Jack Chapman, SVP of threat intelligence, KnowBe4.
Cyber attackers are using AI to launch significantly more sophisticated attacks, and are increasingly using compromised accounts and legitimate platforms to bypass traditional security safeguards.
This is according to KnowBe4’s SVP of threat intelligence, Jack Chapman, who outlined key findings of KnowBe4’s latest Phishing Threat Trends Report in a recent webinar hosted in partnership with ITWeb.
Chapman said the latest report found there had been a 14% increase in attack volumes in the past year, with a significant jump in the sophistication of attacks. “We found a 5.1% increase in the use of AI and a 44% increase in the number of attacks that bypass security mail gateways and platform security, which is a huge increase in the number of successful attacks,” he said.
“52% of attacks are sent from compromised accounts that may be in the user’s supply chains and recent history, which enables attackers to bypass traditional security safeguards. We are also seeing increased use of legitimate platforms, with a 69% increase in attacks sent from legitimate and trusted platforms like Canva, Paypal, Dropbox, Docusign and SharePoint.
“Exploitation of legitimate platforms has exploded since 2024 and has been successful enough for us to conclude that this attack vector is here to stay,” Chapman warned.
“Polymorphic attacks, in which each e-mail has a slight change, were historically limited to changes in just the subject line or the alias name. However, they now use AI to alter the body text to make each e-mail unique and beat traditional security solutions based on block lists,” he noted.
“Another key tactic is obfuscation, including HTML smuggling. We are seeing it in payloads and the bodies of e-mails. We are also seeing continued use of mobile-focused attacks – especially in after-hours attacks. Attackers are lengthening their kill chain and going for multi-channel attacks. It may start with e-mail, but through that they may try to go into your phone, or even your physical security systems,” Chapman said.
Chapman said KnowBe4 had also found a huge rise in vishing attacks, which now use LLM technology to carry out real conversations.
“The bad news is that deepfake technology and conversational bots are becoming more sophisticated. 5% of attacks use a phone number as the sole payload – a 449% increase on the year before. Looking forward to 2026, we expect it to become a standard attack vector.
“A key finding is that AI is being weaponised, to enhance the depth and breadth of attacks, enabling automation, scalability and speed to attacks, while also unlocking new capabilities that were previously only available to nation state attackers,” he said.
“AI is being deployed to personalise phishing attacks to make e-mails more credible, addressing the recipient by name and using seemingly random details to make the user believe the e-mail is legitimate. Attackers are also adding depth to their attacks by using deepfake images, audio and video to create credibility. They are also analysing how we speak through e-mail communication and cloning our voices to create deepfake audio,” he said. “Our predictions are that these threats will continue to evolve and attacks will become more personalised.
“It’s very important to secure our AIs as well, and train our AI agents to be robust. We are going into a world where it’s people plus AI, so we need an end-to-end approach to securing both. We recommend that organisations use smart technology to combat threats, be proactive in enabling the workforce of the future, and take a holistic approach to security,” he concluded.
