How much of phishing email is AI-generated in 2026?

82.6% of detected phishing emails now use AI per Hoxhunt 2026 detection data, a 53.5% year-on-year increase. AI lures are higher quality, free of spelling tells, and personalised at bulk-volume cost.

How effective is AI spear-phishing?

AI-spear-phish achieves a 54% click-through rate against a 12% baseline for human-written attempts (Hoxhunt). The cost asymmetry is the headline: bulk-phish quality at spear-phish effectiveness.

What is the cost impact of deepfake CEO fraud?

$200M+ in deepfake-driven fraud receipts in Q1 2025 alone. Deepfake vishing surged 1,633% in the same quarter. Industry projections cite $40B in deepfake-enabled scam losses by 2027.

How do you defend against AI phishing?

Phishing-resistant MFA (FIDO2/passkeys), AI-augmented email defence (ICES) layered above signature-based gateways, out-of-band verification protocols, and updated training that uses AI-generated lure samples.

Filing 06.00.00Field 27 APR 2026Classification PublicStatus Open

AI-Powered Phishing

The 2026 story is not that phishing exists; it is that the marginal cost of producing a convincing phishing email has collapsed. Per-incident success rates have moved from 12% to 54%. The defensive baseline has to move with them.

Exhibit A

The AI phishing baseline

ESCALATING

82.6%

Detected phishing emails using AI

[Hoxhunt 2026]

+53.5%

Year-on-year growth in AI phishing share

[Hoxhunt 2026]

54%

Click rate on AI-generated spear-phish

[Hoxhunt]

12%

Click rate on human-written spear-phish (baseline)

[Hoxhunt]

+1,633%

Q1 2025 surge in deepfake vishing

[Hoxhunt 2026]

$200M+

Deepfake fraud receipts, Q1 2025

[Industry aggregate]

$40B

Projected deepfake-enabled scam losses by 2027

[Deloitte forecast]

60s

Audio sample required to clone a voice convincingly

[Microsoft VALL-E paper]

AI-01

AI-generated email phishing

GenAI removes the legacy detection tells. No spelling errors. Native fluency in any target language. Personalisation at bulk-volume cost. Signature-based gateways underperform; AI-augmented email defence (ICES) layered on top is now the standard.

Representative pretext

Sender: bookkeeping@vendor-domain.io. Subject: Updated Q2 invoice schedule. Body: tonally indistinguishable from the legitimate vendor's correspondence cadence.

AI-02

Deepfake voice cloning (vishing)

DEEPFAKE

60 seconds of source audio (a podcast appearance, an earnings call) clones a CEO voice convincingly enough to authorise a wire-transfer over the phone. The 2024 Arup case study (HK$200M loss) is the canonical example.

Representative pretext

Live call from CFO's number, voice synthesised in real-time, instructing finance to release a payment to a new vendor account ahead of a fictitious M&A close.

AI-03

AI-driven OSINT spear-phish

Crawler agents harvest LinkedIn, conference talks, and public commits. LLM personalises pretext at industrial scale. The same content team that previously produced ten convincing spears per day now produces 10,000.

Representative pretext

Email referencing the target's recent talk at re:Invent and a follow-up question about a specific architecture diagram.

AI-04

Multi-channel coordinated AI attacks

Email + SMS + voice in one pretext sequence. The email primes, the SMS validates, the voice closes. Each channel uses synthetic content. Out-of-band confirmation is the only reliable defensive layer.

Representative pretext

Email from "CFO" lining up an urgent wire. Confirming SMS "on it now, Bob said you'd call". Voice-cloned call closes the approval.

Exhibit C

What works against AI phishing

DEFENCE

Phishing-resistant MFA (FIDO2 / passkeys). Removes the value of even a perfect phishing email if it harvests a password.
Out-of-band verification for any wire, payment-method change, or credential reset. The synthetic call cannot survive a callback to a known number.
AI-augmented email defence (ICES). Catches what signature-based gateways miss against polished generative content.
Updated training that includes AI-generated lure samples. Older training sets are insufficient.
Helpdesk identity-verification scripts, mandatory. The 2023 vishing wave runs through helpdesks.
Tabletop exercises against deepfake voice scenarios. Treat them as the 2026 baseline, not an exotic edge case.

[CISA AI guidance, NIST AI RMF, Microsoft Digital Defence Report 2025]

Exhibit D

AI-Powered Phishing

The AI phishing baseline

AI-generated email phishing

Deepfake voice cloning (vishing)

AI-driven OSINT spear-phish

Multi-channel coordinated AI attacks

What works against AI phishing

Cross references