KnowBe4 has revealed that 86% of phishing attacks are now powered by AI, highlighting a major shift in how cybercriminals execute social engineering campaigns, according to its latest Phishing Threat Trends Report Volume Seven.
The report underscores a move beyond traditional email-based attacks, with threat actors increasingly targeting collaboration platforms, calendar systems, and messaging tools. This evolution reflects how attackers are adapting to modern workplace environments where real-time communication tools are widely used.
“Phishing in 2026 is no longer confined to inboxes it’s multi-channel, AI-driven, and increasingly hard to detect,” said Jack Chapman.
Among the key findings over the past six months:
- 49% rise in calendar invite phishing attacks
- 139% surge in reverse proxy usage to steal Microsoft 365 credentials
- 41% increase in attacks via Microsoft Teams
- Growing shift toward multi-channel, coordinated attack strategies
- 30% of attacks involving internal impersonation tactics
The research highlights that phishing campaigns are becoming more targeted and sophisticated, leveraging AI to scale attacks while making them harder to detect. Attackers are no longer relying on a single entry point but orchestrating campaigns across multiple platforms simultaneously.
As organizations adopt more digital collaboration tools, the report stresses the need for a broader security approach—one that protects both human users and AI-driven systems against increasingly complex threats.
The full report provides deeper insights into evolving phishing techniques and the growing role of AI in shaping the cyber threat landscape.
