Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    AI-Powered Spear Phishing Can Now Outperform Human Attackers

    Screensaver Spear Phishing CampaignResearchers at Hoxhunt have found that AI agents can now outperform humans at creating convincing phishing campaigns.

    The researchers state that in 2023, AI-powered phishing was 31% less effective than humans. In November 2024, it was 10% less effective than humans. Then in March 2025, the AI was 24% more effective than humans.

    “This public finding could be considered an inflection point for the threat landscape,” the researchers state. “AI’s superiority in social engineering will transform cybersecurity risks, attacks, and defenses. Advances in AI Large Language Models are simultaneously disrupting the social engineering landscape and the cybersecurity training category. The co-evolution of attacks and protections must be considered when evaluating the rising threat of blackhat generative AI applications.”

    Currently, these types of sophisticated AI-powered attacks are limited to targeted spear phishing campaigns. However, commodity phishing kits will likely incorporate these features at some point in the near future.

    “It is only a matter of time until AI agents disrupt the phishing landscape,” the researchers write. “For now, there are many anecdotal media accounts of highly targeted, sophisticated AI spear phishing attacks that leveraged AI. These are typically bespoke campaigns. Soon, the phishing-as-a-service market will shift to mass adoption of AI Spear Phishing Agents. Once that happens, the baseline quality and effectiveness of mass phishing campaigns will rise to a level we currently equate with targeted spear phishing attacks.”

    Organizations should begin preparing now for unskilled cybercriminals to gain access to these sophisticated AI capabilities.

    “Disruption happens gradually and then all at once, to paraphrase Clayton Christensen,” the researchers write. “We must be prepared for when the inevitable disruption to the phishing-as-a-service market occurs, as AI-generated phish become more effective, easier to adopt, and ultimately more lucrative for criminals.”

    New-school security awareness training can help your employees keep up with evolving social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Hoxhunt has the story.

     

    Return To KnowBe4 Security Blog

    Stop Advanced Phishing Attacks with KnowBe4 Defend

    KnowBe4 Defend takes a new approach to email security by addressing the gaps in M365 and Secure Email Gateways (SEGs). Defend helps you respond to threats quicker, dynamically improve security and stop advanced phishing threats. It reduces admin overhead, enhances detection and engages users to build a stronger security culture.

    BreachSim LogoWith KnowBe4 Defend you can:

    • Reduce risk of data breaches by detecting threats missed by M365 and SEGs
    • Free up admin resources by automating email security tasks
    • Educate users with color-coded banners to turn risks into teachable moments
    • Continuously assess and dynamically adapt security detection reducing admin overhead
    • Leverage live threat intelligence to automate training and simulations

    Request a Demo

    PS: Don't like to click on redirected buttons? Cut and paste this link in your browser:

    https://www.knowbe4.com/products/defend-demo

    Topics: Phishing, Spear Phishing, AI

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews