AI-Augmented Attacks (2026): Why Most AI Attacks Are Human Attacks

What Are AI-Augmented Attacks?

AI-augmented attacks are cyberattacks that use artificial intelligence to make phishing, impersonation, fraud, and social engineering more convincing, scalable, and harder to detect. Rather than inventing new attack methods, threat actors use widely available AI tools to supercharge tactics that already work, and they aim them at people. Common forms include AI phishing, AI voice phishing (vishing), deepfake video impersonation, business email compromise (BEC), and synthetic identity fraud.

Types of AI-Augmented Attacks At A Glance

Look at the right hand column. Four of these five land on a human being. Even the fifth usually needs someone to click, install, or approve first.

Why AI-Augmented Attacks Are Human Attacks

Let’s clear something up. The scariest headlines about AI in security are about autonomous malware and machines that hack on their own. The attacks actually emptying bank accounts in 2026 are far less futuristic. They’re phishing emails, voice calls, and video meetings, and they all end the same way: a person making a decision under pressure.

Threat actors take widely available AI tools and use them to scale and sharpen the tactics that already work, instead of inventing new ones. More convincing phishing. Cloned voices. Deepfake video on a “live” call. Faster identity fraud. The target isn’t your firewall. It’s your finance clerk, your new hire, your CFO.

That single fact should reshape how you spend your security budget. AI-augmented attacks are one of the main reasons organizations are moving from traditional security awareness training to Multi-Channel Human Risk Management: measuring, training, and testing how people actually behave across every channel attackers use, including email, voice, SMS, QR codes, callback scams, MFA prompts, and deepfake impersonation. You can’t patch a person. You can prepare one.

Here’s what’s really happening, what the numbers say, and what to do about it.

AI Changed The Economics of Attacks, Not The Playbook

It’s tempting to file “AI attack” under brand new threat. Don’t. The tactics winning today, phishing, pretexting, voice fraud, executive impersonation, are the same ones that worked five years ago. What changed is the cost of running them well.

Generative AI removed the three things that used to slow attackers down: time, language quality, and research effort. One operator can now spin up thousands of grammatically perfect, well researched, personalized lures before lunch. Early evidence of this shift showed up soon after ChatGPT became widely available, when SlashNext reported a 1,265% jump in malicious phishing emails and tied it directly to attackers adopting generative AI. Independent testing has shown AI models can produce highly convincing spear phishing emails in under five minutes, as CSO Online reported.

So don’t think “new weapon.” Think “same weapon, infinitely more of it, almost free to produce, and much harder to spot.” AI makes old attacks bigger, not new.

Here’s the shift in plain terms:

AI-Augmented Attacks Are Human Attacks

When you trace the breaches that actually cost money, a pattern jumps out: nearly all of them still hinge on a person. The AI builds the trap. A human still has to step in it.

Verizon’s 2026 Data Breach Investigations Report found a human element in 62% of breaches, reinforcing a trend that has stayed stubbornly consistent for years: a click, a handed over credential, a socially engineered phone call. Despite heavy investment in technical controls, attackers keep succeeding by targeting human behavior through phishing, social engineering, credential theft, and increasingly AI assisted deception. The attack surface AI is expanding is still the human one. (We break the full report down in our Verizon DBIR analysis.)

This is the part the hype keeps burying. You cannot deploy your way out of a problem that lives in human judgment. You can only train for it, and only on the channels where people will actually be hit. (If you’ve ever wondered whether phishing counts as social engineering, this is your answer: with AI, almost all of it does.)

The Four Categories, Explained

AI Phishing

Attackers feed a model a target’s job title, recent LinkedIn posts, and writing style, and get back a flawless, tailored email, message, or fake login page. The old giveaways, broken grammar, generic greetings, weird phrasing, are gone. It’s the highest volume category by far, and it has spilled out of the inbox into SMS, chat apps, and social platforms.

Go deeper in our guide to AI-powered phishing and how attackers use agentic AI for social engineering.

AI Voice Phishing (Deepfake Voice)

A few seconds of audio, scraped from a webinar, a podcast, even a voicemail greeting, is enough to clone a voice that fools a colleague. Attackers then call an employee, impersonate an executive or a supplier, and manufacture urgency around a payment or a password reset. Voice is the soft underbelly here: unlike email, a live call usually sits outside the controls most organizations rely on.

This is the fastest growing corner of the threat. Zscaler’s ThreatLabz 2025 Phishing Report found that as overall phishing volume fell, attackers pivoted to precision tactics like vishing and smishing, including a cloned voice scheme in which employees at a pharmaceutical company received urgent “executive” calls about a fake acquisition and wired roughly $35 million, as Zscaler documented. Fewer attacks, far more convincing. CrowdStrike’s 2026 Global Threat Report found vishing up 442% across 2024, with the first half of 2025 alone already topping all of 2024, much of it from attackers posing as IT help desk staff. Voice cloning now needs only about three seconds of audio, and CrowdStrike says synthetic voice has crossed the point where the average person cannot reliably tell it from the real thing, per CrowdStrike.

See exactly how AI voice cloning and caller ID spoofing works and the latest vishing statistics.

Deepfake Video And Impersonation

Deepfake video drags impersonation into the boardroom. Attackers no longer just email or phone as your CFO; they show up on the video bridge as a flawless copy of the whole leadership team, lip sync and all. It is the highest stakes form of AI impersonation, and as the timeline further down shows, it has escalated from a one off shock in 2024 to a nation state tool by 2026. The takeaway is not “deepfakes are terrifying.” It is that one trained instinct, one person who pauses to verify on a second channel, still beats the machine. More on this in what is deepfake phishing, how to spot a deepfake, and the mechanics of an impersonation attack.

AI Impersonation Attacks: The Common Thread

Step back and the first three categories are really one idea wearing different masks. AI impersonation attacks use generative AI to convincingly pretend to be someone a victim trusts, a CEO, a supplier, an IT admin, a job candidate, and that impersonation can arrive as a written message, a cloned voice, or a deepfake video. Cloned voice vishing, deepfake video calls, executive and supplier fraud, and synthetic identities in onboarding are all variations on the same play.

It is also where law enforcement is now focused. In mid 2025 the FBI warned that attackers were sending AI generated voice and text messages impersonating senior U.S. officials to trick recipients into handing over account access. Whatever the channel, the defense is the same: assume identity can be faked, and verify high stakes requests through a second, trusted channel before acting. See our breakdown of the impersonation attack and CEO fraud.

AI Fraud

For finance leaders, this all adds up to one word: fraud. AI fraud is what happens when these techniques succeed and money moves. It usually takes the form of business email compromise (BEC), fraudulent wire transfers, CEO fraud, and supplier or vendor payment fraud, now supercharged by AI written emails, cloned voices, and deepfake approvals that make a fake request look and sound legitimate. The scale is the concern: Deloitte’s Center for Financial Services projects that generative AI enabled fraud losses in the US could reach $40 billion by 2027, up from $12.3 billion in 2023. The most effective control is not a better filter; it is a hard rule that any payment or banking detail change is verified through a second, trusted channel, no matter who appears to be asking.

AI Assisted Malware And Automation

This is the category the headlines love and, so far, the least mature. Yes, attackers use AI coding assistants to write malware variants and obfuscate code. But fully autonomous, AI run attack chains are still rare and small. Finding a way in and moving quietly through a network still takes real skill, and today’s AI tools are noisy and error prone when they try it alone. (For the fuller picture, see our rundown of generative AI security risks.) Don’t let fear of “AI super malware” pull budget away from the attacks landing on your people right now.

Real World Examples: How AI Augmented Attacks Escalated (2024 to 2026)

Watch the curve. In two years, deepfake fraud went from a once in a while shock to a daily, nation state grade tool, and the playbook kept getting bolder.

January 2024, the call that started it all (Arup). A finance employee at the engineering giant Arup dialed into a routine video call. The CFO was there. So were familiar colleagues. Every face and voice on that call was a deepfake except the employee’s own. Reassured, they approved 15 transfers worth about $25.6 million in a single day, as CNN reported. It was the first deepfake heist most CISOs had ever heard of, and still the most expensive on record.

July 2024, the question that saved Ferrari. Months later, scammers cloned the voice and even the southern Italian accent of Ferrari CEO Benedetto Vigna and called an executive with an urgent, confidential request. The executive did the one thing the Arup employee did not: he asked something only the real Vigna could answer, the title of a book Vigna had recently recommended. The clone went quiet. The call ended. No money moved, per MIT Sloan. One human verification step beat the machine.

February 2025, a cloned minister and a billionaires’ list (Italy). The targets moved upmarket. Fraudsters used an AI clone of Italian Defence Minister Guido Crosetto’s voice to call the country’s business elite, including Moratti, Armani, Della Valle and the Beretta family, with an urgent ransom story. At least one wired roughly EUR 1 million before anyone checked, as Euronews reported. If a minister’s voice can be faked convincingly, so can your CEO’s.

2025, the $35 million acquisition that never existed. Employees at a pharmaceutical company took urgent “executive” calls about a secret acquisition and wired about $35 million, the voice cloned by AI (Zscaler ThreatLabz research). The Arup script, now routine.

March 2026, the fake new hire (North Korea). The newest twist is the most unsettling: deepfakes are no longer just for stealing a single payment, they are for getting inside. In March 2026, a suspected deepfake applicant cleared a video job interview at a Japanese IT company; analysts flagged an unnatural hairline, eyes that drifted out of alignment, and lip sync that lagged the audio, per UPI. This is a nation state operation. CrowdStrike tracks it as the North Korean group Famous Chollima and reported a 220% year over year jump in its activity, investigating 320 plus cases of operatives using AI built identities, resumes and live deepfake interviews to land remote IT jobs at Western firms, then plant malware and route salaries home. North Korea linked groups stole an estimated $2.02 billion in 2025 to fund the regime’s weapons programs, according to CrowdStrike via Fortune. Okta has flagged 6,500 plus such cases, and Mandiant’s CTO put it bluntly: nearly every Fortune 500 has unknowingly fielded applications from these operatives, and many have hired one.

The common thread across all of it: the technology changed, the target did not. Every case is social engineering, and a person, an employee, an executive, a hiring manager, is the one who has to decide whether to trust what they see and hear.

AI-Augmented Attack Statistics (2026)

The independent data all rhymes:

• Deepfakes are now everyday fraud. Entrust's 2026 Identity Fraud Report found deepfakes behind one in five (about 20%) biometric fraud attempts, with deepfake selfies up 58% in 2025 and AI driven injection attacks up 40% year over year.
• Executives are getting hit on calls. A 2025 Gartner survey of 302 cybersecurity leaders found 62% of organizations faced a deepfake attack in the prior year, 43% on an audio call and 37% on a video call, per Gartner's public newsroom release.
• Identity checks alone won't save you. Gartner predicted that by 2026, 30% of enterprises would no longer trust identity verification on its own because of deepfakes, a direct driver of rising identity fraud.
• The money trail is steep. Deloitte's Center for Financial Services projects generative AI enabled fraud losses in the US hitting $40 billion by 2027, up from $12.3 billion in 2023.
• The human element holds. The 2026 Verizon DBIR found a human element in 62% of breaches, and for the first time vulnerability exploitation (about 31%) overtook stolen credentials as the top initial access vector.
• Voice is the breakout channel. CrowdStrike's 2026 Global Threat Report recorded a 442% rise in vishing across 2024 (and the first half of 2025 alone already beat all of 2024), found 79% of detections were malware free, and clocked AI enabled adversary operations up 89% year over year.
• The losses are real and rising. The FBI's IC3 2025 Annual Report logged a record $20.9 billion in reported cybercrime losses (up 26%), crossed one million complaints for the first time, and, in its first year of tracking AI related crime as its own category, attributed nearly $900 million to it.
• And it accelerates from here. Gartner forecasts that by 2027, 17% of all cyberattacks and data leaks will involve generative AI, as reported by Cybersecurity Dive.

Read it together and the story is simple. AI made deception cheap, fast, and believable, and it's aimed straight at your people.

Why Email Only Awareness Training Is No Longer Enough

For twenty years, security awareness meant one thing: teach people to spot a dodgy email. That made sense when email was the whole battlefield. It isn't anymore.

The 2025 Gartner numbers, 43% of organizations hit by a deepfake on an audio call, 37% on video, describe attacks no email gateway and no email only training will ever catch. Arup lost $25 million on a video call. Vishing happens on the phone. Quishing hides in a printed poster or a PDF. Callback scams start with a harmless looking email and move the victim to a phone line where the real con plays out.

If your program only tests email, you're scoring one channel while attackers work all of them. Gamification lifts engagement, sure, but engagement alone tells you nothing about your exposure on voice calls, deepfakes, SMS, QR codes, and callbacks. That's the whole point of Multi Channel Human Risk Management: your training, simulation, and measurement should cover every channel an attacker can actually reach your people through. The data backs this up. The 2026 Verizon DBIR, the first edition to include voice and SMS phishing simulation data at this scale, and one Keepnet is named among the contributing organizations for, found that phone based phishing simulations drew a higher median click rate, about 2%, versus 1.4% for email. People are measurably easier to fool on the channels most awareness programs never test.

Attackers Personalize Every Attack. Why Is Your Training Still One Size Fits All?

Here's the asymmetry that should bother every CISO in 2026. Attackers now use AI to tailor every lure to the individual, their role, their tone, their relationships, what they posted last week. Most awareness programs still deliver the same annual training module to every employee, regardless of role, behavior, risk level, or attack exposure.

If the offense is personalized, the defense can't be generic. This is why Hyper Personalized Security Awareness has become a core pillar of Multi Channel Human Risk Management.

In practice, Hyper Personalized Security Awareness means that instead of one annual module, AI tunes the difficulty, channel, language, and timing of training and simulations to each person's real risk and behavior. We've written a full strategic guide to AI powered hyper personalized security awareness, and it's the same thinking behind agentic AI security awareness training. Your wire transfer handling finance team gets realistic deepfake and BEC scenarios. Your frequently traveling executives get voice and video impersonation drills. The new hire who keeps clicking gets gentler, more frequent reinforcement. Measuring human risk matters. Simulating it across every channel matters just as much. Do both, and behavior actually changes.

How To Defend Against AI-Augmented Attacks

A practical checklist:

1. Test phishing on every channel, not just email. Extend simulation and training to voice, SMS, QR, and callback scenarios.
2. Harden your high risk processes. Require out of band verification for payments, supplier detail changes, and password resets, exactly the "urgent and secret" setup that cost Arup $25 million.
3. Treat identity verification as one signal, not proof. Pair biometrics with liveness detection and human verification for high risk actions.
4. Personalize training to real risk. Move off annual, one size fits all modules toward adaptive, role based programs.
5. Simulate the attacks that are actually happening. Run deepfake voice, deepfake video, and multi channel phishing simulations so your people meet these attacks in a safe place first.
6. Measure exposure, not course completion. Track how people behave under realistic pressure.
7. Stay calm and double down on fundamentals. Don't let AI malware hype drag resources away from the human layer attacks doing the damage.

How Keepnet Helps

Keepnet is a Multi Channel Human Risk Management platform built for exactly this. Because AI-augmented attacks are human attacks, the defense has to live where they land: with your people, across every channel. At Keepnet, Multi Channel Human Risk Management is delivered through our Extended Human Risk Management (xHRM) platform, which combines simulation, response, measurement, and behavior change across every attack channel.

• AI phishing — AI powered Phishing Simulator plus adaptive security awareness training
• AI voice phishing — Vishing Simulator and Callback Phishing Simulator
• Deepfake video and impersonation — Deepfake simulation and executive focused scenarios
• SMS and QR attacks — Smishing and Quishing simulators
• One size fits all training gap — Hyper personalized, AI driven training tuned to each user's risk

The result is a program that measures, trains, and tests behavior across the channels attackers really use, and gets sharper and more personal over time. It's also why Gartner named Keepnet a go to vendor for stopping deepfake and AI disinformation attacks.

Sources

• Verizon, 2026 Data Breach Investigations Report: https://www.verizon.com/business/resources/reports/dbir/
• Keepnet contributes voice and SMS phishing data to the 2026 Verizon DBIR (Help Net Security): https://www.helpnetsecurity.com/2026/05/22/keepnet-verizon-dbir-2026/
• Entrust, 2026 Identity Fraud Report (deepfakes = 1 in 5 biometric fraud attempts; injection attacks +40%): https://www.entrust.com/company/newsroom/deepfakes-social-engineering-and-injection-attacks-on-the-rise
• Gartner, Why CIOs Can't Ignore the Rising Tide of Deepfake Attacks (Sept 2025): https://www.gartner.com/en/newsroom/press-releases/2025-09-02-why-cios-cannot-ignore-the-rising-tide-of-deepfake-attacks
• Gartner, 30% of Enterprises Will Consider Identity Verification Unreliable in Isolation by 2026 (Feb 2024): https://www.gartner.com/en/newsroom/press-releases/2024-02-01-gartner-predicts-30-percent-of-enterprises-will-consider-identity-verification-and-authentication-solutions-unreliable-in-isolation-due-to-deepfakes-by-2026
• Deloitte Center for Financial Services, generative AI fraud projection: https://www.deloitte.com/us/en/insights/industry/financial-services/deepfake-banking-fraud-risk-on-the-rise.html
• SlashNext, State of Phishing Report: https://siliconangle.com/2024/05/22/slashnext-report-finds-generative-ai-services-driven-huge-surge-phishing-attacks/
• CSO Online, AI model develops convincing phishing emails in 5 minutes: https://www.csoonline.com/article/656698/generative-ai-phishing-fears-realized-as-model-develops-highly-convincing-emails-in-5-minutes.html
• CrowdStrike 2026 Global Threat Report (vishing, 3-second voice cloning, AI adversary ops +89%): https://www.crowdstrike.com/en-us/press-releases/2026-crowdstrike-global-threat-report/
• CrowdStrike, Famous Chollima North Korean AI enabled insider operations (via Fortune): https://fortune.com/2026/05/14/north-korea-it-workers-stealing-billions-financial-firms-next-target-crowdstrike/
• FBI IC3 2025 Internet Crime Report ($20.9B losses, +26%, AI crime category ~$900M): https://www.ic3.gov/AnnualReport/Reports/2025_IC3Report.pdf
• MIT Sloan, How Ferrari hit the brakes on a deepfake CEO (2024): https://sloanreview.mit.edu/article/how-ferrari-hit-the-brakes-on-a-deepfake-ceo/
• Euronews, Scammers clone Italian defence minister's voice with AI (Feb 2025): https://www.euronews.com/2025/02/10/scammers-clone-italian-defence-ministers-voice-with-ai-in-ransom-scheme
• UPI, AI deepfake applicant in online hiring interview raises North Korea fears (Mar 2026): https://www.upi.com/Top_News/World-News/2026/03/20/nkorea-deepfake-online-hiring-interview/1741773979133/
• Gartner: 17% of cyberattacks will involve generative AI by 2027 (via Cybersecurity Dive): https://www.cybersecuritydive.com/news/ai-cyberattacks-malware-open-source-phishing-gartner/750283/
• CNN, Arup $25 million deepfake scam: https://www.cnn.com/2024/05/16/tech/arup-deepfake-scam-loss-hong-kong-intl-hnk
• Zscaler ThreatLabz 2025 Phishing Report (vishing/smishing precision shift): https://www.zscaler.com/blogs/security-research/beyond-inbox-threatlabz-2025-phishing-report-reveals-how-phishing-evolving
• FBI/IC3, AI generated voice and text impersonating senior US officials (May 2025): https://www.ic3.gov/PSA/2025/PSA250515