The available templates can be utilized to target a wide array of services, including email accounts like **Outlook**, **Hotmail**, **Gmail**, **Yahoo**, and **ProtonMail**, as well as cloud services such as **iCloud**, developer platforms like **GitHub**, and cryptocurrency services like **Ledger**. ### AI-Powered Phishing Email Generation What sets **Bluekit** apart is its integrated AI Assistant panel, which supports multiple models, including **Llama**, **GPT-4.1**, **Claude**, **Gemini**, and **DeepSeek**. This feature enables cybercriminals to generate drafts of phishing emails more efficiently. This development mirrors the broader trend of cybercrime platforms adopting AI to streamline and scale their operations. **Abnormal Security** recently reported on **ATHR**, a voice phishing platform that uses AI agents to conduct social engineering attacks. ### Early Stage AI Capabilities Cybersecurity company **Varonis** analyzed a limited version of **Bluekit's** AI Assistant panel and observed that the generated outputs contained placeholder content, suggesting that the feature is still in an early, experimental phase. “The [generated] draft included a useful structure, but it still depended on generic link fields, placeholder QR blocks, and copy that would need cleanup before use,” **Varonis** noted. “**Bluekit’s** AI Assistant looked more like a way to generate a campaign skeleton than a finished phishing flow.”  *AI models available on BlueKit* *Source: Varonis* ### Comprehensive Phishing Campaign Management Beyond the AI component, **Bluekit** integrates domain purchase/registration, phishing page setup, and campaign management into a single, unified panel. **Varonis** reviewed templates for **iCloud**, **Apple ID**, **Gmail**, **Outlook**, **Hotmail**, **Yahoo**, **ProtonMail**, **GitHub**, **Twitter**, **Zoho**, **Zara**, and **Ledger**, noting their realistic designs and logos.  *Sample of the offered templates* *Source: Varonis* Operators can select domains, templates, and modes within a unified interface. They can also configure the phishing page behavior, including redirects, anti-analysis mechanisms, and login process handling, and monitor victim sessions in real-time. ### Granular Control and Security Options The dashboard provides users with granular control over the behavior of the phishing pages, allowing them to block VPN or proxy traffic, headless user agents, or set fingerprint-based filters.  *Security options* *Source: Varonis* ### Data Exfiltration and Session Monitoring Stolen data is exfiltrated via **Telegram**, on private channels accessible by the operators. The post-capture session monitoring includes cookies, local storage, and live session state, showing what the victim was served after login. This allows operators to refine their attacks for maximum effectiveness.  *Monitoring post-capture activity from within the dashboard* *Source: Varonis* **Varonis** concludes that **Bluekit** is another example of an “all-in-one” phishing platform, providing lower-tier cybercriminals with fully-fledged tools to manage the entire phishing attack lifecycle. .jpg) *Recent Bluekit release notes* *Source: Varonis* However, the kit appears to be under active development, receiving frequent updates and evolving rapidly, potentially leading to increased adoption.