AI Drives Doubling of Phishing Attacks in a Year

Artificial intelligence has moved from a novelty tool to the backbone of modern phishing operations. By automating content creation, language translation, and payload customization, AI enables threat actors to launch campaigns that adapt in real time to each recipient’s environment. This capability produces polymorphic emails that change logos, URLs, and even the type of malware delivered, making signature‑based filters obsolete and overwhelming security teams with a flood of unique threats.

The implications extend beyond email inboxes. The report highlights a 105% surge in remote access tool detections, as attackers pair AI‑crafted lures with legitimate remote‑desktop software to bypass traditional defenses. The dramatic rise of the .es top‑level domain—up 19‑fold—illustrates how adversaries exploit low‑profile infrastructure to evade reputation‑based blocking. Enterprises must therefore adopt a layered strategy that incorporates user behavior analytics, real‑time threat intelligence, and continuous post‑delivery analysis to identify malicious intent that static controls miss.

For security vendors and corporate defenders, the data signals a clear market shift. Investment in AI‑enhanced detection platforms, automated response playbooks, and employee awareness programs tailored to conversational phishing will become essential. As AI lowers the barrier to entry for sophisticated attacks, organizations that integrate adaptive, context‑aware defenses will be better positioned to protect critical assets and maintain trust in an increasingly hostile digital landscape.