Vibe hacking: how AI-driven emotional manipulation is reshaping cybercrime

Published: 1 November 2025
Last updated: 1 November 2025
A venetian mask atop a data grid as a masquerade.
Image by Cybernews

Vibe hacking is an emerging form of AI-enabled social engineering that weaponizes tone, timing, and persona to trick people – and even other AI models – into handing over data, money, or access.

There’s a new technique on the block, and it’s called “vibe-hacking.” You might already be aware that AI is capable of algorithmic manipulation in order to gain a user's trust, for better or worse.

Think chatbots for starters. They’re pretty good at getting users on their side, often telling you what you want to hear, especially as they are prone to being quite agreeable. Well, what if hackers were able to tap into that and extract the information they wanted?

ADVERTISEMENT

This works especially well at the corporate level, with an institution just being one click away from being duped into paying a walloping ransom. According to Anthropic, it's happened to 17 organizations that had key data stolen from them by hackers using Claude Code. This time, though, instead of focusing on code, the attackers focus on the vibe and sounding more believable across chat, calls, and social feeds.

Sneaky scoundrels

The sneaky thing about vibe hacking is that it can target both humans and AI systems, so raising your cynical brow to outsiders might not be enough. Vibe hacking uses multiple vectors such as text, voice deepfakes, short videos, and persona mimicry.

Other tactics often used are inside jokes and delaying a return message, which only boosts the authenticity value.

“Vibe coding,” as popularized by Andrej Karpathy in early 2025, was coined as a term to describe a user-friendly approach where you can give AI simple instructions and it will generate the code for you, minimizing the need to worry about traditional and robust coding. Predictably, it has already been made malicious.

In terms of expediting, criminals scrape LinkedIn (for example) public posts and discussions to sound plausible. The AI tooling that the criminals use can reel in an innocent netizen, build rapport with say emojis and delayed responses, and then drop a link for payment, especially if it becomes clear that they hold some key account data.

The evil bots can even run hundreds of conversations simultaneously, making them cheap to deploy. But what programs are the hackers actually using to penetrate the systems?

Annual stockcheck at London Zoo
Daniel Berehulak via Getty Images
ADVERTISEMENT

Deadly worms

There’s also a malicious GPT doing the rounds, and it’s called WormGPT. This duplicitous and ominous-sounding LLM (language learning model) is marketed directly for cybercrime purposes on the dark web.

The community knows it as a simplified piece of software that less-skilled users can utilize to create convincing voices and scripts. Lurking away at some shady markets, you can find “vibe scripts” for sale – empathy can yield huge success for hackers.

Many LinkedIn or Discord users might crave an authentic connection, especially if their guard is lowered as they have screen fatigue and are approached at a corporate level during their daily grind.

There are also instances with AI models Claude and Anthropic, whereby certain models have been molded into models that can automate extortion, data theft, and ransomware workflows.

In fact, an August report from Anthropic revealed that hospitals, emergency services, and even religious organizations had been targeted, due to their high trust dependency, as an ideal space for grooming.

And of course, vibe hacking can be deployed at a personal level through romance and investment scams, as credentials can be shared quite easily. These attacks are now so sophisticated that you needn’t be gullible to fall prey to them.

If a CEO had been expertly impersonated and asked you to transfer some money, would you think twice?

A 90's style business CEO sitting on a leather sofa.
Mark Peterson via Getty Images

What you can do

ADVERTISEMENT

A pre-arranged phrase (password) or a quick video call can do wonders for exposing a cloned voice. Hardened accounts, such as multi-factor authentication and strict password management, are also valuable housekeeping habits for holding the fort.

Another pearl of wisdom is that attackers are prone to pivot from genuine chat to asking for credentials mid-conversation, especially if a bot is leading the charge – so if the timing feels off, then it’s probably a rat.

At an organizational level, a shrewd move would be to invest in a decent training course that simulates these interactions with bots, thereby equipping the staff with a more discerning eye.

As vibe hacking continues to evolve, cyber defense must too. That old adage “never trust anyone” has never rung truer.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us
Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT