80% of phishing attacks use AI

Generative AI offers significant opportunities for making phishing more sophisticated. In over 65% of cases, it is used to create emails that look natural, are personalized, and closely mimic the communication style of corporate or government organizations. In approximately half of incidents, AI and ML are used to automate mass emails, allowing for a hundredfold increase in victim reach. More complex scenarios, such as victim analysis, attack evaluation, and data filtering, are less common—appearing in about a quarter of cases.

Experts also note a shift in the targets of phishing attacks. In the first eight months of 2025, the volume of spear-phishing attacks increased by 37% compared to the same period in 2024. This indicates that attackers are changing their approach to preparation and targeting, using phishing not only for financial crimes but also to gather information needed to further develop their attacks.

"Today, more than 85% of attacks begin with phishing, meaning the vast majority of criminals are using artificial intelligence to carry out their attacks. This tool allows for increased effectiveness of each attack by automating and accelerating routine actions. This is one of the reasons why information security specialists are also beginning to use artificial intelligence—to increase their efficiency and focus their staff on more complex issues."

Pavel Kovalenko, Director of the Anti-Fraud Center at Informzashita

To counter these threats, businesses are advised to use effective anti-fraud systems with AI modules that automatically detect and block phishing emails. Regular employee awareness programs, accompanied by practical exercises, are an important element of protection. Furthermore, offensive security is becoming increasingly important, with specialists conducting tests that simulate the actions of attackers to identify both vulnerable employees and weaknesses in security systems.