AI Phishing Attacks Now 24% More Effective Than Humans: Here’s How to Fight Back

In this episode of the All Things Human Risk Management Podcast, Eliot Baker is joined by Pyry Åvist, Hoxhunt CTO and Co-Founder, to explore a milestone that quietly redefined the cyber threat landscape: AI spear phishing agents now outperform elite human red teamers - by 24%.

This isn't theoretical. Drawing from 50,000+ real-world phishing simulations, Pyry walks through how Hoxhunt’s AI benchmark project revealed a seismic shift: agentic AI isn’t just imitating phishing tactics - it’s exceeding human capability at scale, speed, and personalization.

‍

The moment AI outperformed human red teams

A March 2025 research milestone marked the turning point: agentic AI attacks, trained to operate autonomously within constraints, became more effective than those created by expert human adversaries.

“This wasn’t just GPT writing a fake invoice. These agents adapted, iterated, and manipulated based on context and beat the best human-crafted phish.”

‍

The failure of static training in a dynamic threat landscape

Legacy phishing simulations rely on prebuilt templates. But AI doesn’t use templates - it engineers deception in real time, at scale, with context.

“CISOs are still using playbooks from 2018. Meanwhile, AI is sending believable phishes customized to each recipient’s role, tools, and even personality.”

‍

Why checkbox training is no match for agentic attacks

Most security awareness programs still focus on completion rates and click metrics... not behavioral reinforcement or real detection capability.

Pyry explains how these metrics fail to measure true resilience, and how AI-generated attacks exploit exactly that surface-level engagement.

“If your KPIs are ‘less than 5% clicked,’ you’re measuring avoidance - not readiness.”

‍

Attackers are optimizing for failure - are you?

The benchmark found AI was especially good at generating emails that almost look safe - just enough ambiguity to trigger failure without obvious tells.

These edge-case scenarios are exactly where human training breaks down, and where most simulations fall short.

“Attackers aren’t making noise. They’re making near-misses. And that’s where your people fail.”

‍

Gamification, friction, and engagement: What actually works

One of the surprising takeaways from Hoxhunt’s customer deployments: users were highly engaged - even competitively so - when training included real-time feedback, meaningful friction, and leaderboard visibility.

“The top 100 users had 100% detection but fought for speed. People cared. They wanted to win. That’s when training works.”

‍

Recognition over retribution

Rather than punishing failures, customers saw better results when they shifted focus toward positive recognition - even symbolic rewards.

From internal security champions to challenge coins and security month shout-outs, Pyry shares how incentivizing engagement built lasting behavioral change.

“Security isn’t about scaring people into compliance. It’s about building a culture that wants to fight back.”

‍

What defenders need to do now

Pyry outlines a new playbook for the age of AI threats:

• Swap generic templates for evolving, adaptive simulations.
• Benchmark training against AI-generated attacks, not historical ones.
• Use behavior, not fear, as the foundation for engagement.
• Prepare for October and beyond with creative campaigns - not more click-rate charts.

“This is no longer a game of checkboxes. It’s a game of readiness. And AI is raising the bar.”

‍

Final thoughts: Outthink, out-train, out-evolve

The attackers are evolving. Your people can too but only if the training evolves with them. Static isn’t safe anymore. Personalized, adaptive, behavior-focused training is now the bare minimum.

“AI has changed the threat. Don’t let your training stay the same.”