For years, spotting a phishing attempt was almost a game. Weird wording, bad spelling, some random link from a “bank” you don’t even use. Easy enough, right? That world is fading fast, folks. New research from KnowBe4 suggests things have changed in a very big way. You see, the company says 86 percent of phishing attacks are now driven by AI, which honestly lines up with what many of us have been seeing lately. These messages are cleaner, more convincing, and a whole lot harder to dismiss at a glance. The old red flags are still there sometimes, but not nearly as often. What really stood out to me is how phishing is no longer just about email. Attackers are spreading out into tools people rely on every day. Calendar invites are being used as bait. Messaging platforms like Microsoft Teams are getting hit harder too. These are places where people tend to trust what they see, especially when it looks like it’s coming from a coworker or someone inside the company. And that is the other problem. These attacks are getting personal. The report points out a rise in internal impersonation, where attackers pretend to be someone on your team. Not a random CEO. Not a fake IT alert. Someone you actually work with. That is a much tougher thing to question when you are just trying to get through your day. On the technical side, things are getting sharper as well. There has been a big increase in attackers using reverse proxies to grab login credentials, especially tied to Microsoft 365 accounts. Pair that with AI-generated messages that sound natural, and you end up with scams that feel a little too real. What we are seeing now is not just more phishing. It is smarter phishing. Coordinated, multi-channel, and built to blend in instead of stand out. You might get a message in chat, then a calendar invite, then an email, all pointing you in the same direction. That kind of setup can trick even careful users. Here is where I think things get uncomfortable. If attackers are using AI this aggressively, companies may not have much of a choice but to fight back with AI of their own. Human awareness training still matters, sure, but it might not be enough on its own anymore. If one side is automating and scaling attacks with precision, the other side risks falling behind without similar tools. That does not mean blindly trusting AI to save the day. But ignoring it could leave organizations outmatched. And judging by these numbers, that gap may already be starting to form. Author Brian Fagioli Brian Fagioli is a technology journalist and founder of NERDS.xyz. Known for covering Linux, open source software, AI, and cybersecurity, he delivers no-nonsense tech news for real nerds.