James Dyer, head of threat intelligence, KnowBe4.
Threat actors are redefining the attack surface at scale, due to generative AI capable of delivering flawless, personalised phishing attacks and enhancing every step of the kill chain.
This emerged during an exclusive round table event presented by KnowBe4, aligned to ITWeb Security Summit 2026.
James Dyer, head of threat intelligence at KnowBe4, said the organisation’s Phishing Threat Trends Report found that 86% of phishing attacks are now AI-driven.
“We are not far from finding AI driving phishing from end-to-end, from reconnaissance to development, payload and execution,” he said.
“Attackers are weaponising trust,” Dyer said. “Business e-mail compromise rises year on year, with attackers investing a lot of energy in spoofing e-mails and impersonating vendors.”
“Links remain the primary payload in phishing e-mails, but we are also seeing developments such as QR codes buried deep within PDF attachments.”
Attackers have also moved beyond the inbox to target other communications channels, such as instant messaging, he pointed out.
The KnowBe4 Phishing Threat Trends Report noted that there had also been a 49% rise in attacks via calendar invites. Calendar invite injection (.ics) forces e-mail clients to autoprocess the message as a meeting, triggering direct system notifications and bypassing traditional inbox spam filters.
Friedrich Sieberhagen, territory director (Africa), KnowBe4.
There has also been a 41% increase in link-based attacks within Microsoft Teams, with deepfake Teams calls another emerging threat. This is concerning because deepfake content has become so realistic that 86% of employees admit it is increasingly difficult to know what – or who – to trust.
Dyer outlined several key predictions for the year ahead. He said Zero Day attacks would continue to trend upward, and AI agents would become a major attack surface, with subverted ‘malgents’ emerging as insider threats with employee-level permissions. Attackers would likely turn their attention to AI model integrity through RAG pipeline poisoning and training data manipulation. He said supply chain risk and vulnerability would continue to increase.
Senior security professionals participating in the round table said maintaining staff awareness was challenging, as attackers’ techniques changed frequently. They emphasised their focus on keeping training and awareness programmes topical, engaging and personalised, as well as working to instil a security culture across their organisations.
Friedrich Sieberhagen, territory director (Africa) at KnowBe4, noted: “Humans aren’t necessarily the weakest link – sometimes they are the strongest. But we have to give them the skills and the right technologies to help them mitigate risk.”
