Phishing volume has doubled over the past year in Cofense telemetry, according to reporting by Infosecurity Magazine, with the email security vendor tying part of that increase to generative AI. The company said attackers are using AI to produce more polished, personalized and convincing phishing emails at greater scale.
The claim should be read as a vendor-observed trend rather than a measurement of all global phishing activity. Still, it matches broader warnings from security firms and government agencies that large language models are lowering the effort needed to write believable lures, translate scams into multiple languages and quickly generate variations designed to slip past basic filters.
What AI appears to change most is not the core phishing playbook, but the speed and quality of execution. Attackers can tailor messages to a target’s role, geography or employer, mimic internal business language more closely and iterate on subject lines or call-to-action text much faster than before. That matters because many users were once trained to spot obvious grammar mistakes and awkward phrasing, signals that are less reliable when AI is involved.
For defenders, the practical risk is higher success rates for credential theft, business email compromise and malicious OAuth consent requests. Sectors with frequent email-based approvals, including finance, healthcare, education and government, may face more convincing impersonation attempts aimed at payroll, procurement, HR and IT help desks.
The trend also reinforces a point many researchers have made since 2023: AI is improving phishing efficiency more than creating a new attack type. Criminals still rely on familiar methods such as spoofed senders, lookalike domains and fake login pages, but AI can make those campaigns cheaper to run and harder to spot. Organizations are being pushed toward stronger identity controls, including phishing-resistant MFA, tighter approval workflows and better detection for anomalous sign-ins after credential theft. Users connecting over public networks should also treat account security and a trusted VPN as basic hygiene, though email and identity defenses remain the primary control here.
