It smelled like a phishing email three years ago. A request that seemed to have been translated twice, a greeting that didn’t quite fit the sender’s typical tone, or a comma that was misplaced all seemed a little strange. Security teams focused their entire training curriculum on that odor. Look for the typo, consider the urgency, and hover over the link. For the better part of twenty years, it was largely successful.
It is no longer functional, or at least not dependable. The telltale signs that once distinguished a scam from a typical Tuesday email have been subtly eliminated by generative AI, and those who are responsible for this professionally are, by their own admission, concerned.
In 2022, Stephanie Carruthers, who conducts simulated cyberattacks for IBM’s X-Force team, recalls being asked if AI would result in her losing her job. Until a model could truly comprehend a target sufficiently to create a campaign against them specifically, she didn’t think so. As it happened, that moment came sooner than she had anticipated. “With very few prompts, an AI model can write a phishing message meant just for me,” she stated. “That’s terrifying.” Hearing this from someone whose whole profession is centered around remaining composed in the face of danger is peculiar.
The figures support the anxiety. Outseer’s tracking shows that through 2022, phishing volume increased at a fairly average rate of thirty percent annually, which is the kind of steady increase fraud analysts had come to terms with. After that, it almost tripled between 2023 and 2024. Not a bump. a structural change that persisted through 2025 and doesn’t appear to be reversing.
The motivation was not altered. It was the price of performing the task. In an experiment, Carruthers’ team contrasted an AI-generated phishing email with one written by a human. Five minutes passed for the AI version. In order to make the pretext plausible, a group of people creating something similarly convincing needed about sixteen hours, the majority of which was spent searching through job postings, press releases, and LinkedIn profiles. The difference between five minutes and sixteen hours is essentially the whole story. Nearly no patience is needed for research that used to require it.
The methods by which attackers obtain their material are almost unremarkable. A scammer can determine which software vendors to pose as by looking at a job posting that lists the company’s tech stack. Who reports to whom can be seen in a LinkedIn bio. All of this information is in plain sight and has always been; it is not secret. The vulnerability wasn’t created by generative AI. It simply became much more adept and quick at taking advantage of it.
Grammar errors, which were once the first line of defense taught to workers worldwide, are now essentially useless. Fingerprints are left by cybercriminals who write in a second or third language. The prose now reads smoothly in almost every major language, polished to the point where it no longer stands out. Security trainers are having to completely rework their pitch, focusing on more subtle aspects like emotional pressure, artificial urgency, and the tone of a message that demands something from you immediately rather than spelling.
All of this was valued in a recent Osterman Research report that IRONSCALES commissioned. Even though AI-assisted defenses have accelerated the resolution of individual incidents, phishing now costs security teams approximately $52,000 per analyst annually, up from roughly $45,700 in 2022. The unsettling paradox at the core of this entire change is that both sides have access to AI, but the attackers’ increases in speed and volume are simply outpacing the defenders’ increases in efficiency. Phishing is now considered a high or extreme threat by half of the organizations polled, which is almost twice as many as in 2022.
It’s difficult to ignore the symmetry in this situation, where every defensive advancement appears to be followed almost instantly by an offensive one. It’s genuinely unclear when that balance will tip back in favor of defenders. Some analysts anticipate that AI-driven detection will eventually catch up. Others are less certain that the gap closes at all after examining the trend lines over the previous three years.
