Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI is making phishing attacks easier to create and scale. Tasks that once required manual effort can now be automated, allowing attackers to generate realistic messages, launch campaigns, and adapt tactics quickly to evade security controls. In fact, KnowBe4’s 2025 Phishing Threat Trends Report found that more than 73% of phishing emails analyzed in 2024 showed signs of AI involvement. As a result, phishing threats are becoming harder to detect using traditional methods alone.

On April 6, 2026, Microsoft Defender Security Research published an advisory detailing a large-scale phishing campaign that leverages the OAuth Device Code Authentication flow to compromise Microsoft 365 accounts across organizations globally. This campaign represents a significant evolution from manual social engineering to fully automated, AI-driven attack infrastructure.

When it comes to email security, phishing and other social engineering attacks tend to grab headlines. But a simple mistake by an employee, like addressing an email to the wrong person, can be just as damaging. Misdirected emails like these remain one of the most common and costly forms of accidental data exposure.

Email security often focuses on incoming threats such as phishing, malware, and malicious links, but outbound email security is just as important. According to KnowBe4’s 2025 State of Human Risk Report, nearly half of cybersecurity leaders say misdirected emails sent by employees have caused security incidents. These mistakes typically happen when employees send messages to the wrong recipient, attach the wrong file, or unintentionally share sensitive information.

Organizations have traditionally treated phishing emails as a technology problem to be solved with spam filters and secure email gateways. But with phishing attacks on the rise, these tactics are no longer enough. KnowBe4’s 2025 Phishing By Industry Benchmarking Report found a 47% increase in phishing attacks that bypass Microsoft’s native defenses and secure email gateways. Why do they succeed? Because they exploit reliable human behavior.

BlueVoyant researchers have uncovered a broad, multi-pronged phishing campaign targeting Spanish-speaking users in organizations across Latin America and now Europe as well. While recent industry intelligence heavily documented attacks utilizing WhatsApp to deliver banking trojans under the umbrella of the Brazil-based eCrime group Augmented Marauder (a.k.a.

A finance employee receives an email that appears to come from the CFO requesting urgent payment approval. The message references a current project, uses the correct tone, and arrives at a plausible time. However, the email wasn’t written by a colleague — it was generated by AI. And it contains a malicious link. These attacks are becoming more common as threat actors use AI to produce convincing phishing emails, automate impersonation attempts, and launch social engineering campaigns at scale.

Arctic Wolf has recently observed a phishing campaign targeting Microsoft 365 that abuses the OAuth device code flow to trick victims into providing authentication codes. Threat actors use Railway’s Platform-as-a-Service (PaaS) infrastructure (a trusted cloud platform with valid IP addresses) to host attack components, allowing the activity to blend in with normal traffic. This enables threat actors to steal valid access and refresh tokens and bypass multi‑factor authentication protections.

Researchers at LayerX warn that custom fonts can fool AI web assistants into thinking phishing pages are benign, while the human user sees something completely different. “There is a structural disconnect between what an AI assistant analyzes in a page’s HTML and what a user sees rendered by the browser,” the researchers explain.

Researchers at Permiso warn that threat actors can plant phishing messages within Copilot AI summaries. Notably, the researchers found that attackers can trick Copilot into including internal information to craft a more targeted message.