In 2025, phishing has entered a new phase—faster, smarter, and far more dangerous. Academic and Government data confirm that AI is no longer a fringe tool in cybercrime. It’s now a core enabler of large-scale, deeply convincing phishing attacks. Additionally, reports from leading commercial cybersecurity firms are showing that AI-driven phishing is already bypassing many traditional defenses.
Academic and Government Data Show AI-Phishing Works Too Well
According to the SOCTA 2025 Report, AI is rapidly becoming a significant tool in serious and organized crime across Europe. Criminal groups are increasingly leveraging artificial intelligence to enhance and scale their operations, including:
- Automating and personalizing phishing and social engineering campaigns at large scale
- Creating multilingual, localized content tailored to specific victims
- Using deepfake technology to impersonate executives and public figures in voice and video
"AI's automation capabilities are transforming the efficiency of criminal operations. From automating phishing campaigns to executing large-scale cyber-attacks, AI enables criminals to achieve more—reach more victims, be more targeted in their approach, and expand their global reach—with fewer resources."
— SOCTA 2025, Europol
Backing up these findings is a May 2025 study led by researchers Weinz, Zannone, Allodi, and Apruzzese. The team conducted real-world tests on over 71,000 phishing emails, comparing traditional methods with those generated using large language models (LLMs) like GPT-style tools.
Their results are striking:
"We also find that LLMs can be very good "social engineers": in one company, over 30% of the emails opened led to visiting the landing webpage -- a rate exceeding some prior benchmarks."
— Weinz, Zannone, Allodi, and Apruzzese
Both reports reveal how AI radically improves its effectiveness. By mimicking human tone, referencing organizational context, and adjusting to linguistic nuances, AI-generated emails and login pages are far more likely to deceive even trained employees.
Leading Cybersecurity Firms are Also Sounding the Alarm
The Zscaler ThreatLabz 2025 Phishing Report reveals how attackers have moved beyond mass phishing campaigns to leverage generative AI for highly targeted attacks. The report shows that cybercriminals are now using AI to create sophisticated scams that exploit human vulnerabilities with unprecedented precision, particularly targeting critical business functions like HR, payroll, and finance teams. As the report states:
“Today’s attackers are leveraging generative AI (GenAI) to deliver hyper-targeted scams, transforming every email, text, or call into a calculated act of manipulation.”
— Zscaler ThreatLabz 2025 Phishing Report
The KnowBe4 2025 Phishing Threat Trends Report highlights how AI is transforming the phishing landscape. The report found that 92% of polymorphic attacks now utilize AI to achieve unprecedented scale.
"In 2025, it's been in with the old and in with the new, as cybercriminals use new techniques to 'revive' the efficacy of existing attacks."
— KnowBe4 2025 Phishing Threat Trends Report
How We Fight Back: Mandatory Device Registration & Phish-Resistant MFA
At Align, we follow a Zero-Trust security model—never assuming any user, device, or connection is safe by default. We protect clients by adding two powerful layers of defense: Device Registration and phishing-resistant MFA. That being said, no system is foolproof. Employees still must stay alert and report anything that seems off.
"With the rapid adoption of AI, threat actors have gained a new suite of powerful
tools, particularly for phishing, vishing, and deepfake attacks. This has shifted the balance, making it more challenging for businesses to stay secure.While the cybersecurity industry works on long-term solutions, there are steps you can take now. Align recommends a combination of security tools within M365 to immediately strengthen your defenses and protect your company’s virtual assets and data from these new, AI-powered threats."
- Vincent Amoroso, Manager of Cloud Operations and Automation at Align
Device Registration
Device registration identifies and approves the specific devices trusted by your organization. This means:
- If an attacker steals credentials, they can’t log in unless they use a registered device
- Attempts from unregistered devices, especially from unusual locations, are automatically blocked or flagged
Why it matters now: AI-based phishing may capture your password, but without your trusted device, it can’t penetrate your systems.
Phishing-Resistant MFA
Traditional MFA methods (like SMS or app-based codes) are vulnerable to real-time phishing proxy attacks, where attackers trick users into revealing MFA codes that are immediately reused. AI phishing often uses this method.
Phishing-Resistant MFA ensures that:
- Authentication is bound to a registered device, mobile device, or hardware key
- Credentials cannot be replayed or intercepted by fake login pages
- Logins occur silently or with biometric confirmations—no OTP typing needed
Beyond security, phish-resistant MFA delivers a superior user experience by opening the door to the availability of password-less authentication.
We’re seeing phishing campaigns today that are nearly indistinguishable from internal communications. Our mission is to stay ahead of these AI-driven tactics by embracing a Zero-Trust approach and deploying the most effective safeguards available, like device registration and phishing-resistant MFA. Our job is to ensure clients are protected before these attacks happen.”
— Vinod Paul, President, Align Managed Services
Learn More About Align Managed Services
Align helps clients stay ahead of emerging cyber threats with modern, resilient IT solutions. To learn how our Managed Services team can strengthen your organization’s defenses, get in touch or visit https://www.align.com/managed-services.
