https://www.knowbe4.com/press/knowbe4-research-finds-86-of-phishing-attacks-are-ai-driven
New research from cybersecurity awareness training firm KnowBe4 has uncovered a striking and alarming trend in the phishing threat landscape: a staggering 86% of phishing attacks are now being driven by artificial intelligence. The findings highlight a dramatic shift in how cybercriminals are crafting and deploying phishing campaigns, leveraging AI to produce more convincing, personalised, and difficult-to-detect malicious communications at unprecedented scale. The report signals a fundamental change in the nature of social engineering threats facing organisations of all sizes across every industry.
AI-powered phishing attacks are proving far more effective than their traditionally crafted counterparts, as the technology enables threat actors to generate highly polished, contextually relevant lures that can evade both human scrutiny and conventional email security filters. By automating the creation of targeted phishing content, attackers can now launch sophisticated campaigns that previously required significant time, resources, and expertise, dramatically lowering the barrier to entry for cybercriminals while simultaneously raising the stakes for defenders. The use of AI also allows for rapid iteration and customisation of phishing messages, making it increasingly difficult for employees to distinguish malicious emails from legitimate communications.
The research serves as a urgent call to action for organisations to modernise their security awareness training programs to address the evolving AI-driven threat environment. KnowBe4 emphasizes that human-layer defenses must keep pace with the sophistication of AI-generated attacks, urging businesses to invest in continuous, adaptive security training that educates employees on recognizing the subtle hallmarks of AI-crafted phishing attempts. As threat actors continue to embrace AI as a force multiplier, organisations that fail to evolve their defences risk becoming increasingly vulnerable to a new generation of highly effective social engineering attacks.