Welcome to the forefront of conversational AI as we explore the fascinating world of AI chatbots in our dedicated blog series. Discover the latest advancements, applications, and strategies that propel the evolution of chatbot technology. From enhancing customer interactions to streamlining business processes, these articles delve into the innovative ways artificial intelligence is shaping the landscape of automated conversational agents. Whether you’re a business owner, developer, or simply intrigued by the future of interactive technology, join us on this journey to unravel the transformative power and endless possibilities of AI chatbots.
Getty Images/iStockphoto
As AI’s popularity grows and its usability expands, thanks to generative AI’s continuous improvement model, it is also becoming more embedded in the threat actor’s arsenal.
To mitigate increasingly sophisticated AI phishing attacks, cybersecurity practitioners must both understand how cybercriminals are using the technology and embrace AI and machine learning for defensive purposes.
Phishing attacks have long been the bane of security’s existence. These attacks that prey on human nature have evolved from the days of Nigerian princes and rich relatives looking for beneficiaries to increasingly sophisticated attacks that impersonate Amazon, the Postal Service, friends, colleagues and business partners, among others.
Often evoking fear, panic and curiosity, phishing scams use social engineering to get innocent users to click malicious links, download malware-laden files, and share passwords and business, financial and personal data.
While phishing attacks have always been difficult for users and security teams to detect and avoid, AI has increased their effectiveness and impact by making them harder to discern and appear more legitimate.
Following are examples of attacks made worse by AI and generative AI (GenAI).
Traditional phishing attacks — via emails, direct messages and spurious websites — often contain spelling and grammatical errors, formatting issues, and incorrect names and return email addresses. AI has resolved many of these issues, removing mistakes and using more professional writing styles.
Phishing attacks are also becoming more timely. For example, large language models (LLMs) can absorb real-time information from news outlets, corporate websites and other sources to incorporate of-the-moment details into phishing emails. These details make the messages more believable and generate a sense of urgency that compels victims to act.
AI chatbots are also being used to create and spread business email compromise, whaling and other targeted phishing campaigns at a much faster rate than human attackers ever could on their own, increasing the scale and surface area of such attacks.
Spear phishing attacks use social engineering to target specific individuals with information gleaned from social media sites, data breaches and other sources. AI-generated spear phishing emails are often even more convincing and more likely to trick recipients.
At Black Hat USA 2021, for example, Singapore’s Government Technology Agency presented the results of an experiment in which the security team sent simulated spear phishing emails to internal users. Some were human-crafted, and others were generated by OpenAI’s GPT-3 technology. More people clicked the links in the AI-generated phishing emails than in the human-written ones — by a significant margin.
Fast-forward to today when LLM technology is more widely available and increasingly sophisticated. GenAI can — in a matter of seconds — collect and curate sensitive information about an organization or individual and use it to craft highly targeted and convincing messages and even deepfake phone calls and videos.
Voice phishing (vishing) uses phone calls, voice messages and voicemails to trick people into sharing sensitive information. Like other types of phishing, vishing attacks try to create a sense of urgency, perhaps by referencing a major deadline or a critical customer issue.
In a traditional vishing scam, the cybercriminal collects information on a target and makes a call or leaves a message pretending to be a trusted contact. For example, a massive ransomware attack on MGM Resorts reportedly began when an attacker called the IT service desk and impersonated an MGM employee. The malicious hacker was able to trick the IT team into resetting the employee’s password, giving the attackers network access.
AI is changing vishing attacks in the following ways:
AI and GenAI are already making life more difficult for cybersecurity practitioners and end users alike and will continue to do so.
To prevent and detect AI phishing attacks, it is critical to follow these best practices:
Finally, use AI to detect AI threats. If it takes one to know one, unsurprisingly, AI tools are uniquely suited to detect AI-powered phishing attempts. Note, however, that, while using an AI model to monitor incoming messages could go a long way toward preventing AI phishing attacks, the cost of doing so could prove prohibitively high. In the future, models will likely become more efficient and cost-effective as they become increasingly curated and customized — built on smaller data sets that focus on specific industries, demographics, locations and so on.
AI can improve phishing prevention and detection in the following ways:
Sharon Shea is executive editor of TechTarget Security.
Ashwin Krishnan is host and producer of StandOutIn90Sec, based in California. where he interviews tech leaders, employees and event speakers in short, high-impact conversations.
Part of: Modern phishing
Cybercriminals are using AI chatbots, such as ChatGPT, to launch sophisticated business email compromise attacks. Cybersecurity practitioners must fight fire with fire.
Quishing is an offputting word for an on-the-rise attack method. Learn how to defend against it.
Organizations and users need to be vigilant about spotting LinkedIn phishing attacks by bad actors on the large business social media platform. Learn how to foil the attempts.
Phishing is a perennial thorn in the side of enterprise security. Thanks to phishing-as-a-service offerings and phishing kits, the problem will only get worse.
Users who think phishing happens only over email should think again. Learn about recent Microsoft Teams phishing attacks and how to defend against them.
Nvidia GTC 2026 underscored surging AI infrastructure demand and ecosystem growth. Tokenomics and inferencing are emerging as key…
Network investments can significantly boost business performance and value. Modernization, security and automation can support …
Enterprises face rising network costs due to improper rightsizing, technical debt and manual management. Smart strategies can …
CIOs must treat AI vendor negotiations differently than legacy software deals, by using data assets, examining contracts and …
As organizations deploy agentic AI, Phil Merrel, CIO of PromptCare, encourages IT leaders to focus on the end-to-end process and …
Stay up to date with the latest U.S. tech news, IPOs and executive moves shaping the industry each week.
Windows disk space issues can affect performance and stability. These 10 practical tips help IT admins assess usage, clean up …
Compare Citrix vs. Azure Virtual Desktop with Nerdio to find the best fit for your IT needs. Citrix suits hybrid setups; AVD with…
When Intune policies or scripts stop applying to Windows endpoints, IT teams can restart the Intune Management Extension or use …
The CTO of Flexera shares his expert insights into the 2026 State of the Cloud Report’s findings and highlights a pivotal shift …
Why choose between public cloud and private systems when you can have both? With hybrid cloud, enterprises can address workload …
FinOps transforms cloud cost management by aligning spending with usage, cutting waste and boosting efficiency. Learn how …
After years of putting the building blocks in place, Stop Scams is ready and able to react quickly to fight emerging fraud threats
Lower-cost capacity, rapid scaling and improved service quality are all factors resetting expectations across the satcom market, …
We speak to industry experts about how demand for AI acceleration is driving new approaches to measuring greenhouse gas emissions
©2026 TechTarget, Inc. d/b/a Informa TechTarget. All Rights Reserved.
Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information