For two decades, one of the most reliable ways to spot a phishing email was its grammar. Awkward phrasing, obvious spelling mistakes, and stilted sentences were the fingerprint of a scam written by someone who did not speak English natively. In 2026, that signal is gone. Large language models write flawless English — and attackers have been using them at scale since at least mid-2024. The volume of convincing phishing attempts has increased by 340% in 18 months. Here is what changed, why traditional defenses failed, and what still works.
The New Phishing
Modern AI-generated phishing is not just grammatically clean — it is hyper-personalized. Attackers feed LLMs with data scraped from LinkedIn profiles, public social media, company websites, and data broker databases. The result is an email that knows your name, your employer, your manager's name, and sometimes your recent activity. An email that reads “Hi Sarah, following up on the Salesforce renewal you discussed with Mark last week” is not a mass-blast scam — it is a targeted attack generated in seconds using publicly available information.
The economics are brutal. Before LLMs, a convincing spear-phishing email required hours of manual research per target. Now the same quality attack can be generated for hundreds of targets simultaneously at near-zero marginal cost. A campaign that once required a professional social engineer now runs as an automated pipeline.
The FBI's 2025 Internet Crime Report documented a 340% year-over-year increase in reported losses attributable to phishing attacks with no detectable grammar or spelling errors — the category that most closely proxies AI-generated content. The attack surface is not just growing. It is being industrialized.
Threat Signal
In independent testing, security researchers found that AI-generated phishing emails had a click-through rate of 4.2% compared to 0.7% for traditional phishing — a 6x increase in effectiveness, with no increase in cost to the attacker.
Why Traditional Filters Fail
Traditional spam filters operate on a set of assumptions that AI phishing systematically invalidates. They look for keyword patterns: “urgent,” “wire transfer,” “your account has been suspended.” AI-generated emails avoid these phrases by using semantically equivalent language that does not match keyword blocklists.
They look for structural anomalies in HTML and formatting — signs of copy-paste jobs from previous phishing kits. AI-generated emails use clean, well-structured HTML that passes every formatting check. They look for bulk-sending patterns: the same message sent to thousands of addresses from the same IP. AI phishing campaigns send small, differentiated batches from freshly provisioned cloud infrastructure, bypassing volume-based detection entirely.
The filter is pattern-matching against a library of known threats. AI phishing generates novel content with every send. It is a fundamental mismatch.
The Signals That Still Work
While AI can generate perfect text, it cannot forge the underlying technical infrastructure of a legitimate email. These signals remain reliable:
- Domain age: Attackers register fresh domains for each campaign. A domain registered within the last 30 days sending a “critical account notice” is a strong indicator of a phishing attempt.
- SPF/DKIM/DMARC failures: Email authentication protocols verify that the sending server is authorized to send on behalf of the claimed domain. AI-generated content cannot forge these cryptographic signatures.
- Reply-to mismatches: The from address shows “support@paypal.com” but the reply-to is “harvest@mail293.net.” This mismatch is invisible to the reader but trivially detectable by a security layer.
- Brand homoglyphs: Substituting visually similar Unicode characters: “paypaI.com” (capital I instead of lowercase l), “arnazon.com,” “micosoft.com.” Automated detection catches these; human eyes often do not.
- Redirect chains: Links that pass through multiple redirectors before reaching a credential-harvesting page. Legitimate services use direct, clean URLs.
- Timing anomalies: Emails sent at unusual hours relative to the claimed sender organization's time zone, or with header timestamps that do not match the sending infrastructure.
Key Insight
AI can write the perfect email. It cannot forge a 5-year-old domain, pass DMARC validation on a brand it does not own, or hide the redirect chain its credential harvester requires. Detection has to move from content analysis to infrastructure analysis.
How Glance's 4-Tier Pipeline Catches AI Phishing
Glance's threat detection was designed around infrastructure signals, not content signals. This makes it effective against AI-generated phishing by design.
Tier 1 — Deterministic (0ms)
Every incoming email is checked against a continuously updated global blocklist of confirmed malicious senders, domains, and infrastructure. Known bad actors are blocked before any further analysis. This tier handles approximately 40% of threats.
Tier 2 — Behavioral Heuristics (<100ms)
SPF, DKIM, and DMARC authentication results are checked. Domain age is verified. The from address is compared against the reply-to. Links are inspected for homoglyph substitutions and redirect chains. These are the unfakeable signals that AI-generated content cannot circumvent.
Tier 3 — Reputation Network
Sender reputation is cross-referenced against Glance's network of protected inboxes. When the same sender triggers holds across multiple accounts, their reputation score degrades automatically. AI phishing campaigns that hit multiple Glance users are flagged on the first campaign send.
Tier 4 — AI Semantic Analysis (2-5s, on-demand)
For emails that pass Tiers 1-3 but remain in the grey zone (threat score 20-80), Claude AI performs deep semantic analysis — identifying urgency manipulation, impersonation intent, and contextual inconsistencies that heuristics alone might miss. PII is redacted before the API call. This tier provides human-level judgment at machine speed for ambiguous cases.
Critically, even if an AI-generated phishing email passes all four tiers — a near-impossible scenario given Tier 2's infrastructure checks — the Circle of Trust model provides a final human checkpoint. Unknown senders are held for gatekeeper review before delivery. The email never reaches the inbox until a trusted person approves it.
What You Can Do Today
Until automated protection is in place, these habits provide meaningful defense against AI-generated phishing:
- 01Hover over every link before clicking. Check that the actual URL matches the claimed brand. Any mismatch is a disqualifier.
- 02Treat urgency as a red flag, not a call to action. Urgency is the mechanism phishing uses to bypass your critical thinking. Any email demanding action within 24 hours deserves more scrutiny, not less.
- 03Verify unexpected emails through a second channel. Got a wire transfer request from your CFO? Call them. Got a password reset you did not request? Go directly to the site and log in — do not click the link.
- 04Enable two-factor authentication everywhere. Even if credentials are stolen via phishing, 2FA prevents account takeover in most cases.
- 05Use an email security layer that inspects infrastructure, not just content. Content-based filters are losing the AI arms race. Infrastructure-based detection is not.
Glance's 4-tier pipeline detects AI phishing through infrastructure signals that no language model can forge. Free to start, no credit card required.
Try Glance FreeFrequently Asked Questions
How do I know if a phishing email was written by AI?
You often cannot tell from the text alone. AI-generated phishing emails are grammatically perfect, contextually relevant, and frequently personalized with real details scraped from LinkedIn or social media. The signals that still work are technical, not linguistic: check the sender domain, look for SPF/DKIM failures, hover over links before clicking, and verify the reply-to address matches the from address.
Do traditional spam filters stop AI phishing?
Not reliably. Traditional spam filters were designed to catch bulk mail by looking for keyword patterns, blocklisted IP addresses, and structural anomalies. AI-generated phishing bypasses all three: the text is clean and natural, the sending infrastructure is often freshly provisioned, and the emails are sent in small batches to avoid volume-based detection.
Does using a VPN protect me from phishing emails?
No. A VPN encrypts your network traffic between your device and the internet, but it has no effect on the content of emails delivered to your inbox. Phishing attacks happen at the email layer, not the network layer. VPNs are valuable for protecting browsing privacy but are not a defense against phishing.
What should I do if I clicked a link in an AI phishing email?
Act immediately. Close the browser tab without entering any information. Change the password for any account the email claimed to be from. If you entered credentials, change them on the real site right away and enable two-factor authentication. Report the email to your IT team or email provider. If financial information was entered, contact your bank.
Stop AI Phishing Before It Reaches Your Inbox
Infrastructure-based detection that works even when phishing emails look perfect. Free to start — no credit card required.
Get Protected Free