To bypass security features installed in web browsers and search engines, cybercriminals are using artificial intelligence. The emergence of cloaking software powered by AI has led to a situation where hackers are now able to cloak malicious sites in front of automatic scanners but leave the actual human target on a phishing page, falsely created shop, or adware. This is a way that dangerous websites are able to remain on the internet for more time and avoid tracking. Due to the development of digital fraud, users are becoming targets of scams without even knowing they have become a target.
AI Cloaking Allows Hackers to Outwit the Standard Web Defense
According to the security researchers at SlashNext, now a user is visiting a site, and may now be seeing different content based on that visitor identity given that the AI is programmed to adaptively render content. This form of deception is called web cloaking, as it appears in a non-hazardous manner to the automated bots, such as Google Search or antivirus programs, and in a hazardous way to the real viewers. By using hundreds of characteristics of the visitor, these AI tools are able to determine whether a visitor is a true human or a robot. Later, after being disclosed as a human user, the system begins downloading phishing forms or malware charges that are never disclosed in scans.
That is why it is hard to have a cybersecurity tool identify or poke holes on malicious websites as it has never encountered the malicious site: all their scanners get is the safe version of the web page. Not only does this extend the life of the fraudulent campaigns but it also reduces the capability of browser based protection to act in real time. As AI keeps being trained with detection patterns, the security systems available to track hackers are getting faster but still much slower than hackers who are working on their evasion strategies.
The Migration being Driven by Tools such as Hoax Tech and JS Click Cloaker
Hoax Tech and JS Click Cloaker are some platforms catalyzing the increase of AI-powered cloaking. The researchers note that, though both of them position themselves as the tools of traffic optimization to be used by digital marketers, they are well known to be used to cover criminal activities by providing protection against investigation.The AI engine that is used by Hoax Tech to create this is called Matchex, and it creates a digital fingerprint of every visitor. The following is the type of information that it gathers; browser configuration, installed plugins, IP address history, and location. This information is matched with the huge database of knowledge about the known security crawlers. In case the fingerprint is similar to that of a bot or a scanner, the system would take you to a non-malicious page that is neutral.
JS Click Cloaker goes a step further and looks at over 900 data points per session. It monitors the behavioral indicators and the past dealings to establish who has access to the genuine material. The advanced capabilities of the platform also include traffic-splitting and A/B testing, which are featured in genuine digital advertisement campaigns today but are now in the hands of criminals in order to make a quick buck on an unsuspecting victim. The two services are both based on the white page and black page. Scanners look at the white page: innocent, clean and regulation-adherent. Instead, real users receive the black page with a scam-offer, password-extracting forms, or harmful software.
The New Pillar of Online Fraud: Cloaking-as-a-Service
The cybersecurity experts say that cloaking is not an offbeat technique anymore, but it is mainstreaming. The emergence of cloaking-as-a-service websites has brought down the barrier to entry of cybercriminals. Such tools are simple, affordable and expandable. They offer a tremendous level of evasion in the hands of even the low-level threat actors. These services allow actualizing machine learning, real-time analysis, and intense visitor profiling that allows fraudsters to remain in constant touch with changes to security procedures. It also complicates the tracking and takedowns of phishing infrastructure by law enforcement and vendors of cybersecurity products in a timely manner.
So long as such facilities can be accessed through the open or dark web, phishing campaigns, malware delivery, and even identity theft operations are bound to become that much more widespread and to benefit from greater levels of sophistication. This issue is further extended by the fact that most of these tools exist in a legal grey area, selling themselves as nonthreatening technology, but provide functionalities that are designed to be abused.
Read also: How AI Is Transforming Data Analysis in 2025
How to be Safe Against AI-Evading Attacks by the Users
As AI-based cloaking is reforming the methods of approach to scams, one has to pay a little more attention to these concerns. Security tools that were traditionally used are no longer sufficient to track all malicious websites. Cybersecurity experts also suggest people to keep using sources that they trust and never use links given by strange people or dubious advertisements. Using URLs manually, instead of hyperlinks and redirected to cloaked phishing sites can be used to prevent this happening. A browser such as Firefox or Brave is more security-focused and should block any dubious scripts or trackers, which is one more layer of defense.
It is important to have operating systems and browsers and antivirus software kept up-to-date so that security patches are present. Superior anti-virus applications may manage to prevent the launch of cloaked links prior to opening them, however even these kinds of applications still have shortfalls in countering human targeted trickery. Two-factor authentication (2FA) is one of the best defenses to date. In case of password theft via a phishing page, 2FA will introduce another obstacle because it would still require a two-factor verification code that will be received over a phone or created via an authenticator app.
