AI-Powered Phishing in 2026: Why Your Filters Aren't Enough

A new IDC survey published today, covering 2,200 SMBs across eight markets, found that 60 percent plan to increase cybersecurity spending over the next 12 months. Most are still in a reactive posture. That combination is worth paying attention to, because the attacks hitting growing businesses in 2026 look significantly different than they did two years ago.

82.6 percent of phishing emails now contain AI-generated content, according to KnowBe4's March 2025 Phishing Threat Trends Report. Those messages achieve a 54 percent click-through rate, compared to 12 percent for traditional phishing. The cues employees were trained to spot, including awkward phrasing, generic greetings, and obvious typos, are mostly gone. The defenses built to catch the old version of phishing are catching less of the new one.

What AI Actually Changed About How Phishing Works

Traditional phishing ran on volume and imprecision. Send enough generic "your account has been suspended" emails and a percentage clicked. Defenders responded with pattern-based filters that looked for known bad domains, suspicious link structures, and signature language patterns.

AI disrupted that model in a specific way.

IBM X-Force research demonstrated that an attacker can now build a complete phishing campaign in 5 minutes. That same work took a skilled human team around 16 hours. The time compression matters not just for efficiency but because it changes who can mount a personalized, targeted attack, and at what scale.

AI pulls public information from LinkedIn profiles, company websites, press releases, and news mentions, then constructs messages that reference real people, real job titles, and real business activities. An email that looks like it came from your controller, referencing an invoice you are actually processing, is a different threat than a form letter about a locked account.

The attack surface has widened beyond email. Voice phishing uses AI-cloned voices of executives to pressure employees over the phone. In January 2024, engineering firm Arup lost $25.6 million after a finance employee authorized a series of wire transfers following a video call where every other participant turned out to be an AI-generated deepfake. Arup publicly confirmed the incident in May 2024. That kind of attack was theoretical three years ago. The tools needed to execute it now cost less than $30 a month in off-the-shelf AI subscriptions.

The Financial Picture

Business email compromise is where AI phishing shows up most clearly in the loss data.

FBI IC3 figures for 2025 put BEC losses at $3.046 billion across 24,768 complaints, up from $2.77 billion in 2024. BEC does not require malware. It exploits organizational trust: someone authorized to move money gets a convincing request from someone they believe has the authority to make it.

The FBI noted in its 2025 IC3 report that generative AI is an emerging BEC enabler. It makes executive impersonation easier to execute at scale and produces professional-quality correspondence that does not contain the errors that used to flag suspicious messages. Total cybercrime losses reported to the FBI in 2024 reached $16.6 billion, a 33 percent increase from 2023.

The Verizon 2026 Data Breach Investigations Report found that credential theft and phishing remain among the most consistent breach root causes year over year. AI has made the phishing half of that equation considerably more effective.

Why Growing Businesses Are at Higher Risk Than They Realize

There is a persistent assumption that sophisticated attackers stay focused on large enterprises. IDC's research found that assumption is still widespread among SMBs. Joel Stradling, IDC's Senior Research Director for European Security, put it plainly: "The research suggests many SMBs still believe they are not prime targets for cyberattacks, despite threats becoming more sophisticated."

43 percent of cyberattacks target SMBs. AI has lowered the cost of executing a targeted, personalized campaign, which means attackers can profitably go after businesses in the 50-to-200-seat range and not just those with nine-figure payouts.

Growing businesses typically have fewer controls in the payment approval chain. A 75-person company probably does not have a dedicated fraud team. It may have one person handling wire transfers and one signing off. That structure is exactly what social engineering is designed to exploit.

IDC found that 84 percent of micro businesses and 65 percent of small businesses describe themselves as unprepared or in early stages of addressing AI-related security threats. Only 34 percent of SMBs have a formal incident response plan. Most are reacting after something goes wrong rather than working from a documented playbook before it does.

What AI Phishing Actually Looks Like Now

The mechanics have shifted enough that it is worth being specific.

Modern AI-generated phishing does not look like the 2015 version. Messages are grammatically correct, contextually relevant, and formatted to match legitimate company correspondence. They reference real ongoing business activities like pending invoices, vendor negotiations, or upcoming audits.

Polymorphic phishing adds another layer of difficulty. AI generates a unique variation of each message, so signature-based filters that match against known attack patterns find nothing to flag.

Adversary-in-the-Middle attacks have changed the MFA picture as well. These proxy the authentication session in real time, intercepting one-time codes as employees enter them. An employee who correctly completes their MFA step can still be compromised if the session itself is hijacked. Standard SMS-based or app-based MFA no longer closes the authentication gap it used to.

A full BEC sequence now often looks like this: a personalized AI email to establish context and trust, an AI-cloned voice call to create urgency, and a compressed time window that pushes the target to act before normal verification steps engage. Each component reinforces the others.

What Your Security Posture Needs to Address

The controls that matter in 2026 are not the same ones that mattered in 2021.

Email authentication is the foundation. DMARC, DKIM, and SPF records need to be correctly configured and actively monitored, not set once and assumed to be working. Many businesses have partial implementations that still allow spoofed messages through.

Behavioral email security, which flags anomalies in sender behavior and request patterns rather than matching known signatures, is increasingly what separates organizations that catch AI-generated attacks from those that do not.

Payment verification workflows carry as much weight as technical controls for BEC. A callback policy requiring a voice call to a number in the company directory for any wire transfer above a set threshold is a procedural control that breaks the attack chain regardless of how convincing the initial message was.

Security awareness training needs to be updated to reflect what AI phishing looks like now. Training built around "look for typos and generic greetings" teaches outdated signals. The pattern to recognize is the combination that characterizes most AI-assisted social engineering: a request that arrives with authority, urgency, and a reason to bypass normal channels.

Phishing-resistant MFA using FIDO2 hardware keys or Conditional Access policies with hardware attestation provides protection against AiTM attacks that app-based or SMS codes do not.

The same category of risk that shows up in shadow AI usage inside businesses applies here too. AI is introducing new attack surfaces on multiple fronts at the same time, and keeping pace with those changes is an ongoing operational responsibility, not a checkbox from last year's audit.

None of these controls are set-once configurations. Email security standards evolve. Attack techniques iterate. Training content goes stale quickly when the threat itself is changing at the speed AI enables. That ongoing maintenance is the work.

Frequently Asked Questions

What is AI-powered phishing? AI-powered phishing uses generative AI to create highly personalized, grammatically correct attack messages at scale. These attacks reference real business details, mimic the writing style of known colleagues, and generate unique message variations that evade signature-based filters.

How can I tell if my business is being targeted by AI phishing? Often you cannot identify the threat from the message itself. That is by design. What matters more is having process controls in place: payment verification procedures, anomaly detection in your email environment, and security training that focuses on request patterns rather than message quality.

Does MFA protect against AI phishing attacks? Standard MFA provides meaningful protection but not against every attack type. Adversary-in-the-Middle phishing can intercept one-time codes in real time by proxying the authentication session. Phishing-resistant MFA using FIDO2 standards or hardware security keys addresses that gap.

What is business email compromise? Business email compromise is a social engineering attack in which an attacker impersonates a trusted executive or vendor to authorize fraudulent wire transfers or redirect payments. It does not require malware. FBI data puts 2025 BEC losses at $3.046 billion across more than 24,000 complaints.

How does a growing business protect against AI phishing in 2026? The core measures are properly configured email authentication (DMARC, DKIM, SPF), behavioral email security tools, payment verification callback procedures, phishing-resistant MFA, and updated security awareness training. These controls require continuous maintenance because the attacks themselves keep evolving.