On the morning of December 11, 2025, Reybesa detected a spear phishing incident in which attackers impersonated an Autocar employee, sending a fraudulent email containing a suspicious OneDrive link. The fraudulent email aimed to harvest Microsoft 365 credentials using advanced social engineering techniques.
The incident was proactively communicated by Autocar's IT Department, alerting their contacts not to interact with the message. Subsequently, Alias Robotics, using its CAI (Cybersecurity AI) technology, proactively investigated the attack and assessed the security posture of the affected domain, identifying the technical weaknesses that allowed the impersonation and the real risk of corporate account compromise, enabling Autocar's teams to act directly on the findings without external dependency.
As a co-founding member of ARME (Asociacion de Robotica Movil Espanola), Autocar is at the forefront of industrial automation and digital security, continuously working to strengthen their systems and the sector as a whole.
This mini-video demonstrates how Alias Robotics' CAI (Cybersecurity AI) proactively investigated a spear phishing attack targeting Autocar, identifying domain vulnerabilities and delivering actionable remediation measures. It presents the evaluation of the affected corporate domain, identification of technical weaknesses that enabled the impersonation and the urgent security measures recommended to mitigate risks. It allows viewers to appreciate the structure and depth of the delivered cybersecurity report, enabling the company to implement the recommended actions and strengthening its response capability for future incidents.
CAI represents the first open-source framework specifically designed to democratize advanced security testing through specialized AI agents. By 2028, most cybersecurity actions will be autonomous, with humans teleoperating, making CAI's approach to AI-powered vulnerability discovery increasingly critical for organizational security. The framework transcends theoretical benchmarks by enabling practical security outcomes. CAI achieved first place among AI teams and secured a top-20 position worldwide in the "AI vs Human" CTF live Challenge, earning a monetary reward and various other prizes and bounties ever since then. This performance demonstrates that AI-powered security testing can compete with and often exceed human capabilities in vulnerability discovery.
Explore CAI's source code ❯Autocar is an official dealership of Linde Material Handling Iberica, specializing in the sale, maintenance, and support of industrial vehicles. Founded in 1985 in Spain, the company manages critical corporate communications and accounts through online services, making it a high-value target for spear phishing attacks.
This case study demonstrates how fundamental misconfigurations in the corporate domain allowed attackers to attempt to impersonate an employee, and how proactive evaluation using CAI (Cybersecurity AI) identified vulnerabilities and recommended urgent measures that strengthen digital security, protect corporate assets, and reduce the risk of future attacks.
Time for the exercise: <4 minutes | Cost: 4.33 EUR
CAI-Powered Spear Phishing Analysis
Autonomous
On the morning of December 11, 2025, a spear phishing incident targeting an Autocar employee was detected, in which attackers impersonated the employee via an email containing a suspicious OneDrive link.
The attack was designed to harvest Microsoft 365 credentials using advanced social engineering techniques, exploiting vulnerabilities in the corporate domain configuration that enabled email spoofing.
This incident represented an immediate risk to the security of Autocar's corporate accounts, the integrity of its communications, and the trust of clients and partners, requiring urgent assessment and immediate corrective measures to prevent further compromise.
As a co-founding member of ARME (Asociacion de Robotica Movil Espanola), Autocar is committed to maintaining the highest standards of digital security, which enabled them to quickly respond and take corrective actions using CAI (Cybersecurity AI) technology.
Following responsible disclosure practices, Alias Robotics provided Autocar with an automated evaluation using CAI, enabling the security team to implement corrective actions without external dependency:
These urgent actions allowed Autocar to protect its corporate accounts, reduce the risk of future attacks, and strengthen the company's digital resilience, while managing their security automatically without relying on continuous external assessments.