← All articles
April 22, 20268 min read

AI-assisted phishing in 2026: what changed and what to do

Generative models removed every visible tell of a phishing email — bad grammar, awkward tone, generic greeting. The defense has to move up the stack.

#Cybersecurity#AI Security#Phishing

The 'poorly written email' signal is gone. Attackers now generate fluent, context-aware messages in your users' native language, sometimes threaded into an existing conversation.

Assume any text can be forged

Stop training users on grammar and greetings. Train them on process: 'Did anyone ask you for this? Did the request come through the correct channel?' Verify out of band, always.

Harden the click and the credential

FIDO2 phishing-resistant MFA. Conditional access on impossible travel. Browser isolation for links in unexpected mail. These stop the attack even after the click.

Detect the payload, not the pretext

Modern EDR + email security look at the URL destination, the OAuth consent, the attachment sandbox result. The prose stopped being a useful feature months ago.