Phishing has always worked. That's the uncomfortable truth. Before AI entered the picture, attackers were already getting through. The social engineering playbook has been effective for decades, and no amount of awareness training ever eliminated it completely.
But, it's even more effective today.
AI made it significantly harder to defend against.
The old approach still worked fine
Old-school phishing was a volume game. Send millions of poorly written emails, impersonate a bank or a courier company, and collect credentials from whoever clicked. The emails were often sloppy, but they didn't need to be polished. Even a low success rate across millions of attempts adds up fast.
The upside for defenders was that those attacks had a recognisable signature. Suspicious sender domains. Spelling errors. All-caps urgency. Generic greetings. These were learnable signals, and security awareness programmes got reasonably good at teaching people to spot them.
.png?width=600&height=540&name=phishing_email_2023%20(1).png)
The result was a kind of equilibrium. Phishing remained a top attack vector year after year, but defenders had a shared vocabulary for what to look out for.
That vocabulary is now outdated.
What generative AI changed
Generative AI didn't invent new attack types. What it did was remove the friction that kept those attacks from scaling.
Writing a convincing, targeted, grammatically perfect email in any language used to require time and skill. Now it takes seconds. Researching a target, their role, their manager's name, the tools their company uses, was possible before but slow. Today, that context can be pulled together and fed into a prompt in minutes.
.png?width=600&height=588&name=phishing_email_2026%20(1).png)
The result is a new class of attack that looks nothing like what most awareness training was built around. No typos. No suspicious domains jumping out. No "Dear Valued Customer." Just a calm, specific, plausible message that fits into the context of someone's actual working day.
The numbers back this up
The 2026 Verizon Data Breach Investigations Report, the largest in the report's history covering over 22,000 confirmed breaches across 145 countries, paints a clear picture of where things stand.
The human element was present in 62% of breaches, up from 60% the previous year. Despite a decade of investment in awareness training and phishing simulation programmes, that share keeps rising.
The channel mix is shifting too. 41% of social engineering breaches now involve vectors other than email, with approximately a quarter coming from social media or phone-based channels. Email security gateways, which most organisations have invested in heavily, simply can't see those attacks.
And when it comes to phone-based attacks specifically, the gap is striking. The median click rate on voice and SMS simulations is roughly 2%, compared to 1.4% on email phishing simulations. A 40% lift on essentially the same attack, delivered through a different channel.
What the attack surface looks like now
The threat list has expanded well beyond the phishing email. A few of the vectors worth understanding:
AI voice cloning. Attackers can now generate convincing audio from a short clip of someone's voice, a public webinar recording, a company podcast, a LinkedIn video. The 2026 DBIR specifically calls out help desk impersonation as now the most common initial scenario in ransomware breaches that begin with social engineering. An attacker calls your IT help desk, sounds like an employee, and gets a password reset.
Conversation hijacking. Rather than starting a new thread, attackers insert themselves into an existing email conversation by compromising an account earlier in the chain. The recipient sees a reply to a thread they recognise, from a name they trust.
QR phishing. Malicious links embedded in QR codes has historically bypassed most email security filters because there was no URL in the email body to scan. Most mail clients has become better at spotting and defending against them, but QR phishing keep on being a big malicious risk. Microsoft reported QR phishing detections up 146% from January to March 2026.
Fake SSO windows. A login page that looks exactly like your Microsoft or Google portal, served after a legitimate-looking redirect. Credentials entered go straight to the attacker.
MFA fatigue. Bombarding a user with push notifications until they approve one just to make it stop. Simple, effective, and requiring no technical sophistication.
.png?width=800&height=720&name=phishing_has_changed%20(3).png)
What this means for awareness training
The training question has shifted. Spelling errors and suspicious URLs are still worth covering, but they no longer represent the full threat picture.
According to Gartner's AI Risk Management Survey from September 2025, which surveyed 302 cybersecurity leaders across North America, EMEA, and Asia/Pacific, 62% of organisations experienced a deepfake attack in the prior 12 months. Deepfake attacks are no longer an edge case.
The harder question to train for is: what does a well-crafted attack look like, and how do you verify a request when all the surface signals look fine? That means building habits around verifying payment or access requests through a second channel, regardless of how legitimate the original message appears. It means treating unusual requests with scepticism even when they arrive from known senders. And it means extending that thinking beyond email to phone calls, SMS, and collaboration platforms.
The red flags haven't disappeared. They've just gotten a lot harder to see.
Phishing training in 2026 looks different
For years, the goal of phishing training was simple: teach people not to click. Run a simulation, measure the click rate, report back to leadership. Job done.
That framing is no longer enough.
When an attack is well-crafted and contextually convincing, not clicking isn't always a realistic expectation. People are busy, attacks are getting more targeted, and even security-aware employees get caught out. The more useful behaviour to train for in 2026 is reporting. If someone receives a suspicious message and reports it, the security team can investigate, pull it from other inboxes, and contain the damage before it spreads. A reported phishing attempt is a near-miss. An unreported one becomes a breach.
That shift in mindset, from "don't click" to "when in doubt, report", is more resilient as attacks get harder to distinguish from legitimate communication.
The simulation content also needs to catch up with the actual threat. Training employees to spot typos and fake domains while attackers are using AI-generated targeted emails and voice cloning is teaching people to fight last year's war.
AI Targeted Phishing - Our phishing targeting your company
At CyberPilot, we've built a feature called ReconAI that reflects this reality. ReconAI actively researches your company and your employees online, and uses that information to generate highly targeted phishing simulations, the kind of personalised, contextually relevant attacks that are now showing up in real incidents. The goal is to expose your team to what modern phishing actually looks like before an attacker does it for real, and to build the reporting habit that turns a potential breach into a learning moment.
