Bot her emails: most modern phishing campaigns are AI-enabled

KnowBe4 says 86% of phishing it tracked used AI, and inboxes are only the start

by · The Register

Give a man a phishing kit and he might get lucky a couple of times; teach an AI to phish and it'll change the landscape, if KnowBe4's latest phishing trends report is accurate.

The cybersecurity and phishing awareness outfit released the seventh edition of its Phishing Threat Trends report on Thursday, and it appears that the internet's legions of phishermen are turning to AI in more ways, and more often, than ever thanks to their widespread adoption of AI.

Nearly 86 percent of phishing campaigns KnowBe4 threat researchers have picked up on in the past six months have involved some sort of use of AI, according to the report. That's a gradual, steady increase over the past two years, too. 80 percent of phishing campaigns made use of AI in 2024, and 84 percent did so last year, suggesting holdouts are increasingly adopting the tech to broaden their reach. 

That number may be troubling enough, but it's how AI is being used that KnowBe4 points out is the biggest problem. Well-written, highly personalized AI-crafted phishing messages are bad enough, but AI is also automating the reconnaissance and info gathering phases of a campaign, speeding up the phishing process and giving attackers more time to shift to multiple attack vectors to better gain their victims' trust. 

While the report doesn't compile vectors as a share of total phishing attacks, it does note that there has been a 49 percent increase in phishing attacks that involve calendar invites, and a 41 percent increase in attacks that involve Microsoft Teams messages impersonating coworkers like IT support employees in order to harvest credentials and the like.

Savvy multi-vector phishing operations still often start with an email, and that's one of the big areas where AI is broadening phishing horizons, according to the report. Automated reconnaissance enables attackers to comb through masses of information, extract target data, and feed that into AI-generated email lures. Those polymorphic phishing campaigns take a base template, jazz it up and make it unique to each individual, and voilà, a phishing message that's far less likely to be noticed than the typical one that relies on misspellings and bad grammar to weed out those capable of critical thought. 

The report's data suggests that emails are only the start of the modern phishing campaign, however, as those increases in calendar invites and malicious Teams messages are often the second stage in an attack. 

As IT teams are one of the most common groups impersonated by phishing attacks, one can easily imagine a phishing email followed by a Teams message from someone claiming to be from the help desk and demanding you click on a link to reset your password, or read and sign a new policy via DocuSign, etc. Both methods ultimately deliver credentials or remote access to an attacker, giving them what they were after.

According to Microsoft, phishing campaigns involving AI lures are 4.5 times more effective than human-crafted ones. Meanwhile, the FBI says US cybercrime losses hit a record $20.87 billion last year, with phishing the most common complaint and AI-related fraud accounting for about $893 million of that total. ®

AI-powered cyberattack kits are 'just a matter of time,' warns Google exec: Security chief says criminals are already automating workflows, with full end-to-end tools likely within yearsConnor Jones, 23 Jan 2026Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry: Because coding phishing sites from scratch is a real pain in the neckJessica Lyons, 25 Apr 2025Crims laud Claude to plant ransomware and fake IT expertisecomment: AI lowers the bar for cybercrime, Anthropic admitsThomas Claburn, 27 Aug 2025Crims compromised energy firms' Microsoft accounts, sent 600 phishing emails: Logging in, not breaking inJessica Lyons, 22 Jan 2026