AI Driving 86% of Phishing Attacks

Last Updated on May 3, 2026 by Arnav Sharma

The number landed like a punch. According to KnowBe4’s seventh Phishing Threat Trends Report, published on April 30, 2026, a staggering 86% of the phishing campaigns their researchers tracked over the past six months involved some form of AI. That’s not a projection or a vendor scare stat. It comes from analysis of attacks observed across more than 3,000 unique threat actors.

And the trend line tells its own story. In 2024, the figure sat at 80%. By 2025, it had crept up to 84%. The holdouts are caving. Attackers who once relied on broken English and spray-and-pray tactics are now running AI-assisted operations that look, read, and feel like real business communications.

What Changed? AI Made Phishing Fast, Cheap, and Personal

The old model was labour-intensive. An attacker would register a domain, manually clone a login page, write a lure email (often badly), buy a list of targets, and blast it out. The whole cycle took days or weeks, and the quality was usually poor enough that spam filters caught most of it.

AI collapsed that timeline. IBM X-Force research showed that generative AI can produce a convincing phishing email in about five minutes. A skilled human operator doing the same work? Sixteen hours. That’s roughly a 192x speed improvement. When you can generate hundreds of personalized lures in the time it used to take to write one, the economics of phishing change completely.

But speed is only half the story. The other half is quality. Hoxhunt’s 2026 Phishing Trends Report found that by March 2025, AI-generated phishing campaigns had become 24% more effective than campaigns built by experienced human red teams. That’s a sobering stat for anyone who still thinks phishing is a low-skill game.

The Hoxhunt data also showed something alarming about timing. For most of 2025, AI-generated attacks made up under 5% of what hit their network of 4 million users. Then December hit. Over the holiday season, AI-generated phishing surged 14x, jumping from roughly 4% of detected attacks to 56%. That trend has held steady into 2026.

Real Attacks, Real Platforms

This isn’t theoretical. Two operations discovered in the last few weeks show exactly how AI is being woven into the phishing supply chain.

Bluekit: The All-in-One AI Phishing Kit

Varonis Threat Labs recently pulled apart a phishing-as-a-service kit called Bluekit. It’s a single platform that handles domain registration, phishing page creation, campaign management, and victim session monitoring. It ships with over 40 templates that mimic services like Gmail, Outlook, iCloud, GitHub, ProtonMail, and Ledger.

What makes Bluekit stand out is its built-in AI Assistant. The panel supports multiple models (Llama, GPT-4.1, Claude, Gemini, DeepSeek) and helps operators draft phishing emails. When Varonis tested it, the output was more scaffold than finished product, with placeholder content that still needed cleanup. But the direction is clear: the kit is under rapid development, receiving constant updates, and it’s only a matter of time before the AI outputs get polished enough to use without editing.

Bluekit also handles adversary-in-the-middle (AiTM) attacks. When a victim enters credentials on a fake login page, the kit doesn’t just grab the password. It captures session cookies and local storage data, which lets attackers bypass MFA entirely. The stolen cookies act as authenticated session tokens, proving to the server that the user already passed identity checks. No MFA prompt required.

All exfiltrated data goes straight to the operator via Telegram. One dashboard, one operator, dozens of active campaigns.

AccountDumpling: Hijacking Trust at Scale

Guardio Labs uncovered a separate operation, codenamed AccountDumpling, that compromised roughly 30,000 Facebook accounts worldwide. This Vietnamese-linked campaign abused Google AppSheet, a legitimate no-code business automation service, as a phishing relay.

The trick was clever. Because emails sent through AppSheet come from [email protected] and originate from Google’s own servers, they pass SPF, DKIM, and DMARC checks without breaking a sweat. Traditional email gateways see a legitimate Google sender and wave it through.

Victims received fake Meta Support warnings about account deletion, complete with case IDs and 24-hour deadlines. The lures rotated through different themes: copyright complaints, verification reviews, blue badge checks, even fake executive recruitment messages. Each variation was designed to trigger panic and short-circuit critical thinking.

The stolen accounts were then monetized through an underground storefront. And here’s the twist that makes it especially cynical: the attackers would sometimes sell account recovery services back to the same victims they’d robbed.

ATHR: Voice Phishing Goes Autonomous

If Bluekit and AccountDumpling represent the email side of AI-powered phishing, ATHR represents the voice side. Discovered by Abnormal Security in April 2026, ATHR is a complete voice-phishing (vishing) platform sold on underground forums for $4,000 plus a 10% commission on stolen funds.

ATHR sends spoofed security alerts mimicking Google, Microsoft, and Coinbase. The emails don’t contain links or attachments. They just include a phone number. When the victim calls, ATHR’s telephony layer routes them to either a human scammer or an AI voice agent.

The AI agents run on a custom text-to-speech engine and follow a structured multi-step script: verify the callback, describe suspicious account activity, confirm an unrecognized phone number, initiate a fake recovery process, and extract a six-digit verification code. The whole thing happens autonomously. One operator can run dozens of simultaneous calls from a single browser-based dashboard.

Earlier vishing operations needed teams of trained human callers. ATHR removed that bottleneck entirely.

Why Traditional Defences Are Failing

The KnowBe4 report highlighted something that should worry every security team: phishing is no longer just an inbox problem. Attackers are expanding into calendar invitations, Microsoft Teams messages, and other collaboration tools. Internal team impersonation showed up in 30% of attacks during Q1 2026.

When phishing spreads across channels, single-point defences like email gateways stop covering enough surface area. A fake Teams message from a spoofed colleague doesn’t hit your email filters at all. A calendar invite with a malicious link bypasses everything your secure email gateway was built to catch.

Meanwhile, AI-generated lures are beating content-based detection at higher rates because the text quality is genuinely good. No more obvious grammar mistakes. No more generic greetings. The messages reference real internal projects, use correct job titles, and mimic the tone of the person being impersonated.

Building Defences That Actually Work

Given what we’re seeing, here’s where security teams should be focusing effort right now.

• AI-aware email filtering. Legacy signature-based and keyword-based email filters were built for a world of mass-produced spam. They struggle with personalized, well-written AI lures. Look at solutions that apply their own AI/ML models to detect anomalous sending patterns, unusual message construction, and behavioural signals rather than relying on known-bad indicators.
• Behavioural analytics across channels. If phishing is spreading to Teams, Slack, and calendar invites, your detection needs to follow. Behavioural baselines (who talks to whom, what kind of messages are normal, when do people typically send calendar invites) are harder for attackers to fake than email content.
• Zero-trust email architecture. Treat every inbound message as untrusted until proven otherwise. That means link isolation (rendering links in a sandboxed environment before the user can interact), attachment sandboxing, and real-time URL reputation checks at click time rather than delivery time.
• Phishing simulations that use AI-generated content. If your training program is still sending employees the same tired templates with obvious typos, you’re training them for threats that no longer exist. Use AI-generated lures in your simulations. Test whether people can spot a well-crafted, personalized message. Measure and iterate.
• FIDO2 and hardware security keys. MFA is necessary but not sufficient when attackers can steal session tokens through AiTM attacks. Phishing-resistant authentication methods like FIDO2 verify users through biometric checks on a recognized device in a pre-verified environment. That’s much harder to intercept than a six-digit code.
• Incident response rehearsals for multi-channel attacks. Run tabletop exercises that simulate phishing coming through email, Teams, calendar invites, and phone calls simultaneously. If your IR playbook only covers email-borne phishing, it’s incomplete.

2026 Phishing Prediction Timeline

• Q2 2026: AI-generated vishing platforms like ATHR go mainstream on underground forums. Voice-based social engineering attacks spike as the barrier to entry drops to near zero.
• Q3 2026: All-in-one phishing kits with integrated AI (like Bluekit) mature past the “scaffold and placeholder” stage. Expect turnkey operations that produce polished, ready-to-send lures with minimal human editing.
• Q4 2026: Multi-channel phishing campaigns become the norm rather than the exception. Attackers will coordinate email, Teams/Slack, SMS, and voice into blended campaigns targeting the same individual across multiple trust surfaces.
• Full Year 2026: The percentage of AI-driven phishing will likely push past 90%. The few remaining operators running manual campaigns will either adopt AI tooling or get outcompeted by those who do.