---

title: "Meet Bluekit: The AI-Powered All-in-One Phishing Kit"
type: article
source: newsletter
source_url: https://www.varonis.com/blog/bluekit
tags: [varonis, security]
ingested: 2026-05-17
sha256: 159e36acf3d6774a716020878ff27b67e5c6ed2f30ecc5525ef53b22d0aef756
score_value: 7
score_confidence: 8

---
Published Time: 2026-04-29T13:00:00.000Z
Markdown Content:
# Meet Bluekit: The AI-Powered All-in-One Phishing Kit
Introducing Varonis Atlas: Secure everything you build and run with AI [Learn more](https://www.varonis.com/platform/ai-security?hsLang=en)
[](https://www.varonis.com/?hsLang=en)
 Platform 
Data Security Platform
[Platform overview](https://www.varonis.com/data-security-platform?hsLang=en)
Data Security
[![Image 2: Data discovery & classification icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Data%20discovery%20%26%20classification_Icon.svg) Data discovery & classification Accurately discover, classify, and label sensitive data.](https://www.varonis.com/platform/data-discovery-and-classification?hsLang=en)[![Image 3: Cloud data security icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Cloud%20data%20security_Icon.svg) DSPM Improve your data security posture automatically.](https://www.varonis.com/platform/dspm?hsLang=en)[![Image 4: Database activity monitoring icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Nav-DAM.svg) Database activity monitoring Secure your databases with near-zero overhead.](https://www.varonis.com/platform/database-activity-monitoring?hsLang=en)[![Image 5: Data-centric threat detection_Icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Data-centric%20threat%20detection_Icon.svg) Data-centric UEBA Detect, investigate, and respond to attacks on data.](https://www.varonis.com/platform/data-centric-ueba?hsLang=en)[![Image 6: Data access governance icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Data%20access%20governance_Icon.svg) Data access governance See exactly who can touch sensitive data at all times.](https://www.varonis.com/platform/data-access-governance?hsLang=en)[![Image 7: Cloud DLP icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Cloud%20DLP_Icon.svg) DLP Monitor data activity and prevent exfiltration.](https://www.varonis.com/platform/dlp?hsLang=en)
AI Security
[![Image 8: AI Security icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Nav_AI_Security.svg) Atlas AI security Secure everything you build and run with AI.](https://www.varonis.com/platform/ai-security?hsLang=en)
Identity Security
[![Image 9: Identity resolution icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/icon-identity-resolution.svg) Identity resolution Map and classify every human and non-human identity.](https://www.varonis.com/platform/identity-resolution?hsLang=en)[![Image 10: Data risk analysis_Icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Data%20risk%20analysis_Icon.svg) Identity posture Detect and remediate risky or over-privileged accounts.](https://www.varonis.com/platform/identity-posture?hsLang=en)[![Image 11: ITDR icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/icon-itdr.svg) ITDR Stop identity-based attacks with real-time detection.](https://www.varonis.com/platform/identity-threat-detection-and-response?hsLang=en)
Interceptor
Email Security
[![Image 12: Interceptor email security icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/icon-interceptor-email-security.svg) Interceptor email security Stop advanced phishing and social engineering attacks.](https://www.varonis.com/platform/email-security?hsLang=en)[![Image 13: Interceptor browser security icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/icon-interceptor-browser-security.svg) Interceptor browser security Block malicious websites and credential theft.](https://www.varonis.com/platform/browser-security?hsLang=en)[![Image 14: Email data protection icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/icon-email-data-protection.svg) Email data protection Prevent data leaks and enforce outbound controls.](https://www.varonis.com/platform/email-data-protection?hsLang=en)
[MDDR 24x7 managed data detection & response.](https://www.varonis.com/platform/mddr?hsLang=en)[Varonis Concierge Expert guidance. Hands-on execution.](https://www.varonis.com/platform/concierge-services?hsLang=en)[Athena AI Streamline investigations and analyses.](https://www.varonis.com/platform/athena-ai?hsLang=en)[Changelog Stay up to date on the newest releases.](https://www.varonis.com/platform/changelog?hsLang=en)
 Solutions 
Use Cases
[![Image 15: Insider risk management_Icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Insider%20risk%20management_Icon.svg) Insider risk management Identify and prevent insider risks.](https://www.varonis.com/solutions/insider-risk-management?hsLang=en)[![Image 16: Ransomware prevention_Icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Ransomware%20prevention_Icon.svg) Ransomware prevention Detect and prevent ransomware attacks.](https://www.varonis.com/solutions/ransomware-prevention?hsLang=en)[![Image 17: Compliance management_Icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Compliance%20management_Icon.svg) Compliance management Automate compliance regulations and frameworks.](https://www.varonis.com/solutions/compliance-management?hsLang=en)[![Image 18: AI security_Icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/AI%20security_Icon.svg) AI security Secure AI copilots and LLMs.](https://www.varonis.com/solutions/ai-security?hsLang=en)[![Image 19: Data-centric threat detection_Icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Data-centric%20threat%20detection_Icon.svg) Data risk assessment Map data risk and build a path to remediation.](https://www.varonis.com/solutions/data-risk-assessment?hsLang=en)[![Image 20: Cloud data security icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Cloud%20data%20security_Icon-1.svg) Cloud data security Label critical data, monitor flows, and enforce policy.](https://www.varonis.com/solutions/cloud-data-security?hsLang=en)[![Image 21: Data Lifecycle Automation icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Nav_Data%20Lifecycle%20Automation.svg) Data lifecycle automation Automatically enforce data lifecycle policies.](https://www.varonis.com/solutions/data-lifecycle-automation?hsLang=en)[![Image 22: Dev Cycle Data Security icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Nav_Dev_Cycle_Data_Security_Icon.svg) Dev cycle data security Secure secrets, credentials, and PII data in dev tools](https://www.varonis.com/solutions/dev-cycle-data-security?hsLang=en)
Industries
[![Image 23: Nav_Finance_Icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Industries/Nav_Finance_Icon.svg) Finance](https://www.varonis.com/industry/finance?hsLang=en)[![Image 24: Nav_Healthcare_Icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Industries/Nav_Healthcare_Icon.svg) Healthcare](https://www.varonis.com/industry/healthcare?hsLang=en)[![Image 25: Nav_Manufacturing_Icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Industries/Nav_Manufacturing_Icon.svg) Manufacturing](https://www.varonis.com/industry/manufacturing?hsLang=en)[![Image 26: Nav_SLED_Icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Industries/Nav_SLED_Icon.svg) SLED](https://www.varonis.com/industry/state-local-and-education?hsLang=en)[![Image 27: Nav_Federal_Icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Industries/Nav_Federal_Icon.svg) US Federal](https://www.varonis.com/industry/federal-government?hsLang=en)
 Coverage 
Protection Packages
[![Image 28: Microsoft 365 & Entra ID_Icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Microsoft%20365%20%26%20Entra%20ID_Icon.svg) Microsoft 365 & Entra ID Advanced data protection for your Microsoft cloud.](https://www.varonis.com/coverage/microsoft-365?hsLang=en)[![Image 29: Windows & NAS_Icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Windows%20%26%20NAS_Icon.svg) Windows & NAS Protect cloud, hybrid, and on-premises files shares.](https://www.varonis.com/coverage/windows-file-shares-and-nas?hsLang=en)[![Image 30: SaaS apps_Icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/SaaS%20apps_Icon.svg) SaaS apps Protect mission-critical data in SaaS apps.](https://www.varonis.com/coverage/saas?hsLang=en)[![Image 31: Cloud infrastructure_Icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Cloud%20infrastructure_Icon.svg) Cloud infrastructure Protect data in AWS, Azure, and Google Cloud.](https://www.varonis.com/coverage/iaas?hsLang=en)[![Image 32: Databases](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Databases.svg) Databases Discover, classify, and protect any database.](https://www.varonis.com/coverage/databases?hsLang=en)[![Image 33: Network icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Nav_Network_Icon.svg) Network Stop network intrusion and data exfiltration.](https://www.varonis.com/coverage/network?hsLang=en)
Integrations
[![Image 34: Microsoft 365 logo](https://www.varonis.com/hubfs/2024%20Website%20Redesign/Coverage%20Nav%20Logos/Microsoft_365_(2022)_logo_nav.svg) Microsoft 365](https://www.varonis.com/coverage/microsoft-365?hsLang=en)[![Image 35: Microsoft Copilot logo](https://www.varonis.com/hubfs/2024%20Website%20Redesign/Coverage%20Nav%20Logos/Microsoft_365_Copilot_Icon_nav.svg) Microsoft Copilot](https://www.varonis.com/coverage/microsoft-365-copilot?hsLang=en)[![Image 36: ChatGPT logo](https://www.varonis.com/hubfs/2024%20Website%20Redesign/Coverage%20Nav%20Logos/logo-chatgpt-nav.svg) ChatGPT](https://www.varonis.com/coverage/chatgpt-enterprise?hsLang=en)[![Image 37: Windows logo](https://www.varonis.com/hubfs/2024%20Website%20Redesign/Coverage%20Nav%20Logos/active-directory-logo-only_nav.svg) Windows File Shares](https://www.varonis.com/coverage/windows-file-shares-and-nas?hsLang=en)[![Image 38: Google Workspace logo](https://www.varonis.com/hubfs/2024%20Website%20Redesign/Coverage%20Nav%20Logos/Google_Drive_icon_(2020)_nav.svg) Google Workspace](https://www.varonis.com/coverage/google-workspace?hsLang=en)[![Image 39: Google Cloud logo](https://www.varonis.com/hubfs/2024%20Website%20Redesign/Coverage%20Nav%20Logos/GoogleCloud_logo_nav.svg) Google Cloud](https://www.varonis.com/coverage/google-cloud?hsLang=en)[![Image 40: Salesforce logo](https://www.varonis.com/hubfs/2024%20Website%20Redesign/Coverage%20Nav%20Logos/Salesforce_logo_nav.svg) Salesforce](https://www.varonis.com/coverage/salesforce?hsLang=en)[![Image 41: Box logo](https://www.varonis.com/hubfs/2024%20Website%20Redesign/Coverage%20Nav%20Logos/Box%2c_Inc._logo_nav.svg) Box](https://www.varonis.com/coverage/box?hsLang=en)[![Image 42: Amazon Web Services logo](https://www.varonis.com/hubfs/2024%20Website%20Redesign/Coverage%20Nav%20Logos/Amazon_Web_Services_Logo_nav.svg) AWS](https://www.varonis.com/coverage/aws?hsLang=en)[![Image 43: Azure logo](https://www.varonis.com/hubfs/2024%20Website%20Redesign/Coverage%20Nav%20Logos/azure_logo_nav.svg) Azure](https://www.varonis.com/coverage/azure?hsLang=en)[![Image 44: Databricks logo](https://www.varonis.com/hubfs/2024%20Website%20Redesign/Coverage%20Nav%20Logos/Databricks_logo_nav.svg) Databricks](https://www.varonis.com/coverage/databricks?hsLang=en)[![Image 45: ServiceNow logo](https://www.varonis.com/hubfs/2024%20Website%20Redesign/Coverage%20Nav%20Logos/ServiceNow_logo_nav.svg) ServiceNow](https://www.varonis.com/coverage/servicenow?hsLang=en)
[See all integrations](https://www.varonis.com/coverage?hsLang=en)[See all security ecosystem integrations](https://www.varonis.com/security-ecosystem-integrations?hsLang=en)
[Customers](https://www.varonis.com/customer-stories?hsLang=en)
 Company 
About Varonis
[Who we are](https://www.varonis.com/company?hsLang=en)[Careers](https://www.varonis.com/careers?hsLang=en)[Investor relations](https://ir.varonis.com/)[Trust & Security](https://www.varonis.com/trust?hsLang=en)[Newsroom](https://ir.varonis.com/news-and-events/press-releases/default.aspx)[Industry recognition](https://www.varonis.com/industry-recognition?hsLang=en)[Contact us](https://www.varonis.com/company/contact?hsLang=en)[Brand](https://brand.varonis.com/?hsLang=en)
Partners
[Partner program](https://www.varonis.com/partners/partner-program?hsLang=en)[Partner locator](https://www.varonis.com/partners/locator?hsLang=en)[Partner portal](https://my.varonis.com/Login)[Buy on AWS marketplace](https://aws.amazon.com/marketplace/pp/prodview-j6ereaak4ibwc?sr=0-1&ref_=beagle&applicationId=AWSMPContessa)[Buy on Azure marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/varonis.flat_rate_model?tab=Overview)[Buy on Salesforce marketplace](https://appexchange.salesforce.com/appxListingDetail?listingId=a0N4V00000IrHxUUAV)
 Resources 
[![Image 46: Blog icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Blog_Icon.svg) Blog Learn from cybersecurity experts.](https://www.varonis.com/blog)[![Image 47: Support icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Support_Icon.svg) Support Get technical support.](https://www.varonis.com/resources/support?hsLang=en)[![Image 48: State of Cybercrime icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/State%20of%20Cybercrime_Icon.svg) State of Cybercrime Video podcast covering the latest cyber news.](https://www.varonis.com/state-of-cybercrime?hsLang=en)[![Image 49: Webinars icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Webinars_Icon.svg) Webinars Educational CPE webinars.](https://www.varonis.com/webinars?hsLang=en)[![Image 50: Events icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Events_Icon.svg) Events Meet the Varonis team in person.](https://www.varonis.com/events?hsLang=en)[![Image 51: Resources icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Resources_Icon.svg) Content library Case studies, white papers, and more.](https://www.varonis.com/content-library?hsLang=en)[![Image 52: CISO resource center icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/CISO_Resource_Center.svg) CISO resource center Strategic leadership tools and advisory resources.](https://www.varonis.com/ciso-resource-center?hsLang=en)[![Image 53: Frostbyte icon](https://www.varonis.com/hubfs/2024%20Website%20Redesign/02_Icon%20Library/Nav%20Icons/Nav_Operation_Frostbyte_Icon.svg) Frostbyte Challenge Test your Snowflake security skills in this 8-bit challenge.](https://www.varonis.com/frostbyte?hsLang=en)
Community
Product documentation, Q&A forums, knowledgebase, and more.
[Learn more](https://my.varonis.com/login)
Product training
On-demand training and how-to videos for the Varonis DSP.
[Learn more](https://www.varonis.com/product-training?hsLang=en)
Varonis Threat Labs
[Follow the latest threat discoveries](https://www.varonis.com/varonis-threat-labs?hsLang=en)
[![Image 54: Reprompt blog hero](https://www.varonis.com/hubfs/Blog_VTL-Reprompt_202512_FNL.png) Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Data](https://www.varonis.com/blog/reprompt?hsLang=en)[![Image 55: Preventing Ransomware blog hero](https://www.varonis.com/hubfs/Blog_PreventingRansomwarebyHours_202509_V1.png) From CPU Spikes to Defense: How Varonis Prevented a Ransomware Disaster](https://www.varonis.com/blog/varonis-prevents-ransomware-disaster?hsLang=en)[![Image 56: Dataflow Rider blog hero](https://www.varonis.com/hubfs/Blog_VTL-DataflowRider_202601_V1.png) How Attackers can Abuse Shadow Resources in Google Cloud Dataflow](https://www.varonis.com/blog/dataflow-rider?hsLang=en)
[Demo](https://info.varonis.com/en/demo-request?hsLang=en)[Demo](https://info.varonis.com/en/demo-request?hsLang=en)
[Blog](https://www.varonis.com/blog)[Threat Research](https://www.varonis.com/blog/tag/threat-research)
 Discover Bluekit, the AI-driven phishing kit that centralizes phishing operations with advanced features like automated domain registration and an AI Assistant. 
![Image 57: Daniel Kelley](https://www.varonis.com/hubfs/DanielHeadshot%20-%20Edited.png)[Daniel Kelley](https://www.varonis.com/blog/author/daniel-kelley)
3 min read
Last updated April 29, 2026
![Image 58: BlueKit phishing kit](https://www.varonis.com/hubfs/Blog_VTL-BlueKit_202604_V1.png)
Contents
At one point in time, the phishing kit market was specialized. Operators bought a credential-harvesting page from one seller, a domain rotator from another, and an SMS gateway from a third. Then they stitched the rest together on their own infrastructure.
[Varonis Threat Labs](https://www.varonis.com/varonis-threat-labs?hsLang=en) recently discovered Bluekit, a new phishing kit pitching a broader model. It advertises 40+ website templates, automated domain purchase and registration, 2FA support, spoofing, geolocation emulation, Telegram and browser notifications, antibot cloaking, and add-ons like an AI assistant, voice cloning, and a mail sender.
The templates we reviewed covered email and cloud accounts, developer platforms, social media, retail, and crypto services, including iCloud, Apple ID, Gmail, Outlook, Hotmail, Yahoo, ProtonMail, GitHub, Twitter, Zoho, Zara, and Ledger.
![Image 59: Bluekit-0](https://www.varonis.com/hubfs/Bluekit-0.png)
Some of the templates Bluekit supports.
![Image 60: Bluekit-0](https://www.varonis.com/hubfs/Bluekit-0.png)
Some of the templates Bluekit supports.
## **What Bluekit ships in one panel**
To see how that held up in practice, we obtained access to Bluekit and reviewed the kit from the inside. That gave us a closer look at the operator dashboard, the site-creation flow, the post-capture panels, and the AI Assistant.
Bluekit pulls several parts of the phishing workflow into one place. The panel covers site creation, domain setup, captured logs, delivery tooling, and campaign support features, with Telegram wired in as the default exfiltration channel.
![Image 61: BlueKit-1](https://www.varonis.com/hubfs/BlueKit-1.png)
The Bluekit dashboard showing the main operator panel.
![Image 62: BlueKit-1](https://www.varonis.com/hubfs/BlueKit-1.png)
The Bluekit dashboard showing the main operator panel.
Operators can buy or connect domains from the same interface used to manage phishing pages and captured logs, rather than splitting that work across separate services.
That setup flow also extends into site creation itself. In the view we reviewed, operators could pick a domain, choose a mode, and select from a broad list of target brands and services, including consumer email providers and developer-facing platforms.
![Image 63: Bluekit-image_replace](https://www.varonis.com/hubfs/Bluekit-image_replace.png)
The Site-creation flow with domain, mode, and template selection.
![Image 64: Bluekit-image_replace](https://www.varonis.com/hubfs/Bluekit-image_replace.png)
The Site-creation flow with domain, mode, and template selection.
Bluekit also exposes fairly granular control over how a site behaves once it is live. In the site-edit view we reviewed, the kit exposed login-detection actions, redirect behavior, anti-analysis checks, spoofing options, and device filters from the same configuration panel.
![Image 65: BlueKit-3](https://www.varonis.com/hubfs/BlueKit-3.png)
Optional site-level controls for redirects, spoofing, and anti-analysis checks.
![Image 66: BlueKit-3](https://www.varonis.com/hubfs/BlueKit-3.png)
Optional site-level controls for redirects, spoofing, and anti-analysis checks.
Those configuration views also exposed proxy settings and site-level checks tied to how sessions were handled after login. That gives the operator more control over what happens once a target leaves the phishing page.
In the Mammoth Details view we reviewed, Bluekit tracked session state, stored repeated dumps of cookies and local storage, and kept a live view of what the target saw after login. That shows the kit is handling more than a basic credential grab, with the panel also surfacing session data after login.
![Image 67: BlueKit-4](https://www.varonis.com/hubfs/BlueKit-4.png)
The target details view with session state and browser-storage dumps.
![Image 68: BlueKit-4](https://www.varonis.com/hubfs/BlueKit-4.png)
The target details view with session state and browser-storage dumps.
## **The AI Assistant under the hood**
We were especially interested in the AI component. Inside Bluekit, the AI Assistant has its own panel and exposes multiple model options, including an abliterated Llama default alongside GPT-4.1, Claude Sonnet 4, Gemini, and DeepSeek variants.
In our testing, we were only able to use the default abliterated Llama model. The commercial options appeared in the interface, but they required additional configuration we did not have.
Even so, their presence is still notable. If those models are usable in practice, they are likely being accessed through jailbroken or otherwise permissive instances, because a standard setup would be more likely to block or censor this kind of output.
![Image 69: BlueKit-5](https://www.varonis.com/hubfs/BlueKit-5.png)
The model selector inside Bluekit’s AI Assistant.
![Image 70: BlueKit-5](https://www.varonis.com/hubfs/BlueKit-5.png)
The model selector inside Bluekit’s AI Assistant.
We used a detailed campaign brief built around an executive phishing scenario: a Microsoft 365 MFA re-verification lure aimed at the CISO of "BlueKit Software," with a branded QR code, a polished email delivery path, and a credential-harvesting login page as the end goal.
![Image 71: BlueKit-6](https://www.varonis.com/hubfs/BlueKit-6.png)
A prompt-and-response view from the AI Assistant test.
![Image 72: BlueKit-6](https://www.varonis.com/hubfs/BlueKit-6.png)
A prompt-and-response view from the AI Assistant test.
We expected something closer to a polished phishing copilot: a finished lure, cleaner email copy, and perhaps even a workable QR-driven flow with less manual effort. What we received was much more limited. The assistant returned a structured campaign draft, and much of it relied on placeholders instead of content that looked ready to use as-is.
![Image 73: BlueKit-7](https://www.varonis.com/hubfs/BlueKit-7.png)
The AI output relying on placeholders and generic scaffolding.
![Image 74: BlueKit-7](https://www.varonis.com/hubfs/BlueKit-7.png)
The AI output relying on placeholders and generic scaffolding.
In close-up, the limitation is easier to see. The draft included a useful structure, but it still depended on generic link fields, placeholder QR blocks, and copy that would need cleanup before use. Bluekit’s AI Assistant looked more like a way to generate a campaign skeleton than a finished phishing flow.
## **Where Bluekit fits in the ecosystem**
Bluekit has been on our radar for a while. Early on, part of the goal was to see whether we could catch the kit in a live campaign. Over time, though, the release cadence became part of the story. The developer kept shipping new features and adding templates quickly enough that keeping up with the changes became just as important as waiting for a single live sample.
![Image 75: BlueKit-8](https://www.varonis.com/hubfs/BlueKit-8.png)
A recent changelog entry showing the pace of feature updates.
![Image 76: BlueKit-8](https://www.varonis.com/hubfs/BlueKit-8.png)
A recent changelog entry showing the pace of feature updates.
Compared with similar phishing kits that have already advanced further into automation and operator convenience, Bluekit still appears to be a kit in active development. The feature set keeps evolving as we track it, and if that pace continues with broader adoption, Bluekit is likely to surface in future campaigns.
Stay up to date on the threat landscape by following [Varonis Threat Labs](https://www.varonis.com/varonis-threat-labs?hsLang=en).
### What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
1
[Schedule a demo with us](https://info.varonis.com/en/demo-request?hsLang=en "https://info.varonis.com/en/demo-request") to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
2
[See a sample of our Data Risk Assessment](https://www.varonis.com/hubfs/docs/DRA-sample.pdf?hsLang=en "https://info.varonis.com/hubfs/docs/DRA-sample.pdf?hsLang=en") and learn the risks that could be lingering in your environment. [Varonis' DRA](https://info.varonis.com/en/data-risk-assessment?hsLang=en "https://info.varonis.com/en/data-risk-assessment") is completely free and offers a clear path to automated remediation.
3
Follow us on[LinkedIn](https://www.linkedin.com/company/varonis "https://www.linkedin.com/company/varonis"), [YouTube](https://www.youtube.com/channel/UCE9xUuH4lhIUDOFR1OHlNNg "https://www.youtube.com/channel/UCE9xUuH4lhIUDOFR1OHlNNg"), and [X (Twitter)](https://twitter.com/varonis "https://twitter.com/varonis") for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.
![Image 77: Daniel Kelley](https://www.varonis.com/hubfs/DanielHeadshot%20-%20Edited.png)
Daniel Kelley Daniel Kelley is a Senior Security Researcher that works with Varonis. Daniel's research topics include the latest threats and tactics employed by cybercriminals, particularly those involving BEC, phishing, smishing, social engineering, and other attacks that exploit the human element.
## Try Varonis free.
Get a detailed data risk report based on your company’s data.
Deploys in minutes.
[Get started](https://info.varonis.com/en/data-risk-assessment?_gl=1*elnbgg*_gcl_au*MTQwOTIwMDgzNC4xNzA1OTYzNTU5&hsLang=en)[View sample](https://www.varonis.com/hubfs/docs/DRA-sample.pdf?hsLang=en&_gl=1*elnbgg*_gcl_au*MTQwOTIwMDgzNC4xNzA1OTYzNTU5)
## Keep reading
Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.
[](https://www.varonis.com/blog/rce-on-azure-cosmos-for-postgresql?hsLang=en)
![Image 78: feeding-frenzy:-rce-on-azure-cosmos-for-postgresql](https://www.varonis.com/hubfs/Blog_VTL-AzureFeedingFrenzy_202605_V1.png)
 Feeding Frenzy: RCE on Azure Cosmos for PostgreSQL 
![Image 79: feeding-frenzy:-rce-on-azure-cosmos-for-postgresql](https://www.varonis.com/hubfs/CobyAbrams.jpg)
 Coby Abrams 
 May 11, 2026 
 See how an Azure Cosmos for PostgreSQL vulnerability enabled remote code execution, its implications, and essential security best practices. 
[](https://www.varonis.com/blog/canvas-attackers-compromise-students-teachers-and-staff?hsLang=en)
![Image 80: canvas-attackers-compromise-275m-students,-teachers,-and-staff](https://www.varonis.com/hubfs/Hero%20%20Breaking%20News%20Hero.png)
 Canvas Attackers Compromise 275M Students, Teachers, and Staff 
![Image 81: canvas-attackers-compromise-275m-students,-teachers,-and-staff](https://www.varonis.com/hubfs/AuthorPhoto_JosephAvanzato_202503.jpg)
 Joseph Avanzato 
 May 8, 2026 
 The Canvas breach reveals how cybercriminals are targeting education: learn how the attack unfolded, what data was exposed, and the risks ahead. 
[](https://www.varonis.com/blog/securing-ai?hsLang=en)
![Image 82: ai-isn’t-the-risk,-uncontrolled-ai-is](https://www.varonis.com/hubfs/Blog_TheAILifecycle_202604_V1.png)
 AI Isn’t the Risk, Uncontrolled AI Is 
![Image 83: ai-isn’t-the-risk,-uncontrolled-ai-is](https://www.varonis.com/hubfs/david-gibson.jpg)
 David Gibson 
 May 5, 2026 
 Discover what it takes to secure AI and why most approaches fall short. 
Platform
[Overview](https://www.varonis.com/data-security-platform?hsLang=en)[Data discovery & classification](https://www.varonis.com/platform/data-discovery-and-classification?hsLang=en)[DSPM](https://www.varonis.com/platform/dspm?hsLang=en)[Database activity monitoring](https://www.varonis.com/platform/database-activity-monitoring?hsLang=en)[Data-centric UEBA](https://www.varonis.com/platform/data-centric-ueba?hsLang=en)[Data access governance](https://www.varonis.com/platform/data-access-governance?hsLang=en)[DLP](https://www.varonis.com/platform/dlp?hsLang=en)[Atlas AI Security](https://www.varonis.com/platform/ai-security?hsLang=en)[Identity resolution](https://www.varonis.com/platform/identity-resolution?hsLang=en)[Identity posture](https://www.varonis.com/platform/identity-posture?hsLang=en)[ITDR](https://www.varonis.com/platform/identity-threat-detection-and-response?hsLang=en)[Interceptor email security](https://www.varonis.com/platform/email-security?hsLang=en)[Interceptor browser security](https://www.varonis.com/platform/browser-security?hsLang=en)[Email data protection](https://www.varonis.com/platform/email-data-protection?hsLang=en)[MDDR](https://www.varonis.com/platform/mddr?hsLang=en)[Varonis Concierge](https://www.varonis.com/platform/concierge-services?hsLang=en)[Athena AI](https://www.varonis.com/platform/athena-ai?hsLang=en)[Changelog](https://www.varonis.com/platform/changelog?hsLang=en)
Solutions
[Insider risk management](https://www.varonis.com/solutions/insider-risk-management?hsLang=en)[Ransomware prevention](https://www.varonis.com/solutions/ransomware-prevention?hsLang=en)[Compliance management](https://www.varonis.com/solutions/compliance-management?hsLang=en)[AI security](https://www.varonis.com/solutions/ai-security?hsLang=en)[Data risk assessment](https://www.varonis.com/solutions/data-risk-assessment?hsLang=en)[Cloud data security](https://www.varonis.com/solutions/cloud-data-security?hsLang=en)[Data lifecycle automation](https://www.varonis.com/solutions/data-lifecycle-automation?hsLang=en)[Dev cycle data security](https://www.varonis.com/solutions/dev-cycle-data-security?hsLang=en)[Finance](https://www.varonis.com/industry/finance?hsLang=en)[Healthcare](https://www.varonis.com/industry/healthcare?hsLang=en)[Manufacturing](https://www.varonis.com/industry/manufacturing?hsLang=en)[SLED](https://www.varonis.com/industry/state-local-and-education?hsLang=en)[US Federal](https://www.varonis.com/industry/federal-government?hsLang=en)
Coverage
[Microsoft 365 & Entra ID](https://www.varonis.com/coverage/microsoft-365-copilot?hsLang=en)[Windows & NAS](https://www.varonis.com/coverage/windows-file-shares-and-nas?hsLang=en)[SaaS Apps](https://www.varonis.com/coverage/saas?hsLang=en)[Cloud infrastructure](https://www.varonis.com/coverage/iaas?hsLang=en)[Databases](https://www.varonis.com/coverage/databases?hsLang=en)[Network](https://www.varonis.com/coverage/network?hsLang=en)[See all integrations](https://www.varonis.com/coverage?hsLang=en)[See all security ecosystem integrations](https://www.varonis.com/security-ecosystem-integrations?hsLang=en)
Company
[Who we are](https://www.varonis.com/company?hsLang=en)[Careers](https://www.varonis.com/careers?hsLang=en)[Investor relations](https://ir.varonis.com/)[Trust & Security](https://www.varonis.com/trust?hsLang=en)[Newsroom](https://ir.varonis.com/news-and-events/press-releases/default.aspx)[Industry Recognition](https://www.varonis.com/industry-recognition?hsLang=en)[Contact us](https://www.varonis.com/company/contact?hsLang=en)[Brand](https://brand.varonis.com/?hsLang=en)[Partner program](https://www.varonis.com/partners/partner-program?hsLang=en)[Partner locator](https://www.varonis.com/partners/locator?hsLang=en)[Partner portal](https://my.varonis.com/Login)
Compare
[BigID](https://www.varonis.com/vs/bigid?hsLang=en)[Concentric AI](https://www.varonis.com/vs/concentric-ai?hsLang=en)[Cyera](https://www.varonis.com/vs/cyera?hsLang=en)[Guardium](https://www.varonis.com/vs/guardium?hsLang=en)[Imperva](https://www.varonis.com/vs/imperva?hsLang=en)[Securiti](https://www.varonis.com/vs/securiti?hsLang=en)
Resources
[Blog](https://www.varonis.com/blog)[Support](https://www.varonis.com/resources/support?hsLang=en)[State of Cybercrime](https://www.varonis.com/state-of-cybercrime?hsLang=en)[Webinars](https://www.varonis.com/webinars?hsLang=en)[Events](https://www.varonis.com/events?hsLang=en)[Content library](https://www.varonis.com/content-library?hsLang=en)[CISO resource center](https://www.varonis.com/ciso-resource-center?hsLang=en)[Community](https://my.varonis.com/login)[Product training](https://www.varonis.com/product-training?hsLang=en)[Varonis Threat Labs](https://www.varonis.com/varonis-threat-labs?hsLang=en)
Compare
[BigID](https://www.varonis.com/vs/bigid?hsLang=en)[Concentric AI](https://www.varonis.com/vs/concentric-ai?hsLang=en)[Cyera](https://www.varonis.com/vs/cyera?hsLang=en)[Guardium](https://www.varonis.com/vs/guardium?hsLang=en)[Imperva](https://www.varonis.com/vs/imperva?hsLang=en)[Securiti](https://www.varonis.com/vs/securiti?hsLang=en)
[](https://www.linkedin.com/company/varonis)[](https://www.youtube.com/@VaronisSystems)[](https://x.com/varonis)[](https://www.instagram.com/varonislife/)
English
[Trust](https://www.varonis.com/trust?hsLang=en)|[Privacy](https://www.varonis.com/privacy-policy?hsLang=en)|[Terms of Use](https://www.varonis.com/terms-of-use?hsLang=en)
 © 2026 Varonis