AI enables cybercriminals to generate flawless, personalized phishing emails that bypass traditional filters and human vigilance. About 83% of all phishing emails are now AI-generated, with click-through rates as high as 44%. Effective protection in 2026 combines AI-based email security, rigorous verification procedures and next-gen awareness training that goes beyond “look for the misspelling.”
For years, you trained your employees to recognize phishing by spelling mistakes, strange senders and unnatural language. That approach worked as long as attackers drafted their messages manually. But those days are over. Large Language Models (LLMs, the technology behind tools like ChatGPT) now generate error-free, personalized phishing emails in perfect Dutch, tailored to your employees’ job title, sector and recent activities. In Belgium alone, Safeonweb processed about 10 million suspicious emails by 2025 and blocked nearly 200 million clicks to rogue websites. Despite this effort, the number of official incident reports to the CCB increased by 70%. In our article on cybersecurity trends 2026, we mentioned AI phishing as one of seven developments affecting Flemish companies. This article explains how the threat works, why your current defenses fall short and what approach will be effective in 2026.
How AI is rewriting the rules of the phishing game
AI has fundamentally changed the economics of phishing. Whereas it used to take an experienced attacker 16 hours to compose a convincing spear phishing email, an LLM generates the same result in five minutes. That efficiency improvement means criminals can send thousands of unique, personalized messages in the time they used to spend on a single email.
It goes beyond speed alone. AI-generated phishing emails no longer contain misspellings, use proper forms of address and write fluently in Dutch, French or any other language the target expects. Indeed, by feeding previous correspondence from a CEO or supplier into a model, the AI can mimic that person’s word choice, rhythm and formality. The traditional advice “watch out for foreign language” is thus obsolete.
Numbers confirm this shift. According to security researchers, more than 80% of all detected phishing emails are now AI-generated. Click rates for AI phishing range from 30% to 44%, compared to 19% to 28% for traditional variants. In targeted spear phishing, AI even achieves click rates of 54%.
Five techniques affecting businesses by 2026
The impact of AI is not limited to better texts. It enables entirely new forms of attack that were previously unaffordable on a large scale.
1. Hyper-personalized spear phishing
AI agents automatically scan LinkedIn profiles, company websites and news stories to generate emails that reference specific projects, recent job openings or internal organizational changes at your company. The result is a message that feels so relevant that the critical threshold for clicks drops dramatically.
2. BEC 2.0 (CEO fraud with AI).
Business Email Compromise (BEC), better known in Belgium as CEO fraud, is the most damaging variant for SMEs. AI amplifies BEC by reading mailboxes for weeks, understanding billing processes and sending a message at the perfect time with a changed account number. The Eye Security Incident Response Report 2026 shows that BEC accounted for 70% of all incidents investigated among SMEs in the Benelux, even bypassing Multi-Factor Authentication (MFA) in 62% of cases. Febelfin reported that phishing generated nearly €49 million in loot for fraudsters in Belgium in 2024. Although banks were able to block 75% of the rogue transfers, the amount stolen remains substantial.
3. Polymorphic phishing
With each transmission, the AI generates a unique version of the phishing email: different synonyms, different sentence structure, different metadata in attachments. Because no two emails are identical, there is no common pattern that traditional filters can recognize. Each email is essentially a “zero-day” threat.
4. Conversational phishing
Instead of immediately sending a rogue link, the AI opens with an innocuous message: “Are you in the office?” or “Can you help me with a file?” The AI then engages in a dialogue across multiple messages to build trust. Only when the recipient is fully engaged does the malicious payload follow.
5. Combined attacks: text, voice and image
The most powerful attacks combine AI text with voice cloning and deepfake video. A phishing email is followed up by a phone call with your CEO’s synthesized voice confirming urgency. By 2025, 30% of organizations reported experiencing such AI-driven voice impersonations.
In addition to legitimate AI tools, an ecosystem of malicious LLMs such as WormGPT, FraudGPT and GhostGPT exists on the dark web. These models are specifically trained on malware code and phishing templates, without the ethical constraints of commercial AI. They lower the threshold so that even less tech-savvy criminals can launch sophisticated campaigns.
Why your email filter is letting these attacks through
Traditional email filters (Secure Email Gateways) operate on three principles: recognition of known malware signatures, blacklists of suspicious domains and keyword filters. AI phishing undermines all three.
Polymorphic mails have no recognizable signature because each mail is unique. Attackers increasingly use legitimate but compromised domains, or trusted services such as Google Drive and Dropbox, so reputation filters let the messages through. And because AI writes error-free, professional text, keyword filters that look for typical phishing indicators don’t hit anything.
Research shows that 70% of newly registered domains were classified as malicious by 2025, and 41% were deployed for attacks within a fortnight. That’s often faster than they appear on blacklists. The result: your standard email protection from Microsoft 365 or Google Workspace catches many of the known threats, but misses the AI-generated variants specifically designed to bypass these filters.
The time pressure makes it all the more urgent. The median time between sending an AI phishing email and the first click is only 21 seconds. The average “breakout time” (the time it takes an attacker to move through your network after the first breach) dropped to 29 minutes in 2025. At that rate, a reactive system that intervenes only after delivery simply cannot keep up.
Three layers of defense against AI-driven phishing
The solution is not a single tool, but a layered approach that combines technology, people and processes.
Layer 1: AI-based email security
To stop AI attacks, you need AI-based defense. Modern solutions build a communication profile of your organization. They know that your CEO doesn’t normally send rush orders to accounting on Sunday nights. When a compromised account exhibits anomalous behavior, the system recognizes the anomaly, no matter how perfectly written.
In addition, the implementation of DMARC, DKIM and SPF (authentication protocols that prevent email forgery) remains an indispensable first step. And given the 62% MFA bypass by attackers in the Benelux, moving to phishing-resistant MFA, such as FIDO2 hardware security keys, in 2026 is no longer optional but necessary.
Layer 2: next-gen awareness training
Classic “look for the spelling mistake” training is counterproductive in 2026. It trains employees to look for mistakes that AI no longer makes. Effective training focuses on behavior change: not “does this message look suspicious?” but “is this request correct, no matter what it looks like?”
Organizations switching to security behavior change programs with AI-generated simulations see a factor of 6 improvement in recognizing and reporting suspicious emails within six months. Employees recently trained report phishing four times more often than untrained colleagues. The focus shifts from punishing to rewarding: every reported suspicious email is a success.
For an overview of all the phishing variants your employees should recognize, including quishing and smishing, please see our previously published article.
Layer 3: process safeguards
Technology and training are not enough if your internal processes allow one person to approve a large payment based on an e-mail. Two measures are essential:
The four-eye principle: no financial transaction above a set threshold should be conducted by only one person.
Callback verification: whenever account numbers change or unusual payment requests are made, the employee calls back to a previously known phone number, not the number listed in the suspicious email.
This litigation defense is the most cost-effective measure for SMEs without their own Security Operations Center. And it is mandatory: NIS2 explicitly requires organizations to take measures for cyber hygiene and training (Art. 21(2)).
Test how your team responds to realistic attacks
Measuring your human vulnerability is the first step toward improvement. A phishing simulation mimics realistic attacks in a controlled environment. The average click rate in an initial simulation is between 20% and 30%. After 12 months of structural training and simulation, this drops to less than 5%.
But in 2026, simulations with the traditional “your package could not be delivered” emails will no longer suffice. Your simulations must be as sophisticated as the real threats: personalized, context-aware and without the recognizable errors that employees are trained to watch out for.
By testing regularly, you measure not only the click rate, but also the reporting rate (how many employees report the suspicious email?) and the response rate. Those metrics form the basis for targeted, continuous improvement of your human defense line.
Frequently asked questions about AI and phishing
Can AI really make phishing emails error-free?
Yes. LLMs generate grammatically perfect texts in any language, including Dutch and French. They adjust word choice, formality and even writing style based on sample texts. Spelling errors and foreign language are thus no longer a reliable landmark.
What is the difference between AI phishing and regular phishing?
Traditional phishing uses mass sent, generic messages with identifiable errors. AI phishing generates unique, personalized messages per recipient, tailored to function, industry and recent activity. As a result, the click rate is up to two times higher.
How do I protect my business when email filters are no longer enough?
Combine three layers: AI-based email security that applies behavioral analysis, next-gen awareness training focused on behavior change, and process-based safeguards such as callback verification and the four-eye principle in financial transactions.
Are SMEs also targets of AI phishing?
Absolutely. The Eye Security Incident Response Report 2026 shows that SMEs in the Benelux receive just as many security alerts as large companies, but have fewer resources to deal with them. BEC (CEO fraud) mostly affects companies in manufacturing, construction and transportation.
How often should I run phishing simulations?
Research shows that monthly simulations are the sweet spot for behavior change. Employees trained within the past 30 days are four times more likely to report suspicious emails than untrained colleagues. A one-time test is not enough.
Does NIS2 require protection against phishing?
Yes. The Belgian NIS2 law explicitly requires organizations in scope to implement cyber hygiene measures and cyber security training. Security awareness training and phishing simulations are directly covered by this.
Want to know how your employees react to AI-generated phishing? Cyberplan runs realistic phishing simulations that mimic the latest attack techniques tailored to your industry and organization. Find out where your vulnerabilities lie before attackers do. Book a no-obligation introductory consultation and discuss how to strengthen your human line of defense.
