Can AI write better phishing than a human today?
When security analysts imagined a fraudulent email just a few years ago, it was usually a poorly translated text full of grammatical errors, suspicious links and obvious intent to deceive. That’s no longer the case. With the advent of generative artificial intelligence, specifically large language models (LLMs) such as GPT-3, GPT-4 or open-source variants, phishing attacks have transformed into a new, extremely sophisticated form.
Today it is possible to generate an email that:
- exactly replicates the communication style of the CEO or board member,
- contains no grammatical or stylistic errors,
- is tailored to the specific recipient – including links to actual internal projects, department names, current company events or tools used.
In practice, this means that a phishing message can look like a genuine management request, a call for invoice approval, or a response to a recent meeting. This realism is what makes modern phishing so dangerous – and difficult to detect.
AI automation: thousands of attack variations in minutes
AI-driven phishing is not just “better writing”. It’s a revolution in attack scalability. While classic spear phishing required hours of manual work, now an attacker can automatically:
- Analyse publicly available profiles (LinkedIn, GitHub, company websites),
- identify the organisational structure and decision-making powers,
- generate hundreds of unique emails corresponding to specific roles in the company (accountant, lawyer, IT administrator),
- send personalised messages in different languages.
Moreover, in combination with multimodal AI, phishing can include:
- deepfake profile pictures(e.g. a new colleague from HR),
- voice deepfakesmimicking the real voice of the supervisor,
- fake video messageswith a synthetically generated face of a known person.
The result is a combined attack that attacks not only logic, but also the trust and emotional response of the victim.
Defense? Traditional tools are not enough for the new phishing
LLM-based phishing detection can no longer rely on traditional signatures or blacklists. The key pillars of modern defense are:
1. Zero Trust as a default strategy
The principle of “never trust, always verify” is gaining importance in the AI era. Even if a message looks perfectly authentic, it needs to be verified:
- the user’s identity and authentication method,
- evaluation of typical user behaviour,
- the context of the request (e.g. payment approval),
- the location and facility from which the request came.
2.UEBA – behavioural analysis of users and entities
Systems such asSecuRadar Completeuse User & Entity Behavior Analytics to detect deviations from normal behavior – such as a new access pattern, a change in login time, an attempt to circumvent policies, or a sudden change in email style.
3.Synthetic content detection
Tools for analyzing generated content look for synthesis features (e.g. AI watermarking), use language models for contrastive style matching, and work with cloud-based security solutions to filter inauthentic data.
4.Advanced email security stack
IntegrationMicrosoft Defender for Office 365,Defender for EndpointaMicrosoft Sentinelenables not only threat detection, but also automatic classification, reporting according to the MITRE ATT&CK framework and immediate incident response.
Why is it worth investing strategically in protection?
The message may look perfect – but human error is still the most common entry point for a successful attack. Investing in technology must go hand-in-hand with educating users, setting security policies and using managed services that protect the business 24/7.
SecuRadar, as a fully managed security service from System4U, provides:
- complete coverage of Microsoft 365, endpoints, network and cloud storage,
- real-time detection of advanced threats,
- automated classification of incidents according to priority,
- support in mitigating and reporting security events.
Cyber resilience starts with trust – but not blind trust
Phishing built on generative AI is not a question of the future – it’s the current reality. Organizations that continue to rely on traditional antivirus and passive monitoring are becoming easy targets. The path to resilience is through Zero Trust, continuous detection and strategic use of managed security services.
Without the right tools, you can’t tell a fake email from a real one. But with advanced monitoring and analytics, an attack can be stopped before it causes damage.
