Reuters recently published a joint experiment with Harvard, where they asked popular AI chatbots like Grok, ChatGPT, DeepSeek, and others to craft the “perfect phishing email.” The generated emails were then sent to 108 volunteers, of whom 11% clicked on the malicious links.
With one simple prompt, the researchers were armed with highly persuasive messages capable of fooling real people. The experiment should serve as a stern reality check. As disruptive as phishing has been over the years, AI is transforming it into a faster, cheaper, and more effective threat.
For 2026, AI phishing detection needs to become a top priority for companies looking to be safer in an increasingly complex threat environment.
The emergence of AI phishing as a major threat
One major driver is the rise of Phishing-as-a-Service (PhaaS). Dark web platforms like Lighthouse and Lucid offer subscription-based kits that allow low-skilled criminals to launch sophisticated campaigns.
Recent reports suggest that these services have generated more than 17,500 phishing domains in 74 countries, targeting hundreds of global brands. In just 30 seconds, criminals can spin up cloned login portals for services like Okta, Google, or Microsoft that are virtually the same as the real thing. With phishing infrastructure now available on demand, the barriers to entry for cybercrime are almost non-existent.
At the same time, generative AI tools allow criminals to craft convincing and personalised phishing emails in seconds. The emails aren’t generic spam. By scraping data from LinkedIn, websites, or past breaches, AI tools create messages that mirror real business context, enticing the most careful employees to click.
The technology is also fuelling a boom in deepfake audio and video phishing. Over the past decade, deepfake-related attacks have increased by 1,000%. Criminals typically impersonate CEOs, family members, and trusted colleagues over communication channels like Zoom, WhatsApp and Teams.
Traditional defences aren’t getting it done
Signature-based detection used by traditional email filters are insufficient against AI-powered phishing. Threat actors can easily rotate their infrastructure, including domains, subject lines, and other unique variations that slip past static security measures.
Once the phish makes it to the inbox, it’s now up to the employee to decide whether to trust it. Unfortunately, given how convincing today’s AI phishing emails are, chances are that even a well-trained employee will eventually make a mistake. Spot-checking for poor grammar is a thing of the past.
Moreover, the sophistication of phishing campaigns may not be the main threat. The sheer scale of the attacks is what is most worrying. Criminals can now launch thousands of new domains and cloned sites in a matter of hours. Even if one wave is taken down, another quickly replaces it, ensuring a constant stream of fresh threats.
It’s a perfect AI storm that requires a more strategic approach to deal…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
