Back to blog

AI Phishing: How Artificial Intelligence Is Revolutionizing Cybersecurity Threats

October 20, 2025 Grzegorz Tworek 6 min read

Artificial intelligence is dramatically increasing the effectiveness and scale of phishing attacks in 2025

AI-powered phishing attacks representation

Cover image for the AI phishing article

The AI revolution in phishing - the scale of the threat in 2025

According to the latest research conducted by cybersecurity experts, 97% of professionals fear that their organization will become the target of an AI-powered attack, and 93% expect daily AI attacks in the coming year. These statistics are not exaggerated - this is the reality of 2025.

CybelAngel's External Threat Intelligence report revealed that as early as 2024, 67.4% of all phishing attacks already used some form of artificial intelligence. In the first quarter of 2025, 19% more deepfake incidents were recorded than in all of 2024, demonstrating the exponential growth of this type of threat.

How AI is changing the face of phishing

Personalized attacks at an unprecedented scale

The FBI warns that AI is dramatically increasing the speed, scale, and automation of phishing schemes, helping fraudsters create "highly convincing messages tailored to specific recipients." Tools such as ChatGPT are being used to analyze employees' main concerns and turn those pain points into convincing phishing emails - completely free of grammatical errors.

Key mechanisms of AI phishing:

  • Communication style analysis: AI replicates the tone, grammar, and style of real individuals, making phishing emails appear more authentic
  • Dynamic content tailoring: AI systems analyze social media profiles and adapt messages to specific recipients
  • Multi-channel fraud: Beyond email, AI now enables deepfake video and voice cloning, allowing attackers to impersonate executives and colleagues

Deepfakes - a new era of fraud

Deepfake technology reached a tipping point in 2025. AI can generate voice clones that convincingly mimic executives in live phone calls, and produce video that simulates leaders in virtual meetings to approve fraudulent transfers or request confidential information.

A real-world case: In 2024, a multinational company fell victim to a deepfake scam that cost the business $25 million in damages. During a call, a CFO authorized a $25 million payment for what an employee believed to be a legitimate business reason.

According to the latest data, 53% of finance professionals experienced deepfake fraud attempts in 2024, indicating the scale of the problem in high-value sectors.

Autonomous attacks - the future is already here

On November 13, 2025, Anthropic reported how its AI tool Claude Code was used to carry out a fully automated, sophisticated attack targeting large technology firms, financial institutions, manufacturing companies, and government agencies. This shows how AI is evolving toward fully autonomous attacking systems.

The evolution of Business Email Compromise (BEC)

Compromised accounts enable AI tools to conduct dynamic, multi-stage conversations with employees. Attackers can analyze internal workflows, invoicing cycles, and approval structures, making their financial fraud attempts remarkably believable.

New AI-powered BEC tactics:

  • Communication pattern analysis: AI learns the email style of management from past correspondence
  • Attack timing: AI systems analyze the corporate calendar and strike at optimal moments
  • Business context: AI incorporates real projects and deadlines into fraudulent payment requests
  • Multi-stage communication: The ability to conduct sustained conversations that build trust

Why phishing campaigns are critical in the age of AI

Effectiveness statistics leave no illusions

In the face of growing AI phishing threats, simulation campaigns are becoming absolutely critical for every organization. The latest research provides irrefutable evidence of their effectiveness.

The documented ROI of phishing campaigns

  • 276% ROI over 3 years according to the KnowBe4 report, with a payback period of under 3 months
  • 37x return on investment on average across phishing testing programs
  • 90% reduction in the risk of phishing attacks at companies with regular training
  • 97% improvement in the speed of employee responses to phishing attempts

Concrete numerical results

Organizations starting with a "phish-prone percentage" above 30% reduce it to just 5% after a year of consistent simulations and training. The latest data from 2025 shows that the share of personnel likely to fall for phishing attacks dropped to 4.1% after 12 months of security training.

Employees as active defenders

According to the Verizon 2025 Data Breach Investigations Report, employees who had recently received phishing training were four times more likely to report phishing emails, increasing the reporting rate from just 5% to 21%. This is proof that effective training transforms employees from the weakest link into the first line of defense.

A key shift in perspective: Instead of viewing employees as the weakest link, phishing training transforms them into active defenders. They learn to recognize threats and know how to report phishing attacks, providing valuable intelligence to IT and security teams in real time.

A modern approach to phishing campaigns in 2025

Personalization and continuity

The effectiveness of phishing campaigns in 2025 depends on personalization and continuity. Modern platforms automatically build individual learning paths for each employee and select simulated phishing campaigns based on the employee's skills, role, and location.

Employees receive gamified cyber threat simulations and interactive training on their weakest skills approximately every 10 days, ensuring they are well prepared to recognize and report suspicious real-world emails.

Key performance indicators (KPIs)

Tracking key performance indicators (KPIs) such as click rates in simulations, reporting rates, and knowledge assessment scores over time is essential, because this data indicates return on investment (ROI), highlights progress, and points to areas that need additional attention.

The most important metrics to track:

  • Phish-prone percentage: The share of employees susceptible to phishing
  • Reporting rate: The frequency with which suspicious messages are reported
  • Time to report: The speed of response to suspicious emails
  • Repeat offender rate: The share of employees who repeatedly fall victim
  • Knowledge retention: The level of knowledge retained over time

Defending against AI phishing: a multi-layered approach

Technical solutions

Integrated AI detection tools are the most effective way to identify and report AI-powered phishing attempts. AI algorithms analyze email patterns, metadata, and content to identify anomalies that indicate phishing attempts. Advanced machine learning identifies manipulated audio or video content, thwarting deepfake-assisted attacks.

Human-centered defense

With proper training and awareness, employees can become the strongest defense against these evolving cyber threats. The most effective defense combines technical deepfake detection tools with strict verification protocols that require multiple independent confirmation channels.

The golden rule of verification: Never approve financial transactions based solely on audio or video requests. Establish code words or questions that only genuine contacts would know.

The future of AI phishing: what lies ahead

It is not a question of whether AI-enhanced phishing will become dominant, but when. Experts are unanimous: "In the near future, AI will power far more phishing attacks - everything from text-based impersonation to deepfake communication will become cheaper, more convincing, and more popular among threat actors."

The data shows that while fully AI-generated phishing is still relatively limited, AI-assisted attacks are becoming increasingly sophisticated and widespread, requiring organizations to adopt multi-layered defensive strategies that combine advanced technology with comprehensive employee training.

Conclusion: act now or pay later

The year 2025 brings a fundamental shift in the cybersecurity landscape. AI phishing is no longer a theoretical threat of the future - it is today's reality, one that demands immediate action. Organizations that fail to implement phishing campaigns and security awareness programs expose themselves to financial losses that can reach millions of dollars.

Phishing campaigns are no longer an option but a business necessity. A 276% ROI over three years and a documented 90% reduction in risk are arguments that cannot be ignored. In a world where a single successful deepfake attack can cost $25 million, investing in employee awareness is the best money you can spend in a cybersecurity budget.

Back to blog