailbroken AI models, steal cookies and active sessions to bypass multi-factor authentication, and spoof locations to avoid suspicious-login warnings.
Varonis said Bluekit is being actively updated, lowering barriers to cybercrime; it urged businesses to use FIDO2 or hardware keys and strengthen employee phishing training.
If even 'phishing-proof' hardware keys can be bypassed, is any online account truly safe?
When AI perfects phishing attacks, does human vigilance become an obsolete defense?
With AIs now jailbreaking other AIs, is the cybersecurity arms race already lost?
Bluekit Phishing Kit in 2026: AI-Powered MFA Bypass and the Urgent Need for Phishing-Resistant Authentication
Overview
Discovered in early 2026, Bluekit revolutionized phishing by offering a centralized, user-friendly platform that lowers the skill needed for large-scale, localized attacks. Its AI assistant, Abliterated Llama, automates convincing phishing content using open-weight models without safety limits. Bluekit’s core threat is its Adversary-in-the-Middle attack, which intercepts session tokens to bypass traditional MFA methods like SMS and authenticator apps. This capability, combined with advanced evasion techniques and real-time victim monitoring, democratizes sophisticated phishing. In response, organizations are rapidly adopting phishing-resistant MFA such as FIDO2 and passkeys, supported by regulatory standards, while evolving layered defenses and AI governance to counter increasingly AI-powered, personalized cyber threats.