“72% say phishing attempts are more convincing than a year ago because of AI-written language.”
AI-written language: why phishing looks more like routine work
Those words come from a report published by Saigiss, which found employees are increasingly unable to distinguish fraudulent messages from normal workplace communication. The report says 64% of respondents believe an AI-generated message could likely impersonate someone they work with, and 57% said AI makes phishing harder to spot because it “feels more professional.” Saigiss frames the trend not as a failure of curiosity or training alone but as a change in the underlying craft of deception: messages shaped by AI appear smoother, more context-aware and therefore more credible.
Actual behavior: clicks, replies, and after-the-fact verification
Saigiss’s numbers show this credibility is already translating into risky behaviors. The report found 63% of respondents clicked a work-related link in the past year and later felt they should have double-checked it first. More than half — 57% — verified a message’s request only after taking action, and 45% replied to a work message and later questioned whether it was legitimate. Those are not hypothetical vulnerabilities; they are documented actions by employees who, at the moment, judged a message as trustworthy and later reconsidered.
Workplace conditions: urgency, multitasking and after-hours pressure
Saigiss links these behaviors to the context in which work happens. Respondents report environments defined by urgency and multitasking, and by expectations that extend beyond the traditional workday. The report found 68% check work email or chat outside normal business hours at least sometimes, and 56% feel pressure to respond after hours at least sometimes. Saigiss argues those time-pressured conditions make it harder for employees to "slow down and verify unusual requests," increasing the chance that polished, AI-assisted phishing succeeds.
Employers: complement training with workflow changes
Saigiss’s central recommendation is procedural: employers may need to complement training with changes that reduce rushed decision-making in daily workflows. The report suggests awareness alone — telling employees to slow down or verify — does not fully address the risk when the work environment incentivizes quick responses. In short, Saigiss sees a need for organizational remedies that change how and when people are expected to act, not only what they are taught to look for.
How security teams, employers, and employees are responding
- Security teams and technologists: Saigiss’s findings imply the task is no longer purely detection-oriented; teams should watch for the operational conditions that turn polished messages into successful scams and consider controls that reduce the need for split-second trust decisions.
- Employers and procurement leaders: The report signals a potential shift from sole reliance on awareness campaigns toward modifying workflows and after-hours expectations — for example, reducing the pressure that leads people to act before verifying.
- Employees and end users: The numbers show many already recognize the problem in hindsight — 63% regretted clicking a link, 45% questioned a message after replying — which suggests people are vulnerable even when they know the risk.
Saigiss’s data paints a clear, if sobering, picture: more polished, AI-generated language is elevating the baseline trustworthiness of fraudulent messages at precisely the moments when workers are most likely to act quickly. With 57% saying AI makes phishing feel more professional and a majority admitting to after-the-fact verification or regret, the question for organizations is concrete: can training be reshaped into processes and expectations that give employees the time and institutional support to verify before they click?
