AI-powered Phishing Attacks Hitting Inboxes Every 19 Seconds

AI is now powering a new generation of phishing attacks, dramatically accelerating both volume and sophistication.

Cybersecurity firm Cofense’s new threat intelligence report warns that AI is now central to modern phishing operations, driving a sharp increase in the speed, scale and sophistication of cyber-attacks.

The report, titled The New Era of Phishing: Threats Built in the Age of AI, highlights what Cofense describes as a watershed moment for cyber defence in 2025, with analysts documenting a malicious email attack every 19 seconds – more than double the pace recorded in 2024, when attacks were observed every 42 seconds.

According to Cofense, this escalation demonstrates how AI has transformed phishing from an intermittent problem into a continuous and adaptive threat. The company says attackers are now using AI as an operational necessity, enabling them to generate, test and deploy campaigns at unprecedented speed while constantly evolving tactics to avoid detection.

“AI has fundamentally changed the economics and effectiveness of phishing,” said Josh Bartolomie, chief security officer at Cofense.

“Threat actors are now using AI as core infrastructure, not just to craft highly personalized emails, but to dynamically adapt phishing pages based on the victim’s device, generate thousands of unique variants of the same attack, and manage infected systems at scale.

“Traditional perimeter defenses can’t keep pace with threats that shape-shift after delivery. Organisations need post-delivery visibility, human intelligence, and context-aware detection to identify and remediate what gets through.”

Emerging trends redefining AI-driven phishing

The report identifies five major trends shaping the current AI-powered phishing landscape.

Cofense found that polymorphic attacks are now the default delivery model, with 76% of initial infection URLs unique to individual campaigns and 82% of malicious files carrying unique hashes. This level of variation, the company says, renders traditional pattern-matching ineffective.

Attackers increasingly use publicly available data, including home addresses, organisational charts and social media activity, to personalise each message, making phishing emails appear distinct and credible.

Cofense also observed a rise in adaptive, analysis-aware phishing pages, with threat actors deploying dynamic websites that change payloads depending on the victim’s browser, operating system and device. The same phishing site may deliver Windows executables to PC users, macOS packages to Mac users, and mobile-optimised credential harvesting pages to smartphone visitors. More advanced kits are able to detect security tools and redirect analysts to legitimate websites to evade investigation.

Impersonation attacks have also increased as AI removes traditional warning signs. Business email compromise has surged, with conversational attacks now accounting for 18% of all malicious emails. These campaigns feature grammatically perfect, contextually accurate messages designed to closely mimic legitimate internal communications. Cofense notes that these text-only attacks bypass many security controls and exploit trust within organisations.

The report further highlights a sharp rise in the abuse of legitimate tools. Use of remote access software such as ConnectWise ScreenConnect and GoTo Remote Desktop increased by 900% by volume, with attackers repurposing these platforms as remote access trojans. Malicious files are often hosted on trusted services including Dropbox and AWS, signed with valid certificates, and routed through established domains, making them appear legitimate to endpoint detection systems.