Phishing emails used to be easy to spot. Bad grammar, suspicious sender addresses, generic greetings, and obvious urgency tactics gave them away. The average person with basic security awareness could identify most phishing attempts.

That’s no longer true. Generative AI has made it trivial for attackers to produce grammatically perfect, contextually appropriate phishing emails at scale. A phishing email in 2026 might reference your actual job title, company name, and recent projects — crafted from LinkedIn data and written with the polish of a professional business communication.

This is why AI on the defensive side has become essential. Here’s how it’s working.

Traditional Detection vs AI Detection

Traditional email security (spam filters, rule-based detection) looks for known indicators: blacklisted sender domains, suspicious URLs, attachment types associated with malware, and specific phrases commonly used in phishing (“verify your account,” “urgent action required”).

This approach catches known threats but misses novel ones. If an attacker uses a new domain, writes unique content, and avoids known trigger phrases, traditional filters won’t flag it.

AI-powered detection takes a fundamentally different approach. Instead of matching against known threats, it analyses patterns across multiple dimensions:

Behavioural analysis. Has this sender contacted you before? Does the communication pattern match their normal behaviour? If your CEO typically emails you on weekdays about project updates, an email from “your CEO” arriving at 2 AM on a Saturday asking for a wire transfer triggers behavioural anomalies.

Linguistic analysis. Natural language processing models analyse writing style, tone, and structure. They can detect subtle inconsistencies — a message that claims to be from a colleague but uses language patterns that don’t match that person’s typical writing style.

URL and link analysis. AI systems evaluate link destinations, domain age, registration patterns, and similarity to legitimate domains. A domain registered yesterday that’s one character off from your company’s domain gets flagged, even if it’s never appeared on a blocklist.

Header analysis. Email headers contain metadata about the message’s routing path. AI systems analyse this metadata for inconsistencies that suggest spoofing or relay through suspicious infrastructure.

What’s Working Well

Business Email Compromise (BEC) detection is where AI has made the biggest impact. BEC attacks — where an attacker impersonates an executive or vendor to request payments or sensitive information — are among the most financially damaging forms of phishing. They’re hard to catch with traditional filters because they contain no malware, no suspicious links, and no attachments. They’re just well-written emails asking someone to do something.

AI systems that model normal communication patterns within an organisation can detect BEC attempts with reasonable accuracy. If the “CFO” is emailing the accounts payable team from an unusual address, at an unusual time, with an unusual request, the AI flags it.

Microsoft’s Defender for Office 365, Google’s Gmail enterprise protections, and standalone tools like Abnormal Security and Proofpoint have all published data showing significant improvements in BEC detection using AI models.

Spear phishing detection has also improved. Spear phishing targets specific individuals with personalised content. AI systems that analyse the relationship between sender context, message content, and recipient behaviour can identify messages that don’t fit expected patterns.

Real-time URL evaluation is another strength. Rather than relying on static blocklists, AI systems can evaluate URLs at the moment of click, assessing the destination page’s content, visual appearance, and behaviour. Some systems compare the page to known login portals and flag convincing replicas.

The Arms Race

Attackers aren’t standing still. AI-generated phishing presents specific challenges for AI-based detection:

Style mimicry. Large language models can be prompted to write in specific styles. An attacker who has samples of your colleague’s writing can generate phishing emails that match their tone, vocabulary, and communication habits. This directly undermines writing-style-based detection.

Personalisation at scale. Previously, highly personalised spear phishing required significant manual effort, limiting its use to high-value targets. AI allows attackers to generate personalised phishing for thousands of targets simultaneously. Each email is unique, making pattern-based detection harder.

Evasion techniques. Attackers are using AI to test their phishing emails against detection systems, iteratively modifying content until it passes filters. This is essentially adversarial machine learning — using AI to defeat AI.

Deepfake voice phishing. While technically separate from email phishing, AI-generated voice calls that impersonate known contacts are increasingly used alongside phishing emails. A phishing email followed by a “confirmation call” from what sounds like the real person is devastatingly effective.

What Organisations Should Be Doing

AI detection is a critical layer, but it’s not sufficient on its own. A comprehensive anti-phishing strategy in 2026 should include:

AI-powered email security. If you’re still relying on basic spam filtering, you’re exposed. Modern email security platforms with AI capabilities should be baseline for any organisation handling sensitive data or financial transactions. The cost is modest relative to the risk.

Organisations that need guidance on integrating AI tools into their security stack can benefit from working with specialists who understand both the technology and practical implementation challenges. Firms providing AI implementation help can bridge the gap between buying a security tool and actually deploying it effectively.

Security awareness training that reflects current threats. Most security training still focuses on spotting obvious phishing — bad grammar, suspicious links, generic greetings. Training needs to evolve to address AI-generated phishing that doesn’t have these obvious markers. Teach people to verify unusual requests through separate channels (call the person directly, walk over to their desk) regardless of how legitimate the email looks.

Verification procedures for high-risk actions. Any request involving financial transactions, credential changes, or sensitive data access should require out-of-band verification. An email from the CFO asking for a wire transfer should always be confirmed by phone or in person, even if it looks completely legitimate.

Incident response planning. Assume that some phishing will get through despite your defences. Have a clear process for reporting suspected phishing, investigating incidents, and responding to compromised accounts.

The Individual Perspective

If you’re an individual, not managing an organisation’s security:

Enable two-factor authentication on everything. This limits the damage from credential phishing. Even if you enter your password on a phishing site, the attacker can’t access your account without the second factor (especially with hardware keys or passkeys).

Verify before acting. If an email asks you to do something unusual — click an unexpected link, download an attachment, transfer money, share credentials — verify through a different channel. Text the sender, call them, or ask in person. Don’t reply to the email itself, since the attacker controls that conversation.

Use a password manager. Password managers autofill credentials only on legitimate domains. If you visit a phishing site, the password manager won’t offer to fill in your credentials, which is itself a warning signal.

Report phishing. Most email platforms have a “report phishing” button. Using it helps train the AI detection systems and protects other users.

Looking Ahead

The phishing landscape in 2026 is more sophisticated than ever, and it will continue evolving as AI capabilities improve on both sides. The trend is clear: automated detection will become increasingly necessary as automated attack generation outpaces human ability to identify threats manually.

The good news is that defensive AI is keeping pace — for now. The organisations and individuals that invest in modern detection tools, maintain healthy skepticism about unexpected communications, and follow verification procedures for sensitive actions will weather this evolution. Those relying on outdated defences and human pattern recognition alone are increasingly vulnerable.

Phishing won’t be solved. But it can be managed. The key is accepting that the threat has fundamentally changed and updating your defences accordingly.