Detection engineer with an ML background. Was trying to write about how hard it is to detect AI-generated malicious email — ended up finding the opposite: right now, lazy threat actors are leaving hilarious and huntable artifacts in their HTML.

Highlights: HTML comments saying "as requested," localhost in production phishing emails, and a yellow-highlight theory I've been finding a lot of bad stuff with.

This won't last forever — but for now it's a great hunting signal.