Few areas of cybersecurity have been transformed by AI as rapidly as phishing. In the three years since ChatGPT first launched, generative AI has completely transformed the phishing threat landscape.
Attackers can now research targets in minutes, rather than hours. Phishing emails are perfectly crafted, with no spelling mistakes or awkward phrases that were dead giveaways before. And attacks are spreading far beyond the inbox into voice, SMS, video, and collaboration platforms.
The phishing threat that organizations face in 2026 looks fundamentally different from the one they were defending against just three years ago, and the cost of dealing with it is climbing in step.
In fact, IRONSCALES new Business Cost of Phishing report has found that the share of IT and security working hours consumed by phishing has climbed from 33.5% to 36.5% since 2022. In dollar terms, phishing now eats $51,948 of every composite IT or security professional’s annual salary.
Expert Insights sat down with Audian Paxson, Principal Technical Strategist at IRONSCALES, an AI-powered email security platform that protects organizations from phishing, business email compromise, and account takeover.
In this interview, Paxson discusses what’s driving the rising cost of phishing despite faster defenses, how AI has reshaped the threat landscape on both sides since the launch of ChatGPT, why multi-channel ‘Phishing 3.0’ attacks and deepfakes are eroding the verification model security teams have relied on, and where CISOs should be focusing their investment now.
Q. IRONSCALES’ new Business Cost of Phishing report has just been released, measuring the cost of phishing within the business. What were your key takeaways and what surprised you?
The headline finding is that security teams got faster at handling phishing, and it still cost them more. Organizations now remediate individual phishing emails 16% faster than they did in 2022, averaging 23.2 minutes per incident compared to 27.5 minutes. That efficiency gain is real, and it reflects the investment organizations have made in AI-powered email defenses over the past three years.
But the cost story tells you why efficiency alone is not enough. Despite handling each email faster, the average IT or security professional now spends 37% of their working hours on phishing-related activities, up from 33.5% in 2022. In dollar terms, that’s $51,948 a year, the share of a $142,293 fully-burdened composite salary that phishing now eats. The share of available working hours consumed by phishing rose from 33.5% to 36.5%. Per-incident speed went up. Total burden went up faster.
What surprised me most was how clearly the data illustrated that attackers are outpacing defenders on volume. AI gave both sides new tools. Defenders used it to detect and respond faster. Attackers used it to generate more campaigns and, with AI doing the heavy lifting, automate the personalization and probing of defenses for weaknesses, at a scale that was previously impossible. The net result is an arms race where defenders are running faster just to stay in place.
Q. Your previous report came out a month before ChatGPT launched. What impact has AI had on the phishing threat landscape?
The timing is almost too perfect as a benchmark. Our October 2022 report doesn’t mention artificial intelligence once. This new report has AI on every page.
Three dynamics have changed since generative AI entered the threat landscape. First, attack volume. Personalized phishing attacks that used to require hours or days of manual research now take minutes to prepare. That compressed cycle time means attackers can launch more campaigns against more targets in less time. Second, attack speed. Shorter preparation time translates directly into faster campaign cadence. Third, evasiveness. Attackers are using AI to automate the probing of defenses and autonomously adapt their attacks to bypass detection.
On the defensive side, AI has been transformative too. Nine out of ten organizations had already implemented an AI-powered email security platform by August 2023, according to our research with Osterman at the time. That rapid adoption is what drove the 16% reduction in per-incident handling time we see in this report. AI-powered defenses are catching threats faster and automating triage that used to be manual.
The problem is that these two forces are not balanced. Attackers are using AI to increase the total number and sophistication of attacks at an exponential rate. Defenders are using AI to handle each attack more efficiently. Efficiency versus volume. Right now, volume is winning. Attackers also operate without the red tape defenders face. They have no review committees, no compliance frameworks, and no internal governance slowing them down. Even the most aggressive defenders still have guardrails to work within.
Q. Half of all organizations now rate phishing as a high or extreme threat, up from a third in 2022. What’s driving that shift?
Three factors are converging. The first is that AI-generated phishing emails no longer carry the telltale signs that employees and detection systems were trained to spot. No spelling mistakes, no awkward phrasing, no mismatched branding. The traditional signals that something is off have disappeared, which makes every inbound email harder to evaluate.
The second factor is the expansion of phishing beyond email. When a single set of compromised credentials unlocks Outlook, OneDrive, SharePoint, and Microsoft Teams (or the equivalent in Google Workspace), attackers gain access to every channel in the productivity suite. Organizations told us they’re already seeing phishing attacks in messaging platforms, cloud-based file sharing, video conferencing, and collaboration tools. Employees trained to spot phishing only in email are not prepared for threats in these channels.
The third factor is the emergence of multi-stage, multi-channel attacks. The report flagged this as the highest-concern attack type. An attack starts with a text or LinkedIn message, moves to email, then a voice or video call. Each touchpoint builds trust and legitimacy. Employees are not trained to connect these dots across platforms, and most security tools are not instrumented to correlate signals across channels either.
When you combine AI-generated content quality, broader attack surfaces, and multi-channel social engineering, the result is a threat landscape that looks fundamentally different from three years ago.
Q. The report says AI gives attackers a significant advantage over defenders in terms of attack volume, speed, and evasiveness. What impact can this have on organizations and how is it driving the cost of phishing attacks?
Four out of ten respondents expect these three dynamics (volume, speed, and evasiveness) to worsen over the next 12 months. That expectation is grounded in what they are already experiencing.
The cost impact is straightforward. When AI allows an attacker to generate a convincing, personalized phishing email in minutes instead of hours, the number of attacks reaching employee inboxes goes up. Each of those attacks requires detection, investigation, and remediation. Even if your team handles each one faster thanks to AI-powered defenses, the aggregate workload increases. That is exactly what the data shows. The average cost per phishing email dropped from $31.32 to $27.51 (a 12% reduction), but the percentage of IT and security team hours consumed by phishing rose from 33.5% to 36.5%. The annual labor cost a composite IT or security professional spends on phishing climbed to $51,948.
The evasiveness dimension is particularly concerning. Attackers are using AI to autonomously adapt campaign attributes, testing which variations bypass specific defensive configurations. That means static detection rules and signature-based approaches become stale faster. Organizations need defenses that learn and adapt at the same pace as the attacks. Otherwise, you are paying more people to fight a growing volume of threats that are increasingly designed to get past whatever you deployed last quarter.
Q. There was a high level of reported concern for account compromise, AI risks, and malicious attachments. Multi-stage phishing that crosses channels, e.g., from email to voice call to text message, came out as the highest-concern attack type. How significant is this risk today as phishing moves beyond just email?
Multi-channel phishing is significant because it exploits a structural blind spot in how most organizations approach security. Email security tools watch email. Endpoint tools watch endpoints. Voice and SMS typically have minimal monitoring. When an attack flows across all three channels, no single tool sees the full picture, and the employee on the receiving end is not equipped to connect the dots.
The social engineering dimension is equally important. Trust is higher in channels that feel personal or closed. An employee who might hesitate over a suspicious email will often respond quickly to what sounds like their manager on the phone, or a text message referencing a conversation they just had. Multi-stage attacks are designed to build legitimacy incrementally. Each touchpoint reinforces the narrative established in the previous one.
This is a defining characteristic of what we call Phishing 3.0, the era of AI-powered, multi-channel attacks. Phishing 1.0 was about malicious content: bad links and infected attachments. Phishing 2.0 was about malicious intent: BEC and social engineering with no malicious payload to scan. Phishing 3.0 combines AI-generated content quality with multi-channel delivery and real-time manipulation. The attack surface is no longer just the inbox. It is every communication channel your employees use.
Organizations need to think about phishing protection as a communication security problem, not just an email security problem. That means extending detection, training, and response capabilities across the full range of tools employees interact with daily.
Q. The report flags the potential for AI-personalized phishing using LinkedIn and social media data as a major concern. Could this happen at scale, and how could it impact the potential scope and cost of successful phishing attacks?
It is already happening at scale. The combination of open-source intelligence tools, social media APIs, and large language models means an attacker can aggregate data from LinkedIn, X, GitHub, company websites, and event and job listings, then generate a personalized phishing email in seconds. Before generative AI, personalization at that level required manual research. It was effective but slow, which limited it to high-value targets like executives. Now the economics have inverted. Personalization is cheap and fast, so it can be applied across an entire organization.
The impact on scope is that attacks designed around your role, your projects, your recent conference attendance, or your professional relationships carry fewer signals of maliciousness. They read like legitimate business communication. Traditional security awareness training teaches employees to look for red flags. AI-personalized phishing removes those red flags. When the phishing email references your actual work, uses the right internal terminology, and mirrors the communication style of someone you know, the detection challenge shifts entirely.
The cost impact follows directly. Personalized attacks have higher success rates. Higher success rates mean more credential compromises, more BEC losses, and more data breaches. And each of those outcomes carries costs that are orders of magnitude higher than the direct time-based costs profiled in this report. We are talking about data breach notification costs, regulatory fines (which have increased significantly since 2022 with new SEC disclosure rules and expanding privacy legislation), loss of customer trust, and reputational damage.
This is why we built our Red Teaming Agent to use the same open-source reconnaissance methods attackers use. It researches your organization the way a threat actor would, using social media and public data, then hardens your detection models before the first real attack email is sent. You have to anticipate what personalized attacks will look like for your specific organization, not just defend against generic templates.
Q. Adding to the above, 62.5% of respondents say deepfake attacks are immediately disruptive. How is the ability to create highly realistic deepfakes impacting the phishing threat landscape?
Deepfake technology has moved from theoretical to immediately disruptive. The report shows deepfakes carry the highest ‘extremely impactful’ rating (31.3%) of the three emerging threat trends we asked about.
The reason is that deepfakes break the last layer of human verification that organizations rely on. When employees receive a suspicious email, the standard advice is to verify through another channel: call the person, check on a video call, confirm the request directly. Deepfake voice and video undermine that entire verification model. If an attacker can clone your CEO’s voice convincingly enough to leave a voicemail, or generate a real-time video that looks like your CFO on a Teams call, the ‘verify through another channel’ safeguard collapses.
In combination with generative AI, deepfakes enable more sophisticated attacks with greater deception at a faster cadence. Employees now face a challenge most are not trained for: discerning when a phone call, voicemail, or video meeting features someone who is not who they appear to be.
We have seen this play out in real-world incidents involving fraudulent wire transfers authorized after deepfake video calls with what appeared to be senior executives. The financial exposure is substantial, and most organizations lack both the technical controls and the employee readiness to counter it. That gap between the threat and the defensive posture is what makes deepfakes so disruptive. It is why we built Deepfake Protection for Microsoft Teams, the industry’s first integrated solution that verifies identities in real time using visual and audio analysis, without recordings or transcripts.
Q. Phishing-related activities are a major time drain for respondents to this survey, with 36.5% of available working hours for IT and security teams devoted to handling phishing. How can teams reduce the time spent on phishing attacks?
The 36.5% figure represents more than a third of your security team’s capacity consumed by phishing. For a team of ten IT and security professionals, that is the equivalent of nearly four full-time employees doing nothing but handling phishing. The fully-burdened labor cost per composite IT or security professional is now $51,948 annually, the share of a $142,293 composite salary spent on phishing-related work. That is budget not going toward strategic security projects, threat hunting, or architecture improvements.
Reducing that burden requires automation at every stage of the phishing lifecycle. Detection needs to be faster and more accurate, so fewer threats require manual investigation. Triage needs to be automated, so analysts are only reviewing threats that genuinely require human judgment. And remediation needs to happen without human intervention for the 99% of threats where the verdict is clear.
This is exactly what agentic AI is designed to solve. Our Phishing SOC Agent performs L2 analyst-level forensic investigation in minutes, not hours. Themis, our agentic AI virtual SOC, autonomously classifies, clusters, and remediates threats. The result for our customers is incident response that drops from 30 minutes to 30 seconds, and 99%+ of threats handled without human intervention. The City of Memphis reported a 95% reduction in man-hours after deploying IRONSCALES.
The goal is not to eliminate the security team. It is to free them from repetitive triage work so they can focus on the threats and strategic initiatives that actually require their expertise.
Q. The report mentions that traditional methods of stopping phishing are no longer enough to stay protected. For example, traditional security awareness training could be less effective at stopping highly personalized phishing messages. How can organizations best protect their employees?
Traditional security awareness training was designed for a different era of phishing. It teaches employees to look for red flags: misspelled words, generic greetings, urgent requests from unknown senders, suspicious URLs. When AI generates phishing emails that are grammatically perfect, contextually relevant, and personalized to the recipient’s actual role and relationships, those red flags disappear.
That does not mean training is obsolete. It means training needs to evolve to match the threat. Generic annual phishing simulations using off-the-shelf templates do not prepare employees for the AI-crafted, personalized attacks they will actually face. Training needs to be continuous, realistic, and tailored to the specific threat landscape of each organization.
This is why we built our Phishing Simulation Agent. It uses real open-source reconnaissance against your organization (the same methods attackers use) to generate simulations that reflect what a real attack against your employees would actually look like. The difference between a generic simulation and one that mirrors your org’s actual threat exposure is the difference between compliance training and real preparedness.
Beyond simulation, employees need real-time guidance at the moment of decision. Dynamic email banners that provide context about message risk, and tools like our Themis Copilot that help employees analyze suspicious emails in Outlook, move the intervention point from annual classroom training to the exact moment when an employee is deciding whether to trust a message.
The combination of adaptive, organization-specific simulation, real-time in-context guidance, and AI-powered technical controls creates a layered defense where employees are part of the security posture rather than the weakest link in it.
Q. The report also highlights how Microsoft 365 and Google Workspace are being weaponized for phishing attacks. How can teams close this gap?
The weaponization of productivity platforms is a direct consequence of credential compromise. When an attacker gets access to one set of Microsoft 365 credentials, they do not just get email. They get OneDrive, SharePoint, Microsoft Teams, and more. The same applies to Google Workspace with Drive, Docs, and Meet. The report shows that corporate-approved platforms are being hit with phishing attacks most frequently, because employees inherently trust content delivered through the tools their organization uses every day.
The gap exists because most email security solutions operate upstream of the inbox or only monitor external email. They do not have visibility into internal traffic, lateral movement within collaboration tools, or content shared through file-sharing platforms. If a compromised account sends a phishing link through a meeting invite, a SharePoint document, or a Teams message, the traditional email security stack never sees it.
Closing this gap requires an API-based approach that operates at the platform level, inside the environment, with visibility into both internal and external communication. IRONSCALES integrates natively with Microsoft 365 and Google Workspace via API. That means full visibility into internal email, the ability to detect compromised accounts sending phishing messages within the organization, and protection that extends to the collaboration tools where attacks are now appearing.
Account takeover protection is essential here as well. Detecting the credential compromise itself, before the attacker can weaponize the account across the platform, stops the attack at its source rather than chasing it across multiple channels after the fact.
Q. On the positive side, the report suggests it’s now quicker to deal with phishing due to AI-powered defenses: nine out of ten organizations had implemented an AI-powered email security platform. How can this help to reduce the burden of phishing on security teams?
The data validates what we have been building toward for over a decade. AI-powered defenses have reduced the average time to handle a single phishing email from 27.5 minutes to 23.2 minutes, a 16% improvement. That translates to a 12% reduction in per-incident cost, from $31.32 to $27.51 per phishing email.
Where AI-powered defenses make the biggest impact is in three areas. First, detection accuracy. Behavioral AI that builds communication baselines and social graphs catches threats that rule-based systems miss entirely, particularly BEC and social engineering attacks where there is no malicious payload to scan. Second, automated triage. AI can classify, prioritize, and cluster similar threats so analysts review a handful of incidents instead of hundreds. Third, automated remediation. When the platform can autonomously remove confirmed threats from every affected inbox across the organization in seconds, the time-per-incident drops dramatically.
The 9-in-10 adoption stat from our 2022 Osterman research shows that organizations recognized the need quickly. The question now is whether those deployments are keeping pace with the threat. The report is clear that what organizations have today is essential but not yet sufficient. Respondents view AI as the innovation with the greatest potential to boost email security, with 52.3% giving answers that explicitly mentioned AI when asked about emerging innovations. But the data also shows that total time spent on phishing has increased despite per-incident efficiency gains.
The next step is moving from reactive AI (detect and respond faster) to preemptive AI (anticipate and prevent attacks before they reach the inbox). That is the shift from automation to agentic security, where AI does not just process threats faster but actively researches your threat landscape and hardens your defenses proactively.
Q. Despite this, only one in five respondents expect phishing to get easier to deal with in the next 12 months. For the CISOs reading this, what should they be doing now?
The 80% who do not expect improvement are being realistic. The data supports their caution. AI is a leading driver for both reducing and increasing the time required to handle phishing. For those expecting less time, it is better detection and response tools. For those expecting more time, it is more sophisticated, complex, and harder-to-detect attacks. Both are right. The question is which force wins in your specific environment.
For CISOs, I would focus on four priorities. First, audit your current detection gaps. The report shows that defenses are catching obvious phishing threats but missing the new sophisticated ones, particularly internal phishing from compromised accounts, post-delivery link weaponization, and AI-generated impersonation. If your current platform cannot detect these attack types, you have a gap that is widening every quarter.
Second, extend protection beyond email. Phishing is a multi-channel problem now. If your security stack only monitors email and an attacker is sending phishing links through Teams, SharePoint, or Google Drive, you have blind spots that attackers know about and are actively exploiting.
Third, move from reactive to preemptive. The defensive model that worked three years ago (detect, investigate, respond) is being overwhelmed by volume. Organizations need to get ahead of attacks by understanding what threats are likely to target their specific organization and hardening defenses before those attacks arrive. That is what agentic AI capabilities like our Red Teaming Agent are designed to do.
Fourth, quantify the cost and make the business case. This report gives you the numbers: $51,948 per composite IT or security professional per year consumed by phishing, 36.5% of your team’s working hours. Multiply that across your security staff, add the downstream costs of successful attacks, and present the total cost of the current approach against the investment required for a more capable defensive posture. The ROI case for better phishing protection has never been more clear-cut.
Learn more about IRONSCALES and read the full Business Cost of Phishing report.
