WP Builds 456 – WordPress vulnerabilities and the power of AI-powered malware detection
Feb 12, 2026
Thomas Raef, founder of We Watch Your Website and WordPress security specialist, describes scaling malware remediation and training AI with hundreds of thousands of samples. He discusses stolen credentials, device compromise, log streaming for forensics, AI-powered attacks and defenses, behavioral detection, and practical mitigations like passkeys and 2FA.
AI Snips
Chapters
Transcript
Episode notes
Attackers Embraced AI First
- Hackers adopted AI early and use it to scale social engineering, phishing and exploit discovery.
- The attacker advantage comes from automation, low cost, and the fact they only need one successful breach.
AI Scales Highly Persuasive Phishing
- AI enables personalised phishing and workflow-mimicking scams by scraping public profiles and site content.
- These AI-made attacks defeat traditional signature-based detection and social cues that once gave them away.
Voice Deepfakes Threaten Phone Trust
- Deepfake voice attacks and low data voice cloning make CEO fraud and phone scams realistic and scalable.
- A few captured words or short audio clips can be enough to synthesize convincing voice impersonations.