Phishing has long been one of the most common entry points for cyberattacks. But thanks to artificial intelligence (AI), the tactic is evolving into something faster, cheaper, and far harder to spot.
A recent joint experiment by Reuters and Harvard underscored the danger. Researchers asked popular AI chatbots, including Grok, ChatGPT, and DeepSeek, to craft persuasive phishing emails. When the messages were tested on 108 volunteers, 11% clicked on the malicious links—a reminder that even cautious people can be fooled when phishing campaigns are powered by AI.
As we move into 2026, experts warn that defending against AI-driven phishing will be one of cybersecurity’s top priorities.
Maxime Cartier.webp)
The Rise of AI-Powered Phishing
Phishing is no longer a manual craft reserved for skilled attackers. Today, Phishing-as-a-Service (PhaaS) platforms like Lighthouse and Lucid make it easy for almost anyone to launch professional-looking campaigns.
Reports suggest these services have generated more than 17,500 phishing domains across 74 countries, many targeting well-known global brands. In as little as 30 seconds, criminals can spin up cloned login portals for platforms like Microsoft, Google, or Okta—pages that look almost identical to the real thing.
The Hacker News
Adding AI into the mix makes the threat even more dangerous. Instead of clumsy spam, AI tools can create emails tailored to specific targets using data scraped from LinkedIn, websites, or leaked databases. The result: messages that sound authentic, reference real business context, and are almost impossible to dismiss at a glance.
The threat doesn’t stop at email. Deepfake audio and video attacks—up more than 1,000% in the past decade—are increasingly used to impersonate CEOs, colleagues, or even family members over Zoom, WhatsApp, and other communication platforms.
Why Traditional Defenses Are Struggling
Most corporate email filters rely on signature-based detection: scanning for known indicators like domains, subject lines, or common keywords. But AI-driven campaigns can quickly rotate their content and infrastructure, slipping through static defenses with ease.
Yash Mehta
That leaves the burden on employees to decide whether to trust a message. The problem? AI-generated phishing emails rarely contain the typos or grammatical errors that used to give them away. Even well-trained staff can be deceived.
The scale of these attacks is equally alarming. Criminals can churn out thousands of phishing sites in hours. Even if security teams manage to take one down, dozens more are already live.
Key Strategies for AI Phishing Detection
Cybersecurity experts stress that organizations need a multi-layered approach to stay ahead of this new wave of threats:
- Smarter AI-based detection: Instead of static filters, advanced natural language processing (NLP) models can analyze email tone, phrasing, and structure to spot subtle anomalies that humans might overlook.
- Employee training through simulations: Since some attacks will inevitably land in inboxes, simulation-based training remains vital. The most effective programs mimic real-world phishing campaigns tailored to an employee’s role, building the “muscle memory” to report suspicious activity quickly.
- Behavior monitoring (UEBA): User and Entity Behavior Analytics can detect unusual logins, mailbox changes, or other anomalies, ensuring that even if a phishing attempt succeeds, it doesn’t escalate into a larger breach.
The Bottom Line
AI is changing the game for cybercriminals, making phishing more scalable, personalized, and convincing than ever before. Heading into 2026, organizations that rely on outdated defenses risk falling behind.
The path forward isn’t just about deploying smarter tools—it’s about combining AI-driven detection, continuous monitoring, and employee readiness. Companies that strike this balance will be far better positioned to withstand the next generation of phishing attacks.
