Cofense, a provider of intelligence-driven post-perimeter phishing defense, has released its latest threat intelligence report, “The New Era of Phishing: Threats Built in the Age of AI.” The report highlights that artificial intelligence (AI) technologies are now integral to threat actor operations, significantly altering the speed, scale, and sophistication of contemporary phishing attacks.

The company’s analysts documented a substantial increase in malicious email attacks in 2025, occurring every 19 seconds, which more than doubles the 2024 rate of one attack every 42 seconds. This escalation suggests that AI has transformed phishing from an intermittent threat into a continuous and adaptive challenge. The data indicates that AI is no longer an experimental tool for attackers but an operational necessity, enabling them to generate, test, and deploy campaigns at increased speed and scale while continuously evolving tactics to evade detection.

Josh Bartolomie, Chief Security Officer at Cofense, stated that “AI has fundamentally changed the economics and effectiveness of phishing.” He added that “Threat actors are now using AI as core infrastructure, not just to craft highly personalized emails, but to dynamically adapt phishing pages based on the victim’s device, generate thousands of unique variants of the same attack, and manage infected systems at scale. Traditional perimeter defenses can’t keep pace with threats that shape-shift after delivery. Organizations need post-delivery visibility, human intelligence, and context-aware detection to identify and remediate what gets through.”

The report identifies five key trends in the AI-powered phishing landscape. First, polymorphic attacks are becoming the standard delivery model, with 76% of initial infection URLs and 82% of malicious files exhibiting unique characteristics, often bypassing traditional pattern-matching detection. Attackers are leveraging publicly available data to personalize messages, making each phishing email distinct and credible.

Second, threat actors are deploying adaptive, analysis-aware phishing pages. These dynamic websites deliver different payloads based on the victim’s browser, operating system, and device. For instance, Windows users may receive executables, macOS users packages, and mobile visitors optimized credential harvesting pages. Advanced kits also detect security tools and redirect analysts to legitimate websites to evade investigation.

Third, AI-powered attacks are perfecting impersonation, leading to a surge in Business Email Compromise (BEC) attacks. AI has eliminated traditional warning signs, with conversational attacks now comprising 18% of all malicious emails. These messages are grammatically correct and contextually accurate, mimicking legitimate internal communications and often bypassing most security controls by exploiting organizational trust.

Fourth, legitimate tools are being weaponized at an unprecedented scale. The report notes a 900% increase in the abuse of legitimate remote access tools such as ConnectWise ScreenConnect and GoTo Remote Desktop, used as remote access trojans. Files are frequently hosted on trusted platforms like Dropbox and AWS, signed with valid certificates, and communicate through established domains, which can make them appear legitimate to endpoint detection systems.

Fifth, there is a mass migration to underutilized domains for phishing campaigns. Credential phishing campaigns using .es domains increased 51 times year-over-year, elevating the top-level domain from 56th to the 3rd most-abused. This shift is attributed to AI-enabled phishing kits that automatically generate domains, deploy subdomains, and launch advanced credential harvesting operations with minimal human intervention.

To counter these evolving AI threats, organizations are encouraged to adopt defenses that can adapt just as quickly. Effective protection requires a post-delivery defense approach that combines real-world threat insights with expert human context and automation to rapidly identify novel, constantly changing attacks. This strategy aims for remediation in minutes, not hours, by unifying employee-reported intelligence, expert oversight, and automated remediation to shorten response times and limit exposure.

Cofense specializes in stopping phishing by combining human intelligence from over 35 million global users with AI-driven detection and response tools. The company states its platform reduces false positives, remediates threats quickly, and enhances human security through real-world phishing simulations, processing over 9 million high-risk emails annually.