Social engineering remained the top initial access vector for cyberattacks in 2025, with increasing assistance from AI tools, according to a report from ThreatDown. The researchers warn that AI will likely become a core component of social engineering attacks throughout 2026.
“Deepfake voice, image, and video impersonation now requires minimal expertise and only a handful of reference images or seconds of audio,” the researchers write.
“Criminals are using these capabilities across a wide spectrum of attacks: creating fabricated IDs for financial fraud; mimicking IT or helpdesk staff to persuade employees to share passwords, reset multi-factor authentication (MFA), or approve remote access; and impersonating executives to conduct highly convincing forms of CEO fraud.
“ThreatDown expects AI-driven social engineering operations to scale significantly throughout 2026 and to emerge as the dominant form of social engineering used by attackers.”
Attackers have already widely adopted AI to generate phishing lures. Generative AI tools allow threat actors to craft realistic phishing emails with no typos, even if the attacker doesn’t have a good grasp of the target’s language.
“Phishing campaigns used familiar brands and believable lures like secure document downloads,” ThreatDown says. “Increasingly, attackers relied on AI-generated emails to eliminate the errors that many rely on to identify phishing and to produce more polished, convincingly personalized messages at scale.
“Using simple techniques such as checking MX records, attackers served victims fake versions of Google or OneDrive login screens tied to the victims’ own domains. In some cases, victims were redirected to their real inboxes after harvesting credentials to minimize suspicion.”
ThreatDown has the story.
