AI-powered social engineering attacks are significantly more successful than traditional attacks, according to a new report from cyber risk management firm Resilience.
The researchers state, “Social engineering attacks fueled 88% of material losses, with AI-powered phishing achieving a 54% success rate compared to just 12% for traditional attempts.”
AI allows attackers to easily craft sophisticated phishing emails, as well as voice and video deepfakes. These attacks will grow increasingly harder to detect as AI technology improves.
“The era of obviously fake phishing emails is over,” the researchers write. “According to CrowdStrike’s 2025 Threat Hunting Report, 78% of enterprises experienced at least one AI-specific breach this year.
“Cybercriminals are leveraging artificial intelligence to create more convincing phishing campaigns, voice synthesis for fraudulent calls, and sophisticated browser-based attacks that bypass multi-factor authentication. In our portfolio, 1.8 billion credentials were compromised in the first half of 2025 alone—an 800% increase since January. This credential harvesting is feeding a new wave of identity exploitation that’s proving increasingly difficult to detect and defend against.”
Notably, the researchers warn that ransomware accounted for 91% of losses in the first half of 2025, despite representing only 9.6% of total claims.
“Perhaps most disturbing is the evolution of ransomware tactics,” Resilience says. “In at least two recent cases, threat actors located and referenced their victim’s cyber insurance policy to calibrate their ransom demands. In one instance, attackers explicitly stated they had set their demand below the client’s policy limit—turning insurance coverage into a roadmap for extortion.”
AI-powered security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Resilience has the story.
