Skip to main content
Emerging ThreatsMalware & Ransomware

Phishing campaigns increasingly harness AI to evade detection

Office worker sits at desk with laptop and papers, surrounded by ordinary office atmosphere.

Nearly 86 percent of phishing campaigns KnowBe4 tracked in the past six months involved some sort of use of AI, the cybersecurity and phishing-awareness outfit reports.

KnowBe4: AI in 86% of tracked phishing campaigns

In the seventh edition of its Phishing Threat Trends report, KnowBe4 says AI is now embedded in the vast majority of phishing operations its researchers observed. The firm reports a gradual increase over the past two years: 80 percent of phishing campaigns made use of AI in 2024, 84 percent did so last year, and nearly 86 percent did in the past six months.

KnowBe4 frames that growth as an adoption curve: where once phishing depended on imperfect kits and amateur writing, attackers are now applying widely available AI to scale and refine their outreach.

Automation of reconnaissance and the rise of polymorphic lures

The report highlights more than stylistic improvements. AI is automating reconnaissance and information-gathering phases of campaigns, KnowBe4 says, enabling attackers to comb large quantities of data and feed tailored inputs into AI-generated email lures. The result: polymorphic phishing campaigns that take a base template and make each message unique to the recipient.

Those AI-crafted messages, KnowBe4 argues, are “well-written” and highly personalized, removing the old giveaways — misspellings and poor grammar — that once helped recipients spot fraud. The automation shortens the reconnaissance cycle, gives attackers flexibility to pivot to multiple vectors, and increases the likelihood that a lure will succeed.

Calendar invites and Microsoft Teams impersonations surge

KnowBe4’s data also flags specific second-stage techniques that have grown markedly. Phishing attacks that involve calendar invites increased by 49 percent, the report says, and attacks that use Microsoft Teams messages to impersonate coworkers — often IT support staff — rose by 41 percent.

The report sketches a common multi-step trajectory: an initial email lands in the inbox, followed by a calendar invite or a Teams message purporting to be from IT asking the recipient to reset a password or sign a document. Both methods, KnowBe4 notes, commonly aim to harvest credentials or deliver remote access to the attacker.

Microsoft and the FBI: effectiveness and financial impact

Third-party figures cited alongside KnowBe4’s findings underline the stakes. According to Microsoft, phishing campaigns that use AI lures are 4.5 times more effective than human-crafted ones. The FBI, the article notes, reports U.S. cybercrime losses hit a record $20.87 billion last year, with phishing the most common complaint and AI-related fraud accounting for about $893 million of that total.

The coverage also points to related reporting that illustrates the spread of AI-enabled tooling: a Google executive warning that AI-powered cyberattack kits are “just a matter of time,” DIY phishing kits adding AI capabilities, criminals using large-language models to plant ransomware and fake IT expertise, and an episode in which attackers compromised energy firms’ Microsoft accounts and sent 600 phishing emails.

What this means for technologists, enterprises, and end users

  • Technologists and security teams: Expect reconnaissance and message personalization to become faster and more automated. KnowBe4’s findings suggest defenders should anticipate lures that evade traditional stylistic detection and prepare for coordinated multi-vector campaigns that follow email with calendar or collaboration-platform messages.
  • Affected enterprises and procurement leaders: The rise in calendar-invite and Teams-based attacks means collaboration tools and calendar workflows deserve scrutiny in procurement and incident planning. The economy-level figures cited by the FBI — including $893 million attributed to AI-related fraud — underline the fiscal stakes.
  • End users and the general public: The report’s central warning is simple and direct: polished, personalized messages are not a reliable reason to trust a request. Impersonation of IT staff via collaboration platforms or calendar events is now a common second step in successful campaigns.

The pattern KnowBe4 documents is neither subtle nor mysterious: email remains the common starting point, but AI accelerates the scouting and tailoring that make follow-on calendar invites or Teams messages far more believable. With Microsoft’s assessment that AI lures are multiple times more effective and the FBI’s loss figures highlighting the financial consequences, the shift from clumsy scams to AI-enabled, multi-stage operations is now measurable and consequential.

Read the original story: https://go.theregister.com/feed/www.theregister.com/2026/04/30/modern_phishing_campaigns_ai/