The threat landscape has shifted.
See what MSPs need to know in 2026. Download Now
Back to blog

AI Phishing Attacks: The New Inbox Threat for MSPs

Digital illustration of a hooded figure at a laptop, symbolizing a hacker; computer codes, database information, and an Inbox Threat notification hint at rising AI Phishing Attacks, all depicted in striking shades of pink and red.
In This Article

Just when you thought phishing couldn’t get any more complex, AI arrived overnight and literally rewrote the entire playbook, and the proof is in the clicks. 

A study found that AI-generated phishing emails are 4.5x more likely to trick recipients, achieving 54% click-through rates (CTRs) compared to 12% for conventional phishing attempts. 

AI phishing attacks operate at a completely different scale and level of sophistication. Automation has made an attacker’s inbox success rate exponentially higher.

In this blog, we’ll explore the various methods used in AI phishing attacks, how they evade email filters, and the security controls required to detect them before anyone clicks through.

Key Takeaways 

  • Attackers are leveraging malicious LLMs to automate phishing at unprecedented scale 
  • 82.6% of phishing emails are now leveraging AI-generated content
  • Despite the rise of AI, traditional phishing still dominates
  • The global average click rate on phishing simulations was 34.3% before security training was implemented 

What is AI-Generated Phishing?

AI phishing scripts are typically created with large language models (LLMs) or agentic AI systems, which automate every stage of the attack lifecycle. Using a few simple prompts, threat actors can generate context-aware, syntactically perfect, and highly personalized messages at unprecedented velocity.

A recent study found that 82.6% of phishing emails are now leveraging AI-generated content. The threat is definitely real. Attackers even have their own spin-off of ChatGPT called SpamGPT, a malicious LLM circulating on the dark web, equipped with a preconfigured SMTP & IMAP checker to pre‑test emails against common filtering rules.

It automatically adjusts headers, sender domains, and linguistic patterns to evade traditional detections, especially if SPF/DKIM/DMARC authentication protocols aren’t properly enforced. AI-generated phishing simulation tools can train attackers to refine templates, optimize delivery timing, and craft hyper-personalized messages.

MSPs are facing a new battle as these AI‑powered phishing campaigns scale beyond anything traditional email security defenses were designed to handle. 

AI Phishing vs Human-Generated Phishing 

Can you spot the AI phishing attempt? 

Threat actors can fine-tune malicious LLMs, such as SpamGPT, to dynamically rewrite phishing templates that bypass traditional Secure Email Gateways (SEGs), and even pre-train an army of AI agents to perform reconnaissance, craft payload-ready emails, and schedule automated delivery campaigns. Think of these malicious LLMs as real-world phishing training scenarios, where adversaries can generate linguistically diverse variants to evade pattern-based detection, attach context-aware malicious links, and test messages against spam filters in sandbox environments.

So, the odds of that suspicious email arriving in your inbox, or worse, your users’ inboxes, increase exponentially. AI-driven phishing campaigns have the ability to deceive even the most seasoned IT professionals and executives. Each successful phishing email click and open rate becomes training data for attackers to refine their next iteration.

AI can turn Business Email Compromise (BEC) attacks into fully automated, multi‑stage operations. It can analyze C‑suite communication patterns with semantic tone and auto‑scrape org charts, vendor relationships, and invoice cycles to craft hyper‑targeted phishing scripts. A distracted HR professional might inadvertently sign off on a scam invoice masked as a trusted third-party supplier or approve a fraudulent payroll change that mimics a legitimate internal workflow, even appearing as if the CFO sent it. 

Traditional Phishing Still Dominates 

A recent report found that 989,123 phishing attacks were observed in Q4 2024 alone. Key findings also showed that Gmail remains the preferred platform for BEC actors, accounting for 81% of all free webmail accounts created by scammers. The data taken from the report doesn’t even mention AI, which only amplifies an attacker’s capabilities far beyond what these numbers reflect.

AI models have rapidly outpaced conventional phishing techniques by introducing automation, scale, and adaptive learning. AI adds to the complexity that security professionals face daily.

Yet, traditional phishing attacks remain the main threat vector for organizations. Research shows that 72% of insider incidents tied to phishing occur because employees fail to verify sender authenticity, highlighting the critical importance of employee security awareness training. 

AI agents outnumber human attackers in scale and speed. The more data these malicious models receive, the better and more accurate the output becomes. Without the right security guardrails, an attacker can train these agents to recognize employee behavioral tendencies and email communication patterns, enabling even more hyper-targeted AI phishing campaigns.

Best Practices to Avoid AI Phishing Emails 

Recognizing the basic phishing patterns and common techniques deployed by attackers can help prevent a breach. 

Here are a few ways to secure your inboxes from the latest phishing threats. 

Still have questions before choosing a plan?
Talk to a real human. No forms. No waiting. No Slack account needed.
Chat with us

No Slack account needed.

Conduct regular phishing simulations

Routine phishing simulations are a critical component of a proactive security strategy

A few real-world phishing scenarios can help improve employee phishing awareness by a measurable degree. Organizations can craft targeted simulations that mirror the tactics, techniques, and procedures (TTPs) used in AI-driven phishing attacks.

From attachment-based scenarios containing malicious macros or payloads disguised as invoices, contracts, or HR forms, to URL-based attacks leveraging cloaked domains or typosquatting to evade detection, these simulations expose employees to the kinds of threats they are likely to encounter. 

IT professionals can increase the level of difficulty and test either quarterly or periodically to measure improvements in user vigilance. Gamify the experience to gauge employee engagement further by creating an internal Slack channel with a leaderboard and awarding extra points to employees who flag and report suspicious emails. 

Research showed that before implementing any training, the global average click rate on phishing simulations was 34.3%. After a year of continuous security awareness training, this rate dipped by an astonishing 86%, falling to just 4.6% across organizations of all sizes and industries. Invest in those phishing simulations. 

Employee security training awareness 

BEC attacks have spiked 70% YoY, with AI playing a significant role moving forward. 

Employees trained through context-aware phishing simulations can better detect unexpected sender addresses, anomalies in invoice formats, or unusual payment requests. Simulated BEC attempts using vendor invoice templates and payment instructions to train finance and procurement teams are great examples. 

The same concept can be applied to understanding the indicators behind traditional phishing attack techniques, such as lookalike domains or unusual sender IP addresses.

Education is the foundation of security training and awareness. Every organization should have a dedicated employee security awareness program that combines structured learning. This includes role-specific training modules for executives, IT, finance teams, and HR, tailored to the types of specific AI phishing attacks and social engineering they are most likely to encounter.

Context-aware phishing drills are great for raising awareness of the critical assets attackers look for. Security awareness training is an organization’s internal insurance policy against adversarial threats.

Implement SPF, DKIM, and DMARC email authentication protocols

This might sound quite binary, but having SPF, DKIM, and DMARC authentication properly configured is critical for preventing AI phishing threats. What should be fundamental email hygiene is often overlooked by organizations. A misconfigured MX record or missing SPF entry can allow attackers to spoof your domain and launch sophisticated AI-driven phishing campaigns.

These protocols help verify that incoming messages are genuinely from legitimate domains, reducing the risk of spoofed emails, BEC attempts, and AI phishing attacks. Ensure that SPF, DKIM, and DMARC are properly configured. Email authentication is a critical proactive security measure that every organization must invest in. 

Preventing AI Phishing Risks with Guardz 

Guardz provides MSPs with unified inbox visibility through a new partnership with Check Point, integrating Harmony Email Security (formerly Avanan). Guardz automatically connects the dots across every threat vector with full context, so you can prioritize mitigating what matters most to your clients.

A digital interface displays a product update for Check Point Harmony Email (formerly Avanan) with a security controls dashboard, email protection details, and activation status.

Don’t fall for those AI-generated phishing scripts and templates. 

Schedule a demo to learn how Guardz can help deliver a 99.2% reduction in phishing in the inbox.

FAQs About AI Phishing

How do you identify AI-generated phishing emails? 

Red flags for recognizing AI-generated phishing emails include misspellings, unusually urgent language, and mismatched sender domains.

How do you stop AI-generated phishing scams? 

Conducting routine phishing simulations and employee security training awareness are both crucial for preventing AI-generated phishing scams.

Can AI stop phishing threats? 

AI can help prevent phishing threats by analyzing behavioral patterns, language, intent, context, and detecting anomalies.

References:

SC Media. (2025, October). Report: Higher phishing success, Profitability seen with AI emails. www.scworld.com. Retrieved December 9, 2025, from https://www.scworld.com/brief/report-higher-phishing-success-profitability-seen-with-ai-emails

KnowBe4. (2025, April 23). Breaking the stigma: 90% of employees agree that phishing simulations improve their security awareness. Retrieved December 9, 2025, from https://blog.knowbe4.com/breaking-the-stigma-90-of-employees-agree-that-phishing-simulations-improve-their-security-awareness

Cofense. (2025, May 14). Cofense reveals rapid rise in AI-powered phishing: New threat every 42 seconds. Retrieved December 9, 2025, from https://cofense.com/blog/cofense-reveals-rapid-rise-in-ai-powered-phishing-new-threat-every-42-seconds

Ponemon Institute & DTEX Systems. (2025). 2025 Ponemon cost of insider threats global report. Retrieved December 9, 2025, from https://ponemon.dtexsystems.com/
Anti-Phishing Working Group. (2025, March 19). Phishing activity trends report: 4th quarter 2024. Retrieved December 9, 2025, from https://docs.apwg.org/reports/apwg_trends_report_q4_2024.pdf

Categories:
Cyber Security
MSP
  • Share On:

Subscribe to
Our Newsletter.

Continue Reading

A digital dashboard shows a list of users, with one dormant hybrid account highlighted in red and marked with an error icon. A callout reads “MFA not registered.” The background is dark with geometric patterns.

Uncovering a Dormant Hybrid

Beyond News
A digital diagram showing a central IP address connecting to various icons labeled Key Vault, Storage Account, Graph, and API—demonstrating Azure Managed Identity usage—with warning symbols near the API. Research Insights is highlighted at the top left.

Exploiting Azure Managed Identity Tokens from IMDS

Cyber Security
MSP
Logos of Guardz and C-Data are shown side by side with a plus sign between them, on a dark background with green circuit-like lines, highlighting a partnership in cybersecurity solutions for MSPs.

Guardz and C-Data Partner to Bring Scalable Cybersecurity to MSPs Serving the SMB Market

Cyber Security
MSP
A person in a futuristic chair sits at a high-tech control panel, looking out at a starry space scene with planets and mountains. The dashboard glows with colorful buttons and screens, like the perfect single post template for exploring new worlds.

Guardz, Your Cybersecurity
Co-Pilot for MSPs

Demonstrate the value you bring to the table as an MSP and gain visibility into your clients’ external postures.

Get Started
Holistic Protection.
Hassle-Free.
Cost-Effective.
Get Started
Book a Demo
Slack
Slack
Chat with us No Slack account needed.