CybersecurityAI

AI Is Supercharging Phishing

Paul Asadoorian
Paul AsadoorianMar 4, 2026

Why It Matters

Because AI‑powered phishing can bypass conventional defenses and compromise even savvy staff, failing to address this human risk could lead to costly data breaches and erode organizational trust.

Key Takeaways

  • AI dramatically lowers cost of crafting personalized phishing emails.
  • Human risk remains top breach vector despite two decades of training.
  • Tailored attacks can deceive even highly knowledgeable employees like Jason.
  • Traditional phishing defenses overlook broader human capital and insider threats.
  • Organizations must shift focus from tech to comprehensive human risk strategies.

Summary

The video warns that artificial intelligence is dramatically amplifying phishing threats, turning what was once a low‑tech nuisance into a high‑precision weapon against corporate inboxes.

By scraping publicly available data and social‑media profiles, AI can generate hyper‑personalized lures at minimal cost. The speaker notes that even a well‑trained employee like ‘Jason’ can be duped when an email references his specific details, highlighting a surge in success rates over the past two to three years.

He emphasizes that focusing solely on traditional phishing campaigns misses the larger picture of human capital risk, including insider threats. “It’s not just about phishing; it’s about insider threat,” he says, urging a broader risk view.

For businesses, the implication is clear: security programs must evolve beyond periodic awareness training to continuous, AI‑driven monitoring and a holistic human‑risk strategy that treats employees as a critical asset rather than a vulnerability.

Original Description

For more than two decades, organizations have invested in phishing simulations and security awareness training. Yet phishing remains a primary driver of breaches.
What’s changed isn’t just attacker persistence — it’s capability. With AI-powered tools, adversaries can now craft highly personalized phishing messages at scale. Public social media data can be scraped, analyzed, and turned into tailored lures at very low cost. That dramatically increases the odds of success, even against knowledgeable employees.
The deeper issue may not be phishing alone. Framing the problem strictly as “phishing risk” or even “third-party risk” can be too narrow. The broader challenge is human capital risk — which includes social engineering, insider threat, and behavioral vulnerabilities across the organization.
If AI lowers the barrier to highly customized attacks, organizations may need to rethink whether traditional awareness programs are enough — or whether the strategy itself needs to change.
Are you still fighting phishing… or redesigning around human risk?
Subscribe to our podcasts: https://securityweekly.com/subscribe
#Phishing #SecurityWeekly #Cybersecurity #InformationSecurity #AI #InfoSec

Comments

Want to join the conversation?

Loading comments...