This is a guest blog post written by Travis Simcox.

The cybersecurity industry has witnessed no shortage of breathless headlines about AI-powered cyberattacks. Most turned out to be proof-of-concept demonstrations or vaporware, exaggerated beyond recognition by vendors seeking attention. We’re cutting through the hype to examine a real AI tool actively used by real threat actors, with evidence drawn directly from underground forums and live campaigns.

This first installment focuses on phishing email generation—specifically, how threat actors are leveraging artificial intelligence to evade detection at scale.

The concept of automated email variation isn't new. Years ago, while investigating a Royal Ransomware campaign, I observed affiliates using a rudimentary spintax generator—a GUI tool adapted from the world of blackhat SEO. The operator would select non-critical words in their phishing template and provide alternative options. The tool would randomly replace these words in each outgoing message, creating sufficient variation to evade signature-based detection.

The results were predictable: roughly half the emails read like plausible English, while the other half emerged as barely coherent word salad. Anyone who has spent significant time analyzing spam has undoubtedly encountered these spintax-generated messages, though many analysts may not have recognized them as such.

Spintax represented the floor, not the ceiling. Today, as generative AI reshapes how we create content online, the barrier to entry for sophisticated email obfuscation has collapsed. Modern threat actors use AI to generate variations in words, fonts, spacing, and coloring that appear nearly identical to the human eye but produce wildly different HTML representations—each one a unique fingerprint that evades pattern-matching filters.

More significantly, we're witnessing a fundamental shift in the threat landscape: away from locally-run scripts and toward API-based Obfuscation-as-a-Service platforms. These services democratize advanced evasion techniques, placing enterprise-grade capabilities in the hands of relatively unsophisticated operators.

Enter HTMLMIX (sometimes stylized as HTM|MIX), a tool that exemplifies this new paradigm. What follows is a technical examination of this platform: its capabilities, its reputation among established threat actors, how it operates at scale, and what defenders need to know to counter the next wave of AI-obfuscated phishing.

To understand what makes HTMLMIX effective, let's examine how it processes two common scenarios: a straightforward invoice scam and a Microsoft 365 credential harvesting attempt.

Now let's examine what HTMLMIX does to these templates.

HTMLMIX automates several HTML manipulation tactics that have existed for years but previously required manual implementation:

• Trusted domain injection: Sprinkling links to legitimate sites (Google, Microsoft, major news outlets) throughout the email to improve sender reputation scores

• Invisible character insertion: Adding zero-width spaces, non-breaking spaces, and other invisible Unicode characters that alter the text's digital signature without affecting visual appearance

• HTML structure mangling: Inserting unnecessary tags, randomizing font variations, introducing subtle color changes, swapping semantically equivalent tags, and renaming CSS classes—all producing HTML that looks identical when rendered but appears completely different to signature-based detection systems

When we apply these techniques to our invoice example, the visual output remains nearly identical—perhaps some minor whitespace differences if you scrutinize closely. However, the underlying HTML expands from a few hundred bytes to over 21KB of obfuscated code, with each instance unique enough to evade pattern matching.

Interestingly, some of these older obfuscation tactics now actually increase detection rates. Modern machine learning-based filters have been trained to recognize the signatures of excessive HTML manipulation, meaning blind application of every available technique can backfire. HTMLMIX's "auto mode" attempts to balance evasion with plausibility, though with mixed results.

Beyond familiar HTML tricks, HTMLMIX incorporates more sophisticated algorithmic techniques:

• Image pixelation as HTML: Converting images into HTML structures composed of colored div blocks, creating visually identical images from completely different code

• Tabular randomization: Fragmenting text into table cells with randomized word counts per cell, breaking up the linguistic patterns that content-based filters analyze

• CSS class extraction: Programmatically extracting inline styles, generating unique CSS class names, and applying these classes to elements—creating functionally identical styling from technically unique code

These techniques represent an evolution beyond simple find-and-replace operations. They algorithmically restructure the email's technical composition while preserving its visual and functional presentation.

Where HTMLMIX truly distinguishes itself is in its AI integration. The platform offers four AI-powered capabilities:

1. Regional Trending Words

The tool can inject trending terms from selected geographic regions, potentially improving deliverability by making emails appear more current and contextually relevant.

2. AI-Generated Synonyms

This feature tackles the same problem as spintax but with dramatically improved results. We tested it on our invoice example with a creativity setting of 0.6 (on a scale from conservative to creative).

Here are three variations it generated:

The improvement over spintax is substantial. Each version forms coherent, realistic sentences rather than word salad. The tone shifts slightly between variations—a careful reader might detect the inconsistency—but casual recipients would likely find nothing suspicious about any individual message.

3. AI-Generated Preview Text

The tool can generate varied preview text (the snippet visible in email clients before opening), ensuring that even this metadata differs across messages.

4. Automated Email Thread Fabrication

Perhaps the most ambitious AI feature, added to HTMLMIX in October 2025, attempts to generate realistic email conversation chains. In business email compromise (BEC) attacks, sophisticated threat actors often hijack legitimate email threads, then inject fraudulent payment requests. We also observe completely fabricated threads, though these typically look obviously fake.

Testing this feature on our invoice example produced mixed results. The generated conversation flow made logical sense—emails about confirming an invoice, following up on payment, and discussing timeline concerns.

However, all the participants used personal email addresses (@gmail.com, @icloud.com), which should immediately raise red flags in a B2B payment context.

When we tested the feature on the Microsoft 365 phishing email, it generated a completely unrelated conversation thread about quarterly sales reports, demonstrating the AI's current limitations in maintaining contextual relevance.

To see these techniques working in concert, we processed a basic phishing template through HTMLMIX's auto mode, which applies a balanced selection of obfuscation techniques.

The "before" shows clean, minimal HTML—a simple email alert about a Google Workspace storage limit with a header, body text, and call-to-action button. Standard structure, straightforward code.

The "after" reveals what modern obfuscation looks like: the HTML has been shredded into fragments, restructured with nested divs and spans, injected with randomized CSS classes, and padded with invisible characters. The visual presentation remains virtually identical, but the underlying code has been transformed into something unrecognizable to signature-based detection systems.

This transformation happens in seconds via API, enabling threat actors to generate thousands of unique variants from a single template.

Obfuscating email content addresses only half the detection challenge. Attackers must also obscure the destinations of their links, since URL reputation checking remains one of the most effective anti-phishing controls.

HTMLMIX offers an optional upsell called "Trust Redirects" that leverages cloud infrastructure from trusted providers. The concept is straightforward: a link pointing to an Amazon S3 bucket or Microsoft Azure endpoint is far less likely to be blocked than a link to a newly-registered suspicious domain.

The service charges $20 per redirect, with the first test redirect free. For an additional fee, operators can purchase a "Personal Server" that increases their balance to $200+ and adds AWS keys for $10 per redirect instead of $20, lowering the per-campaign cost for high-volume operators.

The interface allows attackers to specify the destination URL, customize the page title (e.g., "Loading your Behind the Surface account"), choose the URL format (virtual-hosted vs. path-based), select parameter formatting (query vs. hash), and optionally append the .html extension.

Of course, this approach involves inherent tradeoffs. Amazon and Microsoft actively respond to abuse reports, meaning these redirects have limited lifespans—hours or days rather than weeks. But for time-sensitive campaigns targeting specific organizations, the temporary legitimacy can be worth the cost. The attacker simply needs the link to survive long enough for targets to click, not indefinitely.

Like many dark web services, HTMLMIX wraps itself in disclaimers about "legitimate," "research," and "educational" purposes. The interface prominently displays warnings that users are "solely responsible" for ensuring compliance with applicable laws and that the service "categorically forbids" the use of the platform for illegal purposes, including fraud, malware distribution, and spam.

These disclaimers are, of course, meaningless. HTMLMIX is exclusively advertised on underground forums and can only be purchased using cryptocurrency—operational security measures that belie any pretense of legitimate use.

What reveals the service's true purpose is the enthusiastic feedback from established threat actors in underground communities.

One endorsement comes from a moderator of XSS, a top-tier hacking forum, who is recognized as a filter bypass expert with activity dating back to 2012. When another user requests advice on phishing obfuscation, he replies simply: "There's a service called htmlmix that's way ahead in this area."

Another testimonial comes from an established vendor on multiple top-tier forums:

The pattern continues across multiple underground communities. Lesser-known operators echo similar sentiments:

This isn't theoretical threat intelligence. These are real operators, some moving hundreds of thousands of phishing emails weekly, providing unprompted testimonials about a tool that measurably improves their success rates.

The threat posed by HTMLMIX extends beyond its technical capabilities. What makes it particularly dangerous is its scalability.

Individual phishers might use the web interface to manually process templates, but sophisticated operators integrate HTMLMIX directly into their attack infrastructure via API. This transforms obfuscation from a manual bottleneck into an automated pipeline component.

The typical workflow looks like this:

• Template preparation: The attacker creates a base phishing template with placeholder variables for personalization

• API integration: The template is submitted to HTMLMIX's API endpoint with specified obfuscation parameters

• Variant generation: HTMLMIX returns multiple unique HTML variants, each with different obfuscation applied

• Email platform integration: These variants are fed into commodity SMTP services or compromised email accounts for distribution

• Redirect chaining: Links are processed through the Trust Redirects service or similar URL laundering platforms

• Campaign execution: Thousands of unique emails are distributed, each technically distinct despite originating from a single template

The API documentation shows standard bearer token authentication and straightforward error handling. Rate limits exist (the API can be exhausted with heavy use), though the specific quota limits are not publicly disclosed.

HTMLMIX's obfuscation service integrates directly with complementary attack infrastructure. The API can integrate with traditional email delivery methods, and the tool also has a partnership with a novel delivery system that will be the topic of an upcoming analysis.

HTMLMIX is just one tool among many, but it provides a clear view into where the threat landscape is heading. The question isn't whether AI will transform phishing; it already has. The question is whether defenses will evolve quickly enough to keep pace.

What we're witnessing is the early stage of AI-powered social engineering. The AI-powered features may currently feel somewhat gimmicky—e.g., the synonym generator produces inconsistent tone, and the thread fabrication creates contextual mismatches. But these capabilities will improve. Language models are advancing rapidly, and tools like HTMLMIX will integrate better models as they become available.

The phishing emails of 2026 will be more convincing than those of 2025, which are already more convincing than those of 2024. This trajectory demands that defenders move beyond reactive controls toward adaptive systems that can recognize novel evasion techniques.

Organizations that maintain security postures designed for yesterday's threats will find themselves increasingly exposed. Defending against AI-powered phishing requires AI-powered defenses, coupled with fundamental security practices that remain effective regardless of technical sophistication.

For additional insight into the threat landscape and analyses of other Dark Web tools, visit our threat intelligence data and research hub, Abnormal Intelligence.