As cyber attackers actively use AI, phishing crimes are increasingly being automated. An analysis says a nearly 15-fold surge this year in phishing attacks that bypass traditional identity verification tools is also linked to that trend.

An Axios report citing a Huntress report said so-called device-code phishing attacks rose 1,380 percent from January to April 2026 compared with the second half of 2025.

Device-code phishing exploits a legitimate authentication method used to connect devices such as TVs or game consoles, where keyboard input is inconvenient, to a Microsoft account. It lures victims to a real Microsoft login page and gets them to enter a device code created by the attacker. Once the victim completes login and multi-factor authentication, the attacker intercepts an access token. Axios reported that tools to steal and manage these tokens are now sold as subscription phishing kits, allowing even less technically skilled attackers to run sophisticated phishing campaigns.

Until now, cyber criminals mainly used AI to make phishing messages more plausible and tailored to specific individuals.

But Huntress said its report shows much of the attack activity is linked to phishing-as-a-service platforms that package identity theft infrastructure, phishing kits and AI-based workflows and offer them to other criminals as subscription services.

Looking at several hundred cases, there was not a single instance of identical phishing lure text. Huntress said that shows threat actors used generative AI to personalise messages at scale. It interpreted this as early evidence that cyber criminal groups are industrialising phishing attacks by combining generative AI with automated workflows.

Huntress CEO Kyle Hanslovan (카일 한슬로반) sees AI-generated content, automated workflows and subscription-based attack platforms lowering barriers to entry for cyber criminals while accelerating the pace of attacks.

"If you automate much of the operations, you don't need to be a systems engineer or know how to normalise data. It's being democratised so anyone can access it," he said. "The operational level of cyber criminal organisations is better than many companies."

As AI models provided by OpenAI and Anthropic become more advanced, voices warning of rising AI-based attack capabilities have been growing in recent months.

Agencies in the Five Eyes signals intelligence partnership among Australia, the United States, Britain, New Zealand and Canada also issued a statement recently, warning that destructive AI cyber attacks targeting governments and companies could become a reality within months.

"Over time, AI will help improve cyber defence, but it is also accelerating the speed, scale and sophistication of cyber threats," the agencies said. "Frontier AI models are expected to fundamentally change offensive and defensive cyber capabilities beyond current industry expectations. This will become reality not in years but in months."

Olivia Shen (올리비아 션), an AI and national security expert at the University of Sydney's United States Studies Centre, said, "We should expect that the next Mythos or Fable could be right around the corner." She said, "We can only see what is publicly disclosed, but China or other countries and companies may be developing equally advanced models."