AI-generated phishing has surged to become the top initial-access vector in Q1 2026 incident-response engagements, accounting for 35% of investigated compromises and overtaking exploitation of external vulnerabilities. Attackers are using AI to craft highly personalized, polymorphic lures that abuse legitimate services and valid accounts, prompting calls for defenders to adopt AI-driven defenses and reinforce identity and MFA protections. #CiscoTalos #Gmail
Keypoints
- Phishing caused 35% of investigated compromises in Q1 2026, surpassing external vulnerability exploitation.
- AI tools produce more convincing, multilingual, and highly personalized phishing emails.
- Polymorphic phishing now rapidly changes lures, averaging about 1.8 unique emails per campaign.
- Attackers increasingly target identities and legitimate services like Gmail and DocuSign, often using valid accounts and exploiting MFA weaknesses.
- Defenders are advised to deploy AI-driven detection, test MFA resilience, and prioritize identity protection.
Read More: https://www.darkreading.com/cyber-risk/ai-phishing-no-1-cyberattackers