Report: AI Phishing Raises Costs Despite Faster Response

Email security vendor IRONSCALES has released new research that found that AI-powered defenses are making security teams faster at handling phishing emails, but AI-generated attacks have made phishing more expensive.

Phishing threat grows as AI enables threat actors

The research report, The (Higher) Business Cost of Phishing, was conducted by Osterman Research and measures the financial and operational impact of phishing on organizations in the GenAI era. It surveyed 128 IT and security professionals at organizations with 1,000 to 5,000 employees.

The report is also a follow-up to an October 2022 report, Business Cost of Phishing, which was released four years prior to the launch of ChatGPT.

“The timing of these two studies creates a natural experiment,” said Michael Sampson, Principal Analyst at Osterman Research. “Our 2022 report didn’t mention artificial intelligence once. This one has AI on every page. Organizations remediate phishing 16 percent faster per incident, but spend 9 percent more of their annual hours doing it. Security teams got more efficient at fighting phishing, but attackers got even more efficient at creating phishing attacks. So far, the threat actors have gained the upper hand.”

Data shows phishing and deepfake attacks are disruptive to operations

Among the key findings in the report are:

• Phishing now costs $51,948 per security analyst annually, up 13.6 percent from $45,726 in 2022. Phishing also consumes 36.5 percent of security team working hours, up from 33.5 percent three years ago.
• AI-powered defenses cut per-incident handling time by 16 percent (from 27.5 minutes to 23.2 minutes) and reduced the cost per phishing email by 12 percent ($31.32 to $27.51).
• Half of organizations now rate phishing as a high or extreme threat, up from one-third in 2022. This indicates that AI-generated phishing campaigns lack telltale signs that employees were trained to spot.
• 62.5 percent of respondents say deepfake attacks are immediately disruptive. Deepfake voice and video technology is rated “extremely impactful” at 31.3 percent, the highest rating in the report, signaling that attacks have moved from theoretical to operationally disruptive.

Only one in five respondents expects phishing to get easier to deal with over the next year. A majority of respondents expect the time required to stay the same or increase as AI-generated attacks grow more sophisticated.

AI increases attack speed and personalization threat

The report identifies three ways that AI has boosted attacks: volume, speed, and evasiveness.

Phishing attacks used to take hours or days of manual research, but now they take just minutes to prepare.

This is leading to faster campaigns, and attackers are utilizing AI to probe defensive configurations and autonomously adapt campaign attributes to bypass detection.

“The economics of phishing have fundamentally changed,” said Audian Paxson, Principal Technical Strategist at IRONSCALES. 

“Before generative AI, personalizing a phishing attack required manual research, which limited it to high-value targets. Now personalization is cheap and fast, so it can be applied across an entire organization. The defensive model that worked three years ago (detect, investigate, respond) is being overwhelmed by volume. Organizations need to get ahead of attacks, not just respond to them faster.”

Four in 10 respondents said they expect the volume, speed, and evasiveness of phishing attacks to worsen over the next 12 months.

Meanwhile, a minority expects improvement, assuming their organizations can deploy AI-powered defenses faster than attackers can adopt AI for offense.

IRONSCALES platform with agentic AI capabilities

In March 2026, IRONSCALES launched new agentic AI capabilities within its platform to anticipate attacks rather than simply reacting to them.

Among the three agentic AI capabilities added to the platform are:

• A Red Teaming Agent that researches organizations the way attackers do and hardens detection models before real attacks arrive.
• A Phishing SOC Agent that performs L2 analyst-level forensic investigation in minutes. 
• A Phishing Simulation Agent that creates training scenarios based on real reconnaissance against the organization’s actual threat landscape.

Further, the platform includes Deepfake Protection for Microsoft Teams, an integrated solution that verifies participant identities in real time with visual and audio analysis, without recordings or transcripts.