'AI-generated phishing became the baseline' for hackers last year – Kaseya warns it's going to get worse in 2026 - IT Pro

(Image credit: Getty Images) Share Copy link Facebook X Linkedin Bluesky Share this article Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter AI-generated phishing “became the baseline” for cyber crime operations last year, according to new research from Kaseya. Findings from the company’s annual report on email security highlight how quickly hackers have managed to take advantage of generative AI models across operations. The study showed 2025 was an "inflection point" for phishing and AI, with malicious emails now generated by AI by default. That fits with a previous report from Google that hackers are trying to use its Gemini model to augment their attacks. Kaseya pointed to industry research that showed 83% of phishing emails use AI content in some way, with 40% of business email compromise (BEC) attacks using generative AI in some capacity. The results aren’t surprising, according to Kaseya, especially given AI-generated phishing emails have a 54% click rate, versus 12% for standard malicious messages. That's in part down to attacks that react to current events, better formatting and grammar, and personalized messaging, the report noted. “In the past year, AI-generated phishing became the baseline,” said Dave Baggett, SVP of Security Suite at Kaseya. “Attackers can now produce highly convincing messages at scale, which means the traditional signals security tools relied on for years — bad grammar, suspicious domains, obvious links — are disappearing." Harder to defend Baggett warned that AI-generated phishing campaigns are presenting security practitioners with new challenges, particularly with regard to detection. “Defenders now have to evaluate intent and context, not just indicators,” he said. Indeed, the report notes that AI tools mean attackers can ditch templates that lead to detectable repetition, meaning spam-spotting systems have to work harder to filter out phishing messages. The plus side for enterprises is that AI-powered tools are helping take the fight to cyber criminals. New detection models, contextual understanding, and other AI-powered techniques are helping security teams respond rapidly. "The next phase of email security will not be defined by filtering alone, but by AI systems capable of analyzing messages holistically and adapting continuously as tactics evolve," the report predicted. Staying ahead of the curve remains a challenge, however. IBM warned last year that AI adoption is outpacing AI security, and TrendMicro spotted that hackers were using AI to read through intelligence reports to help better target their attacks. Phishing losses are skyrocketing The report noted that 26% of cyber crime complaints filed to the FBI were down to phishing, adding that while losses from ransomware had fallen 79%, the costs from phishing climbed by 275% from $18.7 billion to $70 billion annually. Kaseya said this wasn't because ransomware was disappearing, but because companies were getting better at responding and had improved their backup strategies. "Instead, it reflects a strategic shift: attackers are increasingly applying phishing and business email compromise (BEC) schemes as lower-risk, high-return alternatives to disruptive encryption-based attacks," the report said. Eight-in-ten of these attacks target small and medium-sized businesses (SMBs) rather than larger counterparts, the company noted, with an average loss per incident of $50,000 for SMBs. Brand impersonate is still a go-to for hackers Attackers continue to use brand impersonation to fool victims – styling their malicious emails to look like they came from major companies or the government, for example. INKY detected 6.7 billion brand impersonation emails in the second half of 2025, with the vast majority – more than 5.3bn – from just 25 well-known brands. Kaseya found that no-payload phishing was increasingly common, with these brand impersonation emails no longer including dodgy links or malicious attachments. In their place, they offer phone numbers, try to trick victims into hitting reply, or use QR codes. "These techniques reduce detectable indicators while increasing reliance on user decision-making," the report noted. While phishing dominates the fraud universe, Kaseya also pointed to the rise of new techniques including call centers and emergency scams. "These figures reflect a broader shift toward social engineering-driven fraud – scams that exploit urgency, fear and trust rather than technical vulnerabilities," the report notes. "Many of these schemes begin or are supported by phishing-based email campaigns." FOLLOW US ON SOCIAL MEDIA Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews. You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky. Nicole Kobie Freelance journalist Nicole Kobie first started writing for ITPro in 2007, with bylines in New Scientist, Wired, PC Pro and many more. Nicole the author of a book about the history of technology, The Long History of the Future. Latest OpenAI says AI tools are paying dividends for SMBs, but uptake is sluggish in several UK regions AMD and Samsung forge closer ties on AI memory, potential foundry deal You might also like Interpol teams up with tech firms to seize 45,000 malicious IPs, servers in global cyber crime crackdown Is your new hire an AI clone? Microsoft says North Korean hackers are using AI to impersonate job seekers and steal company secrets LastPass issues alert as customers face second major phishing campaign of 2026 A single compromised account gave hackers access to 1.2 million French banking records Starkiller: Cyber experts issue warning over new phishing kit that proxies real login pages Security experts warn Substack users to brace for phishing attacks after breach Google issues warning over ShinyHunters-branded vishing campaigns Hackers are using LLMs to generate malicious JavaScript in real time – and they’re going after web browsers VIEW MORE ▸