Cybersecurity Awareness Month 2025: Microsoft highlights new AI phishing threat hidden in PDF attachments

As part of Cybersecurity Awareness Month 2025, Microsoft Threat Intelligence has raised an alert over a new wave of AI-generated phishing attacks that use PDF attachments as the main delivery vehicle. Unlike traditional phishing emails that rely on visible links or suspicious prompts, these malicious PDFs contain hidden code and AI-obfuscated text designed to bypass standard email security filters.
The latest findings indicate that attackers are now using generative AI tools to rewrite and disguise phishing content, making these malicious documents appear completely legitimate. Microsoft warns that this marks a significant evolution in phishing campaigns, with artificial intelligence now being used to outsmart the very systems built to detect such threats.

How the phishing attack works
According to Microsoft, these AI-powered phishing PDFs often appear to come from trusted senders such as banks, cloud service providers, or even internal departments within an organization. Once opened, the files may prompt users to click a link or enable “secure viewing,” which activates hidden scripts designed to collect credentials or download malware.
The use of AI makes these attacks harder to detect. Microsoft researchers observed that generative AI models are being used to automatically rewrite text, generate clean layouts, and embed dynamic payloads without triggering traditional keyword-based threat detection systems.
In some cases, attackers even use large language models to personalize phishing attempts by analyzing victims’ LinkedIn profiles or public company data, increasing the likelihood of a successful compromise.

Microsoft’s response
Microsoft’s security team has rolled out updated detection rules within Microsoft Defender for Office 365, specifically tuned to identify AI-obfuscated PDFs and other document-based phishing vectors. The company also recommends that organizations enable advanced phishing protection and implement file sandboxing for all email attachments.
The report further advises administrators to use Safe Links and Safe Attachments features across enterprise networks and encourage employees to verify document sources before enabling permissions or macros inside files.

User safety tips
Microsoft recommends a few best practices to minimize risk:
• Avoid opening PDF attachments from unknown or unexpected senders.
• Enable real-time threat protection in your security software.
• Educate employees about AI-generated phishing content and its evolving sophistication.
• Report suspicious emails and files through Microsoft’s Security Response Center or your organization’s IT department.

This warning arrives amid a broader industry trend where AI is reshaping both cybersecurity defense and cybercrime. While AI tools are improving threat detection and automating response times, they are also being exploited by attackers to mask intent and build more convincing digital lures.
Microsoft’s advisory serves as a reminder that AI literacy is now a key part of digital safety. During Cybersecurity Awareness Month, the company continues to emphasize that vigilance, layered defenses, and ongoing education remain the strongest tools against evolving phishing tactics.