Phishing attacks have long been the backbone of cybercriminal operations, but the landscape is undergoing a dramatic transformation. Eyal Benishti, CEO of IRONSCALES, explains that artificial intelligence is fundamentally reshaping phishing, turning what was once a manual, error-prone process into a continuous, autonomous operation. Attacks are now "highly contextual" and can execute across reconnaissance to delivery without human involvement, he said in a recent interview.

Benishti warns that the very definition of phishing is expanding. "Phishing can be a voice or even a face on the screen," he explains, highlighting how multimodal attacks across communication channels are eroding trust across digital interactions. This evolution, which Benishti dubs "phishing 3.0," represents a model where attacks are multi-step, multi-channel, and fully automated. Instead of relying on known malicious indicators, these attacks focus on intent, using sophisticated social engineering to manipulate users into taking actions they should not.

The Evolution of Phishing: From Spam to AI-Powered Attacks

To fully grasp the significance of this change, it is helpful to look at the history of phishing. The earliest phishing attacks, often called "phishing 1.0," were crude: bulk emails with obvious misspellings, generic greetings, and poorly forged sender addresses. These attacks relied on sheer volume to catch the few recipients who would fall for them. The success rate was low, but the cost of sending millions of emails was equally low.

Phishing 2.0 introduced targeted attacks, known as spear phishing. Attackers began researching their victims, using information from social media, corporate websites, and data breaches to craft personalized emails. These attacks were more convincing and had a higher success rate, but they required significant manual effort from attackers. Each campaign needed careful planning, manual reconnaissance, and individual crafting of messages.

Now, phishing 3.0 changes the game entirely. "It’s all about the intent … can we make someone do something they’re not supposed to do?" Benishti says, underscoring the shift from threat detection to behavioral manipulation. In the phishing 3.0 model, AI agents handle the reconnaissance, message generation, delivery, and even follow-up interactions. The attacker no longer needs to personally craft every email or phone call; the AI does it all, learning from each interaction and adapting in real time.

AI-Driven Attacks: Contextual and Multimodal

The distinguishing characteristic of phishing 3.0 is its contextuality. Traditional phishing emails often contained generic lures, such as a fake package delivery notification or a password reset request. AI-powered attacks, on the other hand, can leverage a deep understanding of the target's role, recent activities, and communication patterns. For instance, an AI might generate a message that refers to a real project the target is working on, mention a colleague's name, or even mimic the writing style of a company executive.

Moreover, these attacks are not limited to email. Benishti highlights that phishing now occurs across voice calls, text messages, social media platforms, and even video conferencing. Deepfake technology enables attackers to spoof the voice of a trusted person or, in some cases, create a realistic face on a screen. This multimodal approach makes it extremely difficult for users to identify a scam. The trust that people place in familiar voices or faces is being systematically exploited.

Why Traditional Defenses Are Falling Behind

Legacy security tools, such as spam filters and basic email gateways, were designed to detect known malicious indicators. They look for suspicious IP addresses, malicious attachments, or known phishing URLs. But AI-generated phishing messages often contain none of these red flags. They use legitimate infrastructure, benign URLs, and personally relevant content. By the time a security team identifies a new pattern, the AI has already adapted and created a new variant.

Benishti emphasizes that defenders must adopt the same technologies that attackers are using. "AI agents," he argues, "can help organizations move from reactive defense to continuous threat anticipation." Instead of waiting for an attack to happen and then cleaning up, AI agents can analyze user behavior, communication patterns, and threat intelligence to predict and block attacks before they reach the target. These agents learn from each new threat, building a dynamic defense that evolves along with the attack landscape.

Background on Eyal Benishti and IRONSCALES

Eyal Benishti is a well-known figure in the cybersecurity industry. As CEO of IRONSCALES, he leads a company focused on combating modern social engineering and AI-driven threats. Benishti holds a background in computer science and mathematics, and his career includes roles as a security researcher, reverse engineer, and malware analyst. He is also a member of the Forbes Technology Council, where he shares insights on cybersecurity and artificial intelligence.

IRONSCALES has developed a platform that leverages AI and human intelligence to detect and respond to phishing attacks. The company's approach involves using AI to automate threat detection and response, while also providing tools for security teams to investigate and remediate incidents. This blend of automation and human analysis is designed to keep pace with the speed and sophistication of AI-powered attacks.

Key Facts and Implications for Organizations

The transformation of phishing has several critical implications for organizations. First, email security can no longer rely solely on static rules or signature-based detection. Businesses must invest in AI-driven security tools that can analyze behavior, intent, and context. Second, employee training needs to evolve. Traditional phishing awareness programs that teach users to check for spelling errors or suspicious URLs are no longer sufficient. Training must focus on broader awareness of multimodal threats, deepfakes, and social engineering tactics.

Third, the concept of trust itself is being redefined. As Benishti notes, attackers are now able to mimic not only text but also voices and faces. Organizations need to establish verification protocols for any request that involves sensitive actions, such as fund transfers or data access. This could include out-of-band verification, such as a call back to a known number, or the use of digital signing tools.

Fourth, the speed of attacks is accelerating. Because AI can generate and deploy new variants in seconds, the window for human response is shrinking. Automated defense systems are becoming a necessity, not a luxury. Security operations centers must embrace AI agents that can analyze threats and take action without waiting for a human analyst to review an alert.

Finally, the rise of phishing 3.0 highlights the need for collaboration across the industry. Threat intelligence sharing, combined with AI-driven analysis, can help organizations stay ahead of emerging attack patterns. No single organization can defend against the full spectrum of AI-powered phishing alone.

For Benishti, the path forward is clear. Defending against this new wave of attacks requires adopting the same technologies that attackers use. AI agents, he argues, can help organizations shift from a reactive posture to one of continuous threat anticipation. Instead of waiting for a breach to occur, companies can use AI to simulate attacks, detect anomalies in user behavior, and autonomously neutralize threats before they cause harm.

The era of phishing 3.0 marks a fundamental reset in the threat curve. Cybercriminals have gained a powerful new tool in AI, and they are already using it to launch more sophisticated, more personalized, and more relentless attacks. Organizations that fail to adapt will find themselves increasingly vulnerable. Those that embrace AI as both a challenge and an opportunity may be able to turn the tide and protect their digital assets in an age of autonomous deception.

Source: Darkreading News