Cybersecurity firm Kaspersky has documented a sharp increase in malware campaigns targeting small and medium-sized businesses (SMBs) that impersonate popular artificial intelligence tools. In the first four months of 2026, the company’s solutions detected more than 33,300 attacks in which malicious or unwanted programs for computers were presented as legitimate AI services.
According to insights from Kaspersky, this figure represents an almost fivefold rise compared with the same period in 2025.
The attacks relied primarily on trojan-style malware.
These programs trick users into installing them by mimicking harmless files and then gain the ability to download additional harmful software, steal data, or perform other damaging actions on infected devices.
Among the AI platforms most frequently impersonated were ChatGPT (42% of detections), Claude (24%), and DeepSeek (20%).
Kaspersky also recorded hundreds of incidents involving malware disguised as OpenClaw, a newer AI application that gained quick popularity among business users in 2026.
In total, analysts identified around 1,100 unique malicious samples tied to these AI lures, marking a 21% increase from the previous year.
For comparison, threats disguised as messaging and video-conferencing applications remained relatively stable.
Kaspersky blocked nearly 415,000 attacks in which malware posed as tools such as Telegram, WhatsApp, Zoom, or Microsoft Teams during the same four-month window, showing little change from 2025 levels.
Security experts at Kaspersky noted that cybercriminals are rapidly adapting their tactics to exploit the growing use of AI tools in everyday business workflows.
Corporate employees increasingly rely on publicly available AI platforms, creating new opportunities for attackers to distribute harmful files under familiar names.
Vasily Kolesnikov, a security specialist at the company, emphasized the need for caution when downloading software from the internet.
He recommended carefully verifying website addresses, checking the spelling of links in emails, and maintaining strong protective solutions.
Rodion Pyanov, product manager for Kaspersky’s small-business offerings, highlighted the practical challenges smaller organizations face.
Many micro-businesses lack the time and budget for regular staff training on the latest threats.
He suggested that purpose-built security platforms can help bridge this gap by delivering core protection alongside accessible awareness resources.
To reduce exposure, Kaspersky advises SMBs to create clear internal guidelines for using external services and tools.
Organizations should define strict access rules for email accounts, shared folders, and online documents, and promptly revoke permissions when no longer needed.
Regular backups of critical data remain essential to limit damage from successful attacks.
Businesses are also encouraged to choose scalable security solutions matched to their size and resources, combining real-time threat blocking with detection and response capabilities where appropriate.
For companies without dedicated security staff, managed detection and response services can provide round-the-clock monitoring and support.
The research findings form part of Kaspersky’s broader analysis of risks facing small and medium businesses and were released ahead of International SMB Day on June 27, 2026. Kaspersky has now concluded that as AI technologies continue to integrate into daily operations, the update underscores the importance of staying alert to evolving social-engineering techniques that leverage familiar and trusted names.