There’s a new kind of phishing threat growing fast — and it’s getting smarter by the day. It’s called AI-powered polymorphic phishing, and it’s quietly reshaping how we think about email security.

We’ve been tracking this trend closely, and the data is concerning. In February 2025 alone, we saw a 17% spike in phishing emails compared to the previous six months. What’s more, 76% of phishing attacks now include at least one polymorphic element, and 82% leverage AI in some form — a 53% increase year-over-year.

Let’s break down what’s going on and why it matters.

---

What Is Polymorphic Phishing?

Think of polymorphic phishing like a shape-shifter. It’s a phishing email that changes just enough details — subject lines, sender names, content structures — so that no two emails look exactly the same. The goal is to bypass pattern-based detection systems that rely on identifying common traits across phishing attempts.

Now, combine that with AI, and you’ve got a threat that’s not just evasive — it’s hyper-personalized, fast, and constantly learning.

---

How AI Is Supercharging These Attacks

AI isn’t just making phishing more effective — it’s redefining how cybercriminals operate. Here’s how:

• Bypassing Traditional Defenses: AI tweaks the delivery method, changes payloads, and adapts in real-time based on what works (or doesn’t). That means blocklists and static filters just aren’t enough anymore.
• Dynamic Email Content: Every recipient gets a unique message. That makes it much harder for secure email gateways (SEGs) and spam filters to catch them.
• Enhanced Personalization: AI scans social media, breached data, and public records to craft highly targeted messages — sometimes even mimicking someone the recipient knows.
• Continuous Adaptation: If a victim interacts but doesn’t fall for the bait, the system follows up — adjusting tone or urgency to re-engage.
• Improved Persuasion: Emails now mirror the tone, grammar, and style of real contacts, making them eerily believable.
• Spear Phishing with Deepfakes: AI-generated audio or video messages are increasingly part of high-level spear phishing campaigns targeting executives and admins.

This isn’t speculative. We’re seeing it in the wild right now.

---

How Are These Emails Getting Through?

Attackers have shifted their methods. Here’s how most polymorphic phishing messages are being sent:

• 52% via compromised accounts (trusted sources are harder to flag)
• 25% through phishing domains
• 20% via webmail services

Because these emails don’t match known attack patterns, standard detection techniques are starting to fall behind. In fact, grouping similar messages into campaigns — a common detection method — could be obsolete by 2027.