Artificial intelligence is fundamentally altering the landscape of phishing attacks, shifting from manual, isolated attempts to continuous, autonomous operations that span multiple communication channels. Eyal Benishti, CEO of IRONSCALES, describes this evolution as a reset of the threat curve, where attackers now leverage AI to create highly contextual and personalized campaigns. In a recent interview, he outlined how these advanced attacks move beyond traditional indicators of compromise, focusing instead on manipulating user behavior through sophisticated social engineering.

Phishing has long been a staple of cybercriminal activity, but the integration of AI marks a clear turning point. Benishti notes that what was once a labor-intensive process for attackers—crafting emails, researching targets, and manually delivering payloads—has now become an automated workflow. AI systems can perform reconnaissance, generate convincing messages, and execute delivery without any human intervention. This autonomy allows attacks to scale massively while maintaining a level of personalization that fools even experienced users.

Benishti refers to this new paradigm as "phishing 3.0." Unlike earlier generations that relied on generic spam or simple social engineering, version 3.0 is multi-step, multi-channel, and fully automated. Attackers no longer depend on known malicious indicators like suspicious links or attachments; instead, they focus on intent. The core question, as Benishti puts it, becomes: "Can we make someone do something they’re not supposed to do?" This shift from detecting malicious artifacts to understanding behavioral manipulation represents a fundamental change in how organizations must defend themselves.

The multimodal nature of modern phishing is particularly concerning. Benishti points out that phishing can now take the form of a voice call or even a realistic face on a screen, thanks to deepfake technology. Attackers are not restricted to email; they use phone calls, SMS, social media, and video conferencing to build trust and deceive targets. This erosion of trust across digital interactions requires a defense strategy that can operate across all these channels simultaneously.

Traditional security tools, such as email gateways and signature-based detection, are falling behind. They were designed to identify known threats and static patterns, but AI-generated attacks are dynamic and context-aware. Benishti argues that defenders must adopt the same technologies that attackers use. AI agents, he says, can help organizations move from reactive defense to continuous threat anticipation. These agents analyze behavior, detect anomalies, and respond in real time to emerging threats.

Benishti brings a rich background to this discussion. Before leading IRONSCALES, he worked as a security researcher, reverse engineer, and malware analyst. He holds degrees in computer science and mathematics, and he is a member of the Forbes Technology Council. His experience in analyzing advanced threats informs his view that AI is not just a tool for attackers but also an essential component of modern defenses.

One of the key challenges with phishing 3.0 is its ability to evade conventional training and awareness programs. Employees are taught to look for red flags like poor grammar or suspicious links, but AI can generate perfect, contextually appropriate messages. Benishti emphasizes that defenses must be built around intent and behavior rather than content. This means implementing systems that monitor user actions and flag unusual requests, such as unauthorized transfers or access to sensitive data.

Another aspect of the new threat curve is the speed of attack. AI can generate and distribute phishing campaigns in seconds, adapting based on the success or failure of each iteration. This creates a moving target for security teams, who must respond faster than ever before. Benishti advocates for AI-driven automation that can block or mitigate attacks before they reach users. He compares this to having a digital immune system that constantly learns and evolves.

The implications for organizations are profound. Benishti warns that many companies are still relying on outdated security models that assume static threats. In the age of phishing 3.0, static defenses are ineffective. He urges CISOs to invest in AI-based platforms that can aggregate telemetry from multiple sources—email, endpoints, network traffic—to build a comprehensive picture of user behavior. These platforms can then use machine learning to identify deviations that indicate an attack.

Looking ahead, Benishti predicts that AI will continue to blur the line between legitimate and malicious communications. Attackers will increasingly use generative models to create entire personas, complete with history and context, to engage in long-term social engineering. Defenders, in turn, will need to deploy similarly sophisticated AI that can engage in reciprocal analysis—questioning the authenticity of every interaction.

The resetting of the threat curve is not a distant possibility; it is happening now. Organizations that fail to adapt will find themselves exposed to a new breed of phishing that is relentless, adaptive, and deeply deceptive. Benishti’s message is clear: AI is both the problem and the solution. Embracing proactive, AI-driven defense is no longer optional but essential for survival in the evolving cybersecurity landscape.

Source: Darkreading News