• Hackers are using AI-powered website builders to quickly craft phishing sites
  • Thousands of organizations have already been targeted
  • Lovable is introduction different protections to combat the threat

Lovable, a popular AI website builder which allows users to craft quality websites by talking to the platform, is being heavily abused in different cybercriminal activities, experts have warned.

Security researchers at Proofpoint have revealed how, since February 2025, they have seen “tens of thousands” of Lovable URLs used in malicious campaigns, being distributed through phishing emails.

“Cybercriminals are increasingly using an AI-generated website builder called Lovable to create and host credential phishing, malware, and fraud websites,” Proofpoint said in its report.

Lovable strikes back

The company added it has observed, “numerous campaigns leveraging Lovable services to distribute multifactor authentication (MFA) phishing kits like Tycoon, malware such as cryptocurrency wallet drainers or malware loaders, and phishing kits targeting credit card and personal information.”

Ever since the emergence of the first ChatGPT version, security researchers have been warning about AI tools lowering the barrier for entry into cybercrime.

At first, threat actors used Generative AI to craft convincing phishing emails, or write malware code quickly and efficiently. However, since website builders started integrating AI as well, criminals found a new toy to play with.

In February 2025 alone, Proofpoint claims to have seen a campaign leveraging file sharing themes to distribute credential phishing, which included “hundreds of thousands of messages” and impacted more than 5,000 organizations.

Fortunately, Lovable isn’t sitting with its hands crossed. One credential phishing cluster with hundreds of domains was taken down by Lovable the same week it was reported.

The company also told Proofpoint it recently implemented AI-driven security protections to make building phishing sites impossible, including real-time detections to prevent creation of malicious websites as users prompt the tool, and automated daily scanning of published projects to flag potentially fraudulent projects.

You might also like