AI Now Writes 82% of Phishing Emails Hitting Inboxes

For two decades the easiest way to spot a phishing email was to read it. Clumsy grammar, odd phrasing, and obvious spelling mistakes gave the game away. That tell is gone. Generative AI writes flawless, fluent email in any language and any tone, and attackers have adopted it wholesale. The numbers are stark: AI generated phishing surged roughly fourteen times in December 2025 compared with earlier months, and by early 2026 it accounted for about 82.6% of phishing attacks. Phishing remains the workhorse of cybercrime, appearing in roughly 36% of all data breaches.

Key Takeaways

• By early 2026, an estimated 82.6% of phishing emails were generated or assisted by AI, after roughly a 14x jump in AI phishing volume in December 2025.
• AI removes the classic warning signs: messages now have perfect grammar, accurate company details, and personalization pulled from public data.
• Phishing is the initial attack vector in roughly 16% of breaches and appears in about 36% of all breaches, making the inbox the single most attacked surface in security.
• Many phishing emails also carry a tracking pixel, which silently confirms to the attacker that your address is live and being read before they escalate.
• Defense now depends on verifying the sender domain, never trusting a display name, using passkeys or MFA, and limiting what your inbox quietly reports back.

What Does "82% AI Phishing" Actually Mean?

It means that the large majority of phishing email now passing through inboxes shows signs of being written or shaped by a language model rather than typed by hand. Security vendors detect this through linguistic analysis, infrastructure patterns, and the sheer volume and consistency of campaigns that would be impossible for small human teams to produce. The figure does not mean AI invented a brand new attack. It means the oldest attack in the book got an industrial upgrade.

The cost side collapsed at the same time. A convincing, targeted phishing email used to take a skilled operator time to research and write. Now one prompt produces hundreds of variants, each tuned to a different target, in seconds. Volume went up, quality went up, and the price per attempt went down.

How Did AI Change Phishing Emails?

AI changed phishing in four concrete ways. First, language: messages are now fluent and idiomatic, so the grammar based instinct that protected people for years no longer fires. Second, personalization: models stitch together your name, job title, employer, and recent public activity into a lure that reads like it was written specifically for you. Third, scale: the same campaign can be rewritten into thousands of unique versions, which defeats filters that match on a known phrase. Fourth, multi channel: AI generated voice and text now back up the email, so a message can be followed by a convincing phone call from the same supposed sender.

We have already seen this play out inside Gmail itself, where attackers abused an AI feature to plant a fake security warning, a case we covered in our report on the Gemini summarize prompt injection in Gmail.

Why Are These Emails So Hard to Catch?

They are hard to catch because the signals defenders relied on were mostly about sloppiness, and AI is not sloppy. Spam filters historically leaned on repeated phrases, bad grammar, and known malicious templates. When every message is unique and polished, those signals weaken. The human reviewer is in the same position: there is no longer an obvious tell to point to in a training session, because the obvious tells were removed.

What has not changed is the infrastructure underneath. The link still points somewhere, the sender domain is still not the real one, and the request is still for credentials, money, or a click. Those are the things worth checking, because the prose will not save you anymore.

What Role Do Tracking Pixels Play?

Tracking pixels give attackers reconnaissance. Many phishing and pre attack probing emails carry the same invisible one pixel image that marketers use. When you open the message, the pixel reports back that your address is live, that a real person reads mail at that address, and roughly when you are active. That single open turns a guessed address into a confirmed, high value target, and it often precedes the email that actually tries to steal something.

Blocking remote images and tracking pixels denies attackers that free intelligence. If the pixel never loads, the sender cannot confirm that you exist or that you read the bait, which is one reason a pixel blocker is a quiet but real part of email hygiene.

How Do You Protect Your Gmail?

• Verify the sender domain, not the display name. AI makes the name and signature perfect. Click into the actual address and check the domain character by character.
• Never act on urgency. The pressure to pay, log in, or reset right now is the oldest manipulation in phishing, and AI writes it more persuasively than ever.
• Use passkeys or MFA. A stolen password is far less useful when the account also needs a hardware backed second factor.
• Block tracking pixels. Stop your inbox from confirming to attackers that your address is live and read.
• Report, do not just delete. Reporting phishing in Gmail trains the filters that protect everyone.

For the pixel side specifically, our guide on how to block email tracking in Gmail walks through every option.

The Bottom Line

AI did not invent phishing, it industrialized it. The defense that worked for twenty years, reading the email and trusting your gut about the grammar, is now actively misleading. The reliable checks are structural: the sender domain, the link destination, the request itself, and how much your inbox quietly reveals about you before you have even decided whether to trust the message. Close those gaps and the polished prose stops mattering. For Google's own breakdown of the techniques now reaching Gmail, see Google's June 2026 scam advisory.