Phishing remains one of the most common entry points for cyberattacks—and thanks to AI, phishing emails are becoming more convincing and harder to detect than ever before.
Even though only 0.7–4.7% of phishing emails that made it past filters in 2024 were AI-generated, researchers at Hoxhunt say the level of sophistication is quickly rising. AI agents can now out-phish elite human red teams, at scale. In fact, AI-driven spear phishing agents are now outperforming even elite human red teams when it comes to crafting targeted, socially engineered attacks.
Email security platform GreatHorn reports that 57% of organizations deal with phishing scams on a weekly or even daily basis. And with nearly 1.2% of all emails being malicious, that adds up to around 3.4 billion phishing emails sent every single day. Between 2023 and 2025, the effectiveness of AI in phishing attacks grew by 55%, shifting the cybersecurity landscape in a major way.
The explosion of AI-driven phishing lines up with a staggering 4,157% global increase in phishing attempts since ChatGPT launched in late 2022.
By March 2025, their AI spear phishing agent—nicknamed JKR—was already 23.8% more successful than human red teams, regardless of how tech-savvy the users were. In an ongoing AI Spear Phishing Agent experiment from 2023 to 2025, AI’s performance vs. humans improved by 55%. Advances in AI are simultaneously disrupting the social engineering landscape and the cybersecurity training category. The co-evolution of attacks and protections must be considered when evaluating the rising threat of blackhat generative AI, and how to defend against it.
This leap is thanks to advances in large language models (LLMs), which let attackers fine-tune phishing messages using automated feedback and real-time data.
Unlike traditional phishing emails written by hand, AI agents like JKR can analyze behavior, build convincing narratives, and test different versions until they find the one most likely to trick humans.
This kind of sophisticated agility makes old-school, compliance-based security training less effective. Instead, companies are shifting to smarter, adaptive human risk management tools that can keep up with the evolving threat landscape.
Want to help your members and employees stay ahead of AI-powered threats?
Enfortra’s white-label identity theft protection solutions make it easy to strengthen your brand and your defenses. Schedule a demo today and see how we can help you protect what matters most.
