Artificial intelligence is helping cybersecurity teams respond to phishing attacks faster than ever before, but the same technology is also making phishing campaigns more sophisticated, driving up the overall cost of defense for organizations worldwide. That’s according to new research released Thursday by cybersecurity company IRONSCALES.
The report examined the impact of AI on phishing threats and defenses between 2022 and 2026, finding that organizations have increasingly turned to AI-powered tools to automate threat detection, investigate suspicious emails, and reduce the workload on security teams. Those tools have improved response times and helped security personnel process larger volumes of threats with fewer resources.
However, the gains have been offset by a rapid rise in AI-generated phishing attacks.
Generative AI tools now allow attackers to create convincing phishing emails at scale, eliminating many of the traditional warning signs that employees were trained to spot, such as poor grammar, awkward phrasing, and generic messaging. Security researchers note that modern AI-generated phishing campaigns are often highly personalized, context-aware, and capable of bypassing traditional email filtering systems.
As a result, organizations are spending more on advanced detection systems, employee training, and incident response efforts. While AI-powered defenses improve efficiency, they do not necessarily reduce cybersecurity costs because attackers are using the same technology to increase the volume and effectiveness of their campaigns.
The findings reflect a broader trend across the cybersecurity industry. Recent reports indicate that AI has become a major force multiplier for cybercriminals, enabling phishing, business email compromise, and social engineering attacks to be launched more quickly and at lower cost. Some industry estimates suggest that a large majority of phishing emails now contain AI-generated content.
Cybersecurity experts increasingly warn that organizations can no longer rely solely on traditional email security tools. Instead, companies are being encouraged to adopt layered security strategies that combine AI-driven detection, behavioral analysis, employee awareness training, and identity-based security controls.
The IRONSCALES research underscores a growing reality for businesses: artificial intelligence is changing both sides of the cybersecurity equation. While AI is helping defenders work more efficiently, it is simultaneously lowering the barrier for attackers to launch sophisticated phishing campaigns, creating an ongoing technological arms race that shows little sign of slowing.
