AI changed the economics of attacking. Convincing, personalised, multilingual social engineering used to take effort; now it's cheap and automated — and the 2025 numbers show it.
The new threat landscape
- An estimated 80%+ of phishing now uses AI in some form, and AI-generated phishing achieves a 54% click-through rate versus 12% for traditional campaigns.
- Deepfake incidents rose ~680% year over year; deepfake-driven phishing climbed over 310% between 2023 and 2025.
- 87% of organisations report experiencing an AI-driven cyberattack in the past year; the average AI-powered breach costs $5.72 million.
The uncomfortable truth: the cheapest, most scalable use of generative AI so far has been attacking people.
What defenders do now
- Assume voice and video can be faked — add out-of-band verification for anything involving money or access.
- Treat AI features as a new attack surface (see prompt injection), not just a defensive tool.
- Use AI on defence too: faster detection and triage are real wins — but the bar for human verification has gone up, not down.
Sources
- DeepStrike — AI Cyber Attack Statistics 2025
Written by ivector
Start a project →