AI-generated phishing emails are moving from generic inbox clutter toward highly personal attacks aimed at corporate executives. The concern is not only that the messages look cleaner, but that they can be built from details pulled from a target’s online life and shaped to sound like a real company or person.
Companies including British insurer Beazley and ecommerce group eBay have warned that fraudulent emails are increasingly using personal details, probably gathered through AI analysis of online profiles. That shift makes phishing less like a broad spam campaign and more like a tailored attempt to exploit trust.
How AI changes the phishing playbook
The core threat described by cybersecurity experts is scale. AI bots can process large amounts of information about an individual or organization, then use that material to create a message that appears more relevant and more convincing than a standard phishing email.
Beazley’s Chief Information Security Officer Kirsty Kelly said the problem is becoming both worse and more personal. She said Beazley is seeing targeted attacks that have scraped "an immense amount" of information about a person, which is why the company suspects AI is behind many of them.
That matters because personalization can remove some of the friction that usually causes a recipient to pause. A message that references the right topic, reflects a familiar tone, or appears aligned with a company’s style can feel less suspicious at first glance.
According to the source, AI bots can help attackers in several connected ways:
- They can ingest large quantities of information about a company or individual.
- They can imitate tone and style to produce a more believable message.
- They can review a victim’s online presence and social media activity.
- They can identify topics that a target may be more likely to answer.
- They can help generate bespoke phishing scams at scale.
Why executives are being singled out
The article focuses on corporate executives because they are being hit by an influx of hyper-personalized phishing scams. These attacks are described as advanced cyber crime becoming easier as AI systems improve and become more widely available to consumers and businesses.
eBay cyber crime security researcher Nadezda Demidova said generative AI tools lower the entry threshold for advanced cybercrime. She also said eBay has seen growth in the volume of all kinds of cyberattacks, especially phishing scams that are "polished and closely targeted."
Kip Meintzer, an executive at security company Check Point Software Technologies, told a recent investor conference that AI had given hackers "the ability to write a perfect phishing email." The point is not that every phishing attempt will succeed, but that the quality bar for attackers can rise quickly when message drafting and personalization become easier.
For an executive target, a fraudulent email does not need malware to be dangerous. Researchers have warned that AI is particularly effective for business email compromise scams, a malware-free form of phishing in which fraudsters try to persuade recipients to transfer funds or share confidential company information.
The financial stakes are already large
The broader cybersecurity context makes the rise of AI-generated phishing more serious. More than 90 percent of successful cyber attacks begin with a phishing email, according to the US Cybersecurity and Infrastructure Security Agency.
The cost of breaches is also rising. According to IBM, the global average cost of a data breach rose nearly 10 percent to $4.9 million in 2024.
Business email compromise adds another layer of risk. According to the FBI, this kind of scam has cost victims worldwide more than $50 billion since 2013.
Those numbers explain why a better-written email is not a minor upgrade for attackers. If phishing remains a common starting point for successful cyber attacks, then tools that make phishing more convincing can increase pressure on companies that already rely on email filters, employee judgment and cyber security training.
Why existing defenses may struggle
AI-generated phishing may be harder for companies to detect because it can vary the language of each message. Basic filters often work by blocking repeated bulk campaigns, but that model becomes less effective when many versions of a message can be generated quickly.
Demidova said basic filters may struggle if AI is used to rapidly generate thousands of reworded messages. In that scenario, the attack is not just a single suspicious template repeated across inboxes. It becomes a stream of customized variations.
Sean Joyce, global cyber security lead at PwC, described AI as being used to scan for vulnerability, whether in code or in the human chain. That framing is important: the target is not only a technical flaw. The target can also be the moment when a person receives a plausible message and acts on it.
The implication for companies is straightforward. AI-generated phishing emails are not only a content problem, and they are not only a filtering problem. They combine scraped data, convincing language and scale, which means the human side of security is being tested alongside technical systems.
What the warning means
The evidence in the source points to a clear shift: phishing is becoming more tailored, more fluent and more difficult to dismiss as obvious fraud. Executives are seeing messages that appear to know more about them, their companies and the subjects likely to get their attention.
That does not mean every AI-generated message will bypass defenses. It does mean companies are facing a phishing environment where attackers can more easily produce messages that look polished, relevant and personal.
As AI tools continue to advance, the advantage for attackers is speed and adaptation. They can scrape, rewrite and target at a scale that makes basic email filtering and conventional training less reliable on their own. For businesses, that makes AI-generated phishing a central cyber security concern, not a distant future problem.