AI
Jun 17, 20261
69%
Kali365: Sophisticated AI-Powered Phishing-as-a-Service Platform Poses Major Cybersecurity Threat
Kali365, a sophisticated AI-powered phishing-as-a-service platform discovered in May 2026, poses a significant cybersecurity threat by targeting Microsoft accounts at enterprise scale. The platform uses artificial intelligence to craft convincing phishing emails and steal authentication tokens, effectively bypassing security protections. The FBI has issued a warning about its operations.
Quick Facts
Who
Kali365 operators
What
Phishing-as-a-service platform detected
When
May 2026 (first detection)
Where
China (origin of Microsoft 365 logins)
- Phishing-as-a-service platform detected
- AI-powered phishing campaign
- Session cookie and OAuth token theft
- Email interception and fraud analysis
- Cryptocurrency payment processing
Security researchers have identified Kali365, also known as Octopi365 and Freedom365, as a highly sophisticated phishing-as-a-service platform that represents a significant escalation in cybercriminal capabilities. First detected by security firm Huntress in May 2026 while investigating suspicious Microsoft 365 logins originating from China, the platform leverages artificial intelligence to target Microsoft accounts at scale. The FBI has issued a public warning about its operations.
What distinguishes Kali365 from conventional phishing services is its enterprise-grade infrastructure and AI integration. The platform includes at least 33 built-in templates impersonating Microsoft products and services, 100 API endpoints, and role-based access control for managing phishing teams. It also offers a tiered pricing model, cryptocurrency payment integration, and a desktop application for operators. Rather than directly bypassing multi-factor authentication, Kali365 uses sophisticated social engineering to steal session cookies and OAuth tokens, which then provide authenticated access to victim accounts.
The platform's most concerning capability involves its use of Anthropic's Claude AI model to analyze intercepted email threads, assess their fraud potential, and generate convincing reply messages with fabricated banking details and manufactured urgency. These AI-crafted communications are sent from the victim's own compromised mailbox, creating a deceptive appearance of legitimacy. The phishing emails impersonate trusted cloud productivity and document-sharing services, making them difficult for users to distinguish from genuine communications.
The scope of the phishing threat landscape underscores why Kali365 represents a particular concern. An estimated 3.4 billion malicious emails are sent daily, representing 1.2 percent of all email traffic. Google alone blocks approximately 100 million phishing emails daily as threat actors continually evolve their tactics. The FBI's warning acknowledges that Kali365's scale, multiple attack vectors, and legitimate appearance make it particularly difficult for users to avoid, and that resolving the threat would require Microsoft to address underlying security vulnerabilities that enable such authentication transfers.
Why This Matters
Kali365 represents a critical escalation in cybercriminal capabilities that directly impacts enterprise security posture. The platform's ability to steal OAuth tokens and session cookies—rather than directly breaking multi-factor authentication—exploits a vulnerability gap that organizations may not have adequately defended against. With an estimated 3.4 billion malicious emails sent daily, this AI-powered service dramatically increases the sophistication and scale of credential theft attacks. Organizations using Microsoft 365 must immediately review their email security controls, token lifetime policies, and anomalous login detection systems, as the FBI warning indicates this threat is actively targeting enterprise environments.
Timeline & Sources
Jun 17, 2026
WireTechRadar publishes detailed analysis of Kali365 platform