AI is driving a new kind of phishing at scale

Email remains a primary entry point for attackers, and security teams continue to manage high volumes of malicious messages that change form across campaigns. Attackers generate large numbers of messages with small variations in wording, structure, and delivery paths.

AI systems now sit at the center of this activity, supporting generation, testing, and rollout of phishing campaigns. The Cofense research documents this environment as it exists across enterprise inboxes, with one malicious email identified on average every 19 seconds during 2025.

Phishing campaigns often reuse the same infrastructure, even when the emails, links, and files look unique each time. That makes detection harder, since email gateways, endpoint tools, and signature-based controls struggle to keep up with the sheer volume and constant variation.

Adaptive phishing pages and device awareness

Phishing pages increasingly adjust their behavior based on the visitor’s device and environment. A single phishing site can deliver different payloads depending on operating system or browser type. Windows systems receive executable malware, macOS systems receive platform-specific packages, and mobile users encounter tailored credential pages.

Android-focused delivery rose sharply during 2025, exceeding activity seen during the previous three years combined. These mobile payloads frequently trace back to phishing kits associated with Windows remote access tools. Page content often imitates common enterprise platforms such as document sharing or collaboration services, with frequent variation in layout and wording.

Credential phishing pages also gather detailed information about visitors, including browser plugins, screen size, language, and geographic region. This data supports customized page rendering and payload selection. The same data also supports evasion, with pages redirecting traffic or displaying error messages when analysis tools appear present.

Polymorphism as a standard delivery approach

Phishing campaigns now operate with polymorphism as a baseline condition. Each message, link, or file often appears unique even when tied to the same campaign. During 2025, 76 percent of initial infection URLs appeared only once across customer environments, even as 94 percent of those URLs reused previously observed infrastructure.

Malicious files follow a similar pattern. File hashes frequently appear unique even when payloads remain functionally identical. AI-driven tooling enables this level of variation at scale. Security teams encounter thousands of indicators that lack reuse, reducing the value of blocklists and prior sightings.

Attackers also draw from publicly available information to personalize messages. Contact details, job roles, reporting structures, and social media activity frequently appear within lures. This personalization increases credibility and reduces reliance on technical exploits.

Conversational attacks and business email compromise

Business email compromise continues to rely on simple conversation rather than links or attachments. Messages prompt recipients to reply directly or take routine business actions. During 2025, conversational attacks accounted for 18 percent of identified malicious emails.

AI-generated language improves grammar, tone, and contextual alignment with internal communications. Messages often impersonate executives, vendors, or internal teams using accurate references to business activity. The difference between a malicious message and a legitimate one can be subtle and limited to context or timing.

Traditional email security tools that focus on links and attachments provide limited coverage against these messages. Detection relies heavily on behavioral cues and post-delivery analysis supported by human review.

Legitimate tools used as access mechanisms

Attackers increasingly rely on legitimate remote access tools to establish persistence. Products commonly used by IT teams for support and administration appear within phishing campaigns as installation payloads. During 2025, abuse of legitimate remote access tools increased sharply, with total reported activity rising more than 100 percent year over year.

These tools often arrive through trusted cloud hosting platforms and carry valid digital signatures. Network traffic associated with these tools blends into standard administrative activity. Alerts generated by endpoint tools may appear low priority due to legitimate internal usage.

Attackers also automate management of these tools using scripting and AI-supported workflows. This approach supports control of large numbers of infected systems with minimal manual effort.

Domain usage shifts across credential campaigns

Credential phishing campaigns show significant movement into previously less common top-level domains. The .es domain rose sharply in usage, moving from a minor position to one of the most frequently observed domains in credential theft activity during early 2025.

These domains frequently host second-stage pages used for redirects or credential capture. Subdomains often appear generic and automated, indicating large-scale deployment through phishing kits. Email lures paired with these domains include branded layouts and visual elements aligned with enterprise communications.

“AI has fundamentally changed the economics and effectiveness of phishing,” said Josh Bartolomie, CSO at Cofense. “Threat actors are now using AI as core infrastructure, not just to craft highly personalized emails, but to dynamically adapt phishing pages based on the victim’s device, generate thousands of unique variants of the same attack, and manage infected systems at scale.”