A recent study conducted by IBM’s X-Force Red has raised concerns about the evolving threat of AI-generated phishing emails, which are predicted to become more effective and damaging than the current email-based attacks.
Furthermore, the research aimed to provide an objective assessment of this alarming trend by comparing the performance of AI-generated phishing emails with human-generated ones within a healthcare firm. The investigation revealed that AI is capable of producing phishing emails significantly faster than humans, with AI taking only five minutes compared to the 16 hours it took human social engineers. However, the study highlighted that human-generated phishing emails are presently more effective, attributed to emotional intelligence, personalization, and compelling headlines.
Additionally, the results of the study showed that while the human-generated phishing emails achieved a 14% click rate, the AI-generated emails were not far behind, with an 11% click rate. Notably, 59% of the AI emails were reported as suspicious, compared to 52% of the human emails. Despite these findings, the study raised questions about the potential for improvement in AI-generated phishing emails. AI is still in its early stages, and prompt engineering plays a pivotal role in its performance. The research also emphasized the uncertainty surrounding how much AI, whether publicly available or employed by criminals, will advance in the coming years.
The study’s findings suggest that the future of AI-generated phishing attacks remains uncertain, with the potential for AI to improve and become more human-like, leading to increasingly devastating phishing campaigns. These evolving threats underscore the need for heightened vigilance and proactive cybersecurity measures to protect against the growing sophistication of AI-powered attacks in the years to come.
