Cofense has released its latest threat intelligence report, The New Era of Phishing: Threats Built in the Age of AI, revealing a dramatic surge in phishing attacks fueled by artificial intelligence. In 2025, cybercriminals launched a malicious email every 19 seconds—more than double the rate of 2024, when attacks occurred roughly every 42 seconds. This acceleration marks a turning point in cyber threats, with AI now serving as a core operational tool for attackers, enabling them to scale, personalize, and adapt attacks at an unprecedented pace. Josh Bartolomie, Chief Security Officer at Cofense, emphasized the shift: “AI has fundamentally changed the economics and effectiveness of phishing. Threat actors are no longer just using AI as a novelty—they’re embedding it into their entire attack infrastructure. This allows them to generate thousands of unique email variants, tailor messages to individual victims, dynamically alter phishing pages based on the victim’s device, and evade detection in real time.” The report identifies five key trends defining today’s AI-powered phishing landscape: Polymorphic attacks are now standard. 76% of initial infection URLs were unique and unseen in prior campaigns, while 82% of malicious files had never been detected before. Attackers use publicly available data—such as organizational charts, social media profiles, and home addresses—to craft highly personalized messages that appear legitimate. Adaptive phishing pages respond in real time. These dynamic websites deliver different payloads depending on the victim’s operating system, browser, or device. For example, a PC user might receive a Windows executable, while a Mac user gets a macOS installer. Mobile users are directed to optimized credential harvesting pages. Some pages even detect security tools and redirect analysts to real websites, effectively hiding malicious activity from investigation. AI has perfected impersonation. Business email compromise (BEC) attacks have surged as AI eliminates linguistic red flags. Conversational attacks—text-only messages that mimic internal communications—now make up 18% of all malicious emails. These messages are grammatically flawless and contextually accurate, making them nearly impossible to detect with traditional filters. Legitimate tools are being weaponized at scale. Abuse of remote access software like ConnectWise ScreenConnect and GoTo Remote Desktop increased by 900% in volume. Attackers host files on trusted platforms such as Dropbox and AWS, use valid digital certificates, and communicate through established domains—making their actions appear fully legitimate to endpoint security systems. Attackers are moving to underused domains. Credential phishing campaigns using the .es top-level domain surged 51 times year-over-year, jumping from 56th to 3rd most abused. This shift is driven by AI-powered kits that automatically generate domains, deploy subdomains, and launch large-scale credential harvesting operations with minimal human input. As phishing evolves into a continuous, adaptive threat, organizations must move beyond perimeter defenses. Effective protection requires post-delivery visibility, human expertise, and automated response. Cofense’s platform combines real-world threat intelligence from over 35 million users with AI-driven detection and response to identify and neutralize threats in minutes, not hours. The report underscores the need for a defense strategy that unifies employee-reported intelligence, expert analysis, and automation to reduce response times and limit exposure. For the full report, visit: https://cofense.com/getmedia/89b0baae-8730-4188-a87f-91328e716b67/Cofense-Annual_Report_2026.pdf Cofense is a leader in intelligence-driven phishing defense, helping enterprises like Mastercard, UniCredit Bank, and Blue Cross Blue Shield strengthen their security posture through human-in-the-loop detection, realistic phishing simulations, and rapid remediation.