Phishing emails written by artificial intelligence now account for a dominant share of the malicious messages reaching corporate and personal inboxes, according to a European Union Agency for Cybersecurity report that analyzed 4,875 cybersecurity incidents recorded between July 2024 and June 2025. The finding signals a rapid shift in how attackers craft deceptive emails, moving from clumsy, error-filled lures to polished, AI-generated text that slips past traditional defenses. For security teams and ordinary users alike, the change means that the old advice to “look for typos” no longer offers reliable protection.
Why AI-generated phishing rewrites the defense playbook
The speed at which generative AI tools have been adopted by threat actors has outpaced many organizations’ ability to respond. Attackers who once spent hours drafting convincing pretexts can now produce dozens of unique, grammatically flawless messages in minutes. Each variant looks slightly different, which defeats signature-based email filters that rely on matching known malicious patterns. The result is a volume and quality problem hitting inboxes at the same time.
A working hypothesis tested by security researchers suggests that organizations deploying AI-assisted email filters after July 2024 should see a measurably slower rise in successful phishing incidents compared with peers still relying solely on signature-based tools. The logic is straightforward: if attackers use machine learning to write, defenders need machine learning to read. Static rule sets trained on older, human-written phishing templates miss the linguistic variety that generative models produce. AI-powered filters, by contrast, score messages on behavioral and contextual signals rather than exact text matches, catching novel wording that a signature engine would wave through.
That hypothesis has not yet been confirmed by a controlled, published study, but the directional evidence is strong. The ENISA assessment identifies a clear trend toward AI-enabled social engineering across the 4,875 incidents it cataloged. Phishing and social engineering ranked among the most prominent attack vectors during the reporting window, and the agency’s analysts flagged generative AI as a force multiplier that lowers the skill barrier for attackers. When a low-effort campaign can produce high-quality bait, the economics of phishing shift sharply in the attacker’s favor.
For businesses, the practical consequence is immediate. Email security stacks that have not been updated since mid-2024 are increasingly mismatched against the threat. Vendors offering natural-language analysis, sender-behavior profiling, and real-time content scoring have gained traction precisely because the old approach of blocking known-bad domains and flagged phrases cannot keep pace with AI-generated diversity. Security leaders are beginning to treat email defenses as a living system that must be retrained regularly, not a static appliance that can be left untouched for years.
What 4,875 incidents reveal about AI-enabled social engineering
The strongest institutional evidence behind the headline comes from the European Union Agency for Cybersecurity, which published its annual threat assessment covering the period from July 1, 2024, through June 30, 2025. That report, drawing on 4,875 documented incidents, treats phishing and social engineering as central threat categories and explicitly calls out the growing role of AI in crafting deceptive communications. The agency sits within the broader EU agencies network, giving its findings regulatory weight across all 27 member states.
ENISA’s analysis does not rely on a single vendor’s telemetry. It aggregates incident data from national computer security incident response teams, sector-specific reporting channels, and open-source intelligence feeds. That breadth gives the 4,875-incident dataset a cross-sector perspective that single-company reports typically lack. When the agency says AI-enabled social engineering is rising, it is drawing on incidents spanning finance, healthcare, energy, transportation, and public administration.
The practical mechanism behind the trend is well understood. Large language models can generate emails that mimic a target organization’s internal tone, reference real projects or colleagues scraped from public sources, and adapt phrasing to bypass content filters. Attackers can also automate translation, producing convincing phishing in multiple languages from a single prompt. That capability turns what was once a craft requiring fluency in the target’s language into a commodity available to any operator with access to a generative model.
Security teams report that the most dangerous variant is business email compromise powered by AI. In these attacks, the generated message impersonates a senior executive or trusted vendor and requests a wire transfer, invoice payment, or credential handover. Because the text reads naturally and contains no obvious red flags, employees who have been trained to spot broken grammar or suspicious formatting find themselves without reliable visual cues. The email appears to fit the organization’s style, uses familiar sign-offs, and may even reference internal initiatives drawn from leaked or publicly available documents.
Beyond email, the same generative tools are increasingly used to script phone calls and chat messages that support multi-channel fraud. An employee might receive a polished email followed by a convincing voice call reinforcing the request. Each contact point is crafted to sound authentic, eroding the skepticism that traditional awareness training tries to instill. In this blended environment, the line between phishing and broader social engineering blurs, and AI sits at the center of that convergence.
Gaps in the evidence and what security teams should watch next
Several questions remain open despite the strength of ENISA’s dataset. The agency’s report confirms the trend toward AI-enabled social engineering but does not publish a granular breakdown showing exactly what share of phishing emails were AI-authored versus human-written. Independent vendors have circulated figures suggesting that more than eight in ten phishing emails now carry AI-generated text, but those numbers come from proprietary detection engines whose methodologies are not publicly auditable. Without a standardized, peer-reviewed method for classifying AI authorship in email, the precise percentage remains an estimate rather than a settled measurement.
A second gap involves attribution. Knowing that an email was generated by a large language model does not automatically reveal which model, which threat group, or which infrastructure produced it. Many generative tools are accessible through shared accounts, compromised cloud resources, or criminal “as-a-service” platforms. As a result, traditional indicators such as IP addresses or domain ownership provide only partial clues. For investigators, it becomes harder to link campaigns to specific actors, complicating law-enforcement responses and sanctions.
There is also an open methodological challenge: most current detection techniques infer AI authorship from linguistic fingerprints, such as unusually consistent grammar, specific phrase patterns, or token distributions. As both attackers and defenders iterate, these signals may become less reliable. Adversaries can prompt models to imitate human errors or post-process text to inject randomness, while defenders refine their classifiers to look for subtler patterns. This arms race suggests that any static measure of “AI-written” content will quickly age.
Despite those uncertainties, the strategic direction is clear enough for security leaders to act. Organizations should assume that a growing proportion of phishing attempts will be AI-assisted, even if the exact percentage is debated. That assumption supports three practical steps. First, upgrade email gateways and security platforms to incorporate behavioral and contextual analysis rather than relying solely on signatures. Second, refresh awareness training so that employees focus on verifying requests through independent channels, not on spotting cosmetic mistakes. Third, build internal reporting loops that allow suspicious messages to be quickly analyzed and used to retrain filters.
Policymakers and regulators, meanwhile, are likely to lean more heavily on coordinated reporting and shared intelligence. Because ENISA’s findings draw from multiple national and sectoral sources, they offer a template for how cross-border visibility can illuminate emerging threats. As AI-generated phishing continues to evolve, that kind of collective situational awareness may prove as important as any single technical control.
The rise of AI-authored phishing does not make defense impossible, but it does invalidate comfortable assumptions. Typos and awkward phrasing are no longer reliable warning signs. Instead, resilience will depend on layered technical controls, updated training, and a willingness to treat email not as a trusted channel, but as just another potentially hostile interface. The 4,875 incidents in ENISA’s latest assessment mark a turning point: from here on, defenders must assume that the person “writing” to them may, in fact, be a machine.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
