In a striking development for global cybersecurity, the volume of phishing attacks has more than doubled over the past year, a surge that cybersecurity researchers largely attribute to the rapid adoption of artificial intelligence (AI) by threat actors. According to recent data from security provider Cofense, email security filters flagged a malicious phishing message every 19 seconds in 2025 — a dramatic increase from one every 42 seconds the year before.
Phishing, a longstanding form of cybercrime that tricks people into revealing sensitive information such as login credentials, financial data or personal details, has historically relied on broad, generic messages. But the rise of generative AI tools has changed the game entirely. Today’s attackers leverage AI to craft highly personalized and convincing messages, automate large-scale campaigns, and evade traditional security defences.
Why AI Amplifies Phishing Risk
AI’s contribution to the spread of phishing attacks is multifaceted:
- Personalization at Scale: Instead of generic mass emails, attackers can now use AI to generate tailored messages that reference personal details like a recipient’s name, job title, or interests scraped from social media — increasing the likelihood victims will click malicious links.
- Language and Context: Generative AI models produce text with near-human fluency and in multiple languages, eliminating common spelling or grammatical mistakes that once tipped off savvy users.
- New Delivery Channels: Attackers are expanding beyond conventional email. AI-enhanced scams now also appear via SMS (“smishing”), voice calls (“vishing”), QR-code deception (“quishing”), and even social platforms.
These innovations dramatically increase the volume and sophistication of phishing campaigns, allowing cybercriminals to operate with speed and efficiency once reserved for well-funded, organized groups.
The Broader Cybersecurity Picture
The surge in AI-assisted phishing isn’t an isolated trend. Industry analysis shows that phishing remains a dominant entry point for broader cyberattacks. In fact, social engineering attacks such as phishing were a leading cause of data breaches in recent cybersecurity reports, with attackers continuing to evolve their methods to outpace traditional defences.
Notably, phishing isn’t just a numbers game anymore — it’s becoming hyper-targeted and adaptive. Techniques like deepfake voice impersonation and AI-generated fake websites add layers of deception that challenge both users and security teams.
What This Means for Organizations and Users
For enterprises, the implications are serious. Phishing attacks often serve as the first step in complex intrusions, including ransomware deployment, credential theft, and data exfiltration. Defenders must thus invest in next-generation security solutions that combine AI-powered threat detection with continuous user education and robust authentication practices.
For everyday users, vigilance is key. Simple steps — such as scrutinizing unexpected messages, verifying sender information, and enabling multi-factor authentication — can significantly reduce risk. Awareness campaigns and regular training are also critical to help individuals recognize the subtle cues of sophisticated phishing attempts.
Looking Ahead
As AI continues to evolve, its dual role in cybersecurity — enabling both more advanced attacks and more powerful defences — will shape the future threat landscape. The doubling of phishing attacks in just one year underscores how rapidly cyber threats can escalate when technological advances fall into the wrong hands.
Staying ahead requires a combination of technological innovation, proactive defence strategies, and informed vigilance at every level — from individual users to global organizations.
