In conjunction with its participation at the AI Everything Kenya x GITEX Kenya conference, global cybersecurity company, Kaspersky, has revealed that from January to the beginning of May 2026, Kaspersky solutions detected more than 92,000 attacks of malware and potentially unwanted applications worldwide disguised as popular Artificial Intelligence (AI) agents and AI services. Cybercriminals exploited trusted brands to lure victims into downloading malicious files, with fake ChatGPT applications accounting for 49% of all detected attacks, while Claude and Gemini each represented 18%.
Since the beginning of the year, Kaspersky researchers have identified more than 15,000 samples of malware masquerading as agentic AI software, including fake versions of rapidly growing tools such as OpenClaw. Among these samples were banking trojans, spyware, exploits, and malware downloaders capable of deploying additional malicious payloads.
In May 2026, Kaspersky Global Research and Analysis Team also uncovered a new campaign linked to the Silver Fox advanced persistent threat (APT) group. In this operation, attackers distributed fake Claude AI applications for Windows, macOS, and Linux, targeting users seeking access to AI tools. Once launched, the malicious installers silently deployed malware onto victims’ devices, enabling long-term access to compromised systems and sensitive information.
“The introduction of AI agents into enterprise environments changes the nature of trust itself. Every automated action becomes part of a wider chain of systems and data exchanges, which means security is no longer just about protecting endpoints – it is about controlling how intelligence, permissions, and decisions propagate across interconnected AI-driven processes,” explains Dmitry Galov, Head of Russia and CIS units at Kaspersky Global Research and Analysis Team. “Users should also keep in mind that attackers are actively leveraging popular AI services as a lure to steal victims’ confidential data and funds. Taking into account the evolution of modern threat landscape, reliable security solutions are becoming an essential part of digital life.”
Kaspersky recommends organisations to protect corporate infrastructure against a wide range of threats by using solutions such as from the Kaspersky Next product line that provide real-time protection, threat visibility, investigation and advanced response capabilities. If a company lacks cybersecurity personnel, it can adopt managed security services such as Kaspersky Managed Detection and Response (MDR) and / or Incident Response that covers the entire incident management cycle – from threat identification to continuous protection and remediation. Organisations should also equip their cybersecurity team with in-depth visibility into cyber threats targeting the organisation. For example, the latest Kaspersky Threat Intelligence delivers rich, contextual insights throughout the entire incident management cycle, enabling timely identification of cyber risks. AI-powered open-source intelligence search enhances cybersecurity teams’ ability to uncover and respond to emerging threats with greater precision.
Individual users are advised to stick to AI services from reputable companies with strong privacy and security track records. Avoid using anonymous or unknown bots that could be designed to harvest data. Malicious or fake AI bots may attempt to extract personal information to commit fraud, phishing, or blackmail. To protect your data, use a security solution to prevent visits to phishing sites and stop malware installation.
