BlackBox AI tooling identified in Brazil-targeted phishing campaign (high) Aug 8, 2025 — Zscaler ThreatLabz reported (as covered by The Hacker News) that threat actors used legitimate generative-AI website-building tools “like DeepSite AI and BlackBox AI” to create replica phishing pages impersonating Brazilian government agencies (State Department of Traffic and Ministry of Education). The report notes actors used SEO-poisoning to boost visibility and that source-code analysis revealed signatures consistent with generative-AI tooling (e.g., overly explanatory comments and non-functional elements). This indicates BlackBox AI’s tooling can be and has been leveraged to produce scalable, high-impact phishing infrastructure. Source: The Hacker News reporting Zscaler ThreatLabz findings (Aug 8, 2025).. Company website asserts 'trusted by +10M users and Fortune 500' without visible third‑party corroboration (medium) Company-owned website (BLACKBOX.AI) pages publicly claim: “trusted by +10 M users and Fortune 500 companies” and market the product as an AI agent used by millions. The claim appears on the company site (brand marketing copy) but the available public profile data and independent press listings provided in the research package do not include verifiable third‑party confirmations (press releases, partner lists, or specific named Fortune 500 customers) to substantiate the 10M / Fortune 500 assertion. Source: BLACKBOX.AI homepage content captured in search results.. Not accredited by Better Business Bureau (low) Business profile listing on the Better Business Bureau indicates “Blackbox AI Inc. is NOT a BBB Accredited Business.” (BBB accreditation requires vetting and adherence to BBB standards; lack of accreditation is documented on the BBB site.) While non‑accreditation alone is not proof of wrongdoing, it is a concrete public data point about third‑party trust/validation status. Source: BBB business profile for Blackbox AI Inc.. Inconsistent public headcount / profile data across business directories (low) Public profile data captured in search results lists conflicting headcount figures: one aggregated profile shows “Employees 138 (85 on RocketReach),” and lists 6,973 LinkedIn followers and other variable metrics. The presence of multiple, inconsistent employee counts (138 vs. 85) and differing follower counts across directory snapshots indicates lack of consistent, verifiable public disclosures about company scale. Source: aggregated company profile / directory listings (PitchBook / RocketReach / LinkedIn snapshots via search results).