More convincing, more effective: AI made phishing better

When generative AI hit commercial markets, experts predicted it would make phishing more convincing. The clumsy grammar and weird phrasing that once gave attackers away were fading fast.

New research from Sagiss confirms that shift has landed inside the workplace. In the report, based on a survey of 500 US desk-based workers, 72% of respondents say phishing attempts feel more convincing than a year ago, driven by AI-generated language. 

This comes down to maturity. Attackers now write in ways that resemble trusted contacts. The tone lands and the timing fits – and the message blends into the working day. 

When realism meets routine

The report brings to light a deeper issue than improved wording – it shows how today’s digital work expectations amplify risk: 

• 68% check work messages outside normal hours
• 56% feel pressure to respond after hours

That creates a perfect entry point. Because messages arrive when employee attention is split, and they’re not thinking in the context of the office (where cyber hygiene has been drilled into them). When they see a request that looks routine, they respond fast – to get it out of the way. 

The realism of AI-generated phishing builds on that behaviour. According to the report, 64% of employees believe an AI-written message could convincingly impersonate someone they work with, while 57% say these messages are harder to spot because they sound more professional.

This is phishing that fits seamlessly into Slack threads, email chains, and calendar-driven workflows. It doesn’t stand out; it feels like more of the same stuff that people are responding to all day every day. 

Clicking first, checking later

The behavioural data adds a new area of work that security leaders have to focus on. 

• 63% clicked a work-related link in the past year and later felt they should have double-checked
• 57% verified a message only after taking action
• 45% replied to a message and later questioned its legitimacy

These numbers show that employees understand the rules, and they do recognise suspicious red flags – but the sequence of actions still starts with engagement and ends with verification.

That lines up with how people do their work. If you’re under pressure to do things quickly (rather than to do them well, necessarily), then your priority is speed. Reply fast and zero your inbox. 

As Travis Springer (President at Sagiss) writes: 

“AI is changing the way phishing looks and feels, but the deeper issue is that employees are making decisions under constant pressure.”

The technology raises the ceiling for attackers, and workplace habits lower the barrier to success.

A familiar problem, but newly optimised 

Phishing has always relied on trust and timing. AI gives threat actors a way to elevate both.

Messages arrive with credible language, accurate formatting, and contextual cues that match real workflows. Maybe it’s an invoice reminder that mirrors a recent purchase, or a document request that fits with a live project. Maybe it’s just the way the message reads – with the authentic tone of a manager. 

The margin for error here is different. Traditional red flags aren’t there to be spotted, and the cost of a split-second response increases. 

The report shows us that AI hasn’t introduced a new category of phishing threat – but it enhances an existing one significantly. 

For cybersecurity leaders and educators across industries and organisations, there are some lessons to learn here: 

• Refocus phishing training around behaviour, not just detection. Make sure everyone understands the impact of decision-making under time pressure, especially outside core working hours.

• Build friction into high-risk actions. Simple controls such as link previews, secondary confirmations, and delayed execution can interrupt automatic responses.

• Line security up with workflow tools. Detection and response need to sit inside email, chat, and collaboration platforms where phishing now operates most effectively.

AI has made phishing more fluent and believable. But it works so well because of the way work gets done – fast, distributed, and at all times of day and night. Strengthening resilience now depends on addressing both sides of that equation.