Phishing is old, but AI just gave it new life

The volume of cyberattacks has reached staggering levels, with new tactics that blur the line between legitimate and malicious activity. A new threat report from Comcast, based on 34.6 billion cybersecurity events analyzed over the past year, shows what adversaries are doing and what this means for enterprise leaders.

Scale and sophistication increase together

Attackers are no longer choosing between quick, noisy campaigns and careful, targeted ones. They are doing both at once. Automated scans and phishing runs create constant background pressure, while more skilled operators test defenses and move laterally inside networks.

This mix of volume and stealth makes life difficult for defenders. Security teams must filter out huge amounts of activity without losing sight of the quiet signals that point to an intrusion. The challenge is spotting the attacks designed to blend in and linger.

AI as risk multiplier and defensive tool

Threat actors are using generative models to create convincing phishing lures and malware, lowering the barrier to entry for less skilled criminals. At the same time, organizations adopting AI tools internally face new exposure points. Shadow AI, or employee use of unsanctioned AI tools, expands the attack surface and raises questions about how to secure non-human identities such as service accounts and autonomous agents.

On the defensive side, AI is critical for scaling anomaly detection and speeding response. Yet automation is not enough on its own. Skilled professionals are required to interpret signals, investigate anomalies, and guide strategic action. The report stresses that resilience depends on the right mix of automation and human expertise.

Human fatigue and resource constraints

Even with advanced tools in place, people remain central to how well defenses hold up. End users are often the entry point, since a single click on a malicious link can bypass multiple layers of security. Security teams also face limits in how much they can process. Constant alerts, repetitive tasks, and noisy signals increase the risk of threats slipping through.

These pressures make it harder to respond when incidents occur. To reduce that risk, organizations need to give teams smarter ways to separate signal from noise and invest in processes that keep focus on the threats that matter most. Building a culture of awareness across the enterprise is just as important as technology in closing these gaps.

Proxy abuse masks adversaries

Attackers are routing malicious traffic through compromised home and business devices, creating large pools of “residential proxies.” These tactics make malicious traffic appear legitimate and allow adversaries to bypass geographic filters or blocklists.

This means IP-based trust signals are eroding and leadership must shift focus to behavioral analysis and zero-trust approaches. Beyond technical risk, there is also reputational exposure if compromised devices within an enterprise are co-opted to relay malicious traffic.

The business case for layered resilience

Cybersecurity is now part of business resilience. Breaches disrupt operations, revenue, and reputation, so organizations need layered defenses that bring prevention, detection, and response together.

Preventive measures like patching, MFA, and secure gateways remain important, yet no perimeter is perfect. Adaptive defenses that include AI-enabled detection, threat hunting, and strong governance of both human and machine identities are required to contain intrusions.

“Threats are growing in scale, stealthiness, and sophistication. But this is also a transformative time for cyber defense, with advances in AI, automation, and industry collaboration opening new opportunities to innovate,” said Noopur Davis, EVP, CISO and Product Privacy Officer, Comcast.