86% of phishing attacks now AI-driven — Experts warn of a dangerous new era

cybercriminals are increasingly moving beyond traditional email-based attacks to exploit platforms such as calendar invitations and messaging tools.

One of the most striking findings is that 86% of phishing attacks are now AI-driven, underscoring the growing role of artificial intelligence in cybercrime.

“The inbox is no longer the only front line for coordinated social engineering attacks,” said Jack Chapman, SVP of Threat Intelligence at KnowBe4. “Cybercriminals are actively broadening the email threat landscape. As businesses rely more on real-time collaboration tools, attackers are exploiting these platforms, including users’ calendars. This method targets both people and technology simultaneously.”

Key findings from the past six months:

• 86% of phishing attacks were AI-driven
• 49% increase in phishing attempts via calendar invites
• 139% surge in the use of reverse proxies to steal Microsoft 365 credentials
• 41% rise in attacks targeting Microsoft Teams
• A shift from single-vector attacks to multi-channel orchestration
• More targeted social engineering tactics, including internal team impersonation, observed in 30% of attacks in Q1 2026

Chapman further noted that social engineering is becoming increasingly sophisticated and targeted, making it harder to distinguish between legitimate and malicious communication.

“The Phishing Threat Trends Report Volume Seven shows that phishing in 2026 is disciplined, persistent, multi-channel, and increasingly AI-enabled,” he said. “As cybercriminals expand their tactics and attack surfaces, organisations must focus on securing both their workforce and the AI tools they use.”