AI Phishing Is No. 1 With a Bullet for Cyberattackers

AI-powered phishing has surged to become the top initial-access vector in Q1 2026, overtaking vulnerability exploitation, according to Cisco Talos incident response data. Over 35% of investigated compromises began with phishing. AI tools have enabled attackers to craft highly personalized, multilingual emails at scale, with polymorphic phishing campaigns now averaging just 1.8 emails before changing content. Microsoft data shows AI-assisted phishing achieves 54% clickthrough rates versus a 12% baseline. Attackers increasingly target privileged user credentials and abuse legitimate platforms like Gmail and Docusign to evade detection. MFA weaknesses were present in 35% of attacks. Security experts recommend organizations deploy AI defensively to counter AI-driven threats.