When AI Writes the Scam: Generative Models Fuel a New Wave of Phishing
Deepfakes, automated spear-phishing and model jailbreaks are lowering the cost of cybercrime. Firms are racing to build AI defenses — but strategy matters.
Deepfakes, automated spear-phishing and model jailbreaks are lowering the cost of cybercrime. Firms are racing to build AI defenses — but strategy matters.

Illustration by IMF Alpha editorial · Reviewed by Pedro Marini
Short version
Generative AI has turned social engineering from a craft into an assembly line. Personalized phishing emails, eerily convincing deepfake voicemails, and on-demand malware scaffolds can be produced in minutes. Treating this as just a hotter version of old phishing problems is a recipe for getting outpaced.
Why this matters now
In the past 18 months two practical barriers for attackers have dropped away: the need for fluent human writing and the time needed to scale. What once took a researcher a day or more — probing a target, drafting a bespoke message, chasing follow-ups — can now be scripted with prompt templates and cheap compute. The outcome is simple: much higher volume, and much more plausible social engineering. That combination hits organizations that still rely on signature-based defenses and one-size-fits-all awareness campaigns.
What we’re actually seeing
Market response — a messy sprint with different bets
Vendors are scrambling to put AI into detection pipelines. Expect more spending on behavior telemetry, anomaly detection, and AI-assisted incident response. Some incumbent defenders are piling on cloud analytics; newer firms are pitching XDR with built-in machine learning.
That said, slapping default detection models onto the problem has limits. Models trained on historical attacks can lag behind novel, AI-crafted threats. And there’s a concentration risk: many defenders depend on large models from a few cloud providers, which creates a single point of failure if those models are compromised or misused.
Practical moves for CISOs and boards
A counterpoint
AI helps defenders too. The same techniques can speed triage, add richer context to alerts, and automate containment — all things that reduce dwell time. The strategic question is whether organizations can adopt defensive AI fast enough without creating new single points of failure.
To be blunt
This isn’t a call to panic, but it does merit urgency. The economics of crime have shifted: low-skill actors now wield convincing tools. Those who combine stronger identity controls, tighter vendor governance, realistic simulations, and selective defensive AI adoption will have a real chance of keeping up.
Pedro Marini

As lawsuits and privacy rules squeeze scraped training sets, synthetic data firms are drawing capital and corporate deals. Practical wins, hidden risks.

From web-scraping lawsuits to paid, privacy-preserving feeds and synthetic substitutes — firms are buying better data to train safer, more valuable models.

Smaller models, smarter chips and privacy-first apps are turning phones and PCs into autonomous AI hubs — and the ripple effects will hit chips, apps and search.