AI-Powered Phishing Defenses Increase Costs Despite Faster Response Times
Severity: Medium (Score: 51.9)
Sources: Businesswire, Channelinsider
Published: · Updated:
Keywords: phishing, research, security, faster, made, costs, response
Summary
New research from IRONSCALES reveals that while AI-powered defenses have improved the speed of phishing incident response by 16%, they have also led to a 9% increase in the annual hours spent by security teams, raising costs. Phishing now consumes 37% of security team hours, costing approximately $51,948 per analyst annually. The study surveyed 128 IT and security professionals in organizations with 1,000 to 5,000 employees, highlighting a significant shift in the phishing landscape since the introduction of generative AI. Attackers are leveraging AI to enhance the volume, speed, and evasiveness of phishing campaigns, making them harder to detect. The report indicates that four out of ten respondents expect these dynamics to worsen in the coming year. The findings suggest that while defenders have become more efficient, attackers have adapted even faster, gaining the upper hand in the ongoing battle against phishing. Key Points: • AI defenses improved phishing incident response speed by 16%. • Phishing now consumes 37% of security team hours, costing $51,948 per analyst annually. • Four out of ten security professionals expect phishing threats to worsen in the next year.
Detailed Analysis
**Impact** Phishing attacks now consume 37% of security team hours and cost $51,948 per analyst annually, representing a 13.6% increase since 2022. The research surveyed 128 IT and security professionals from organizations with 1,000 to 5,000 employees, primarily in the U.S. The rise in AI-generated phishing has increased operational costs and workloads despite faster incident response, affecting sectors reliant on email communications and exposing organizations to higher risks of credential theft, data breaches, and financial fraud. **Technical Details** Attackers use AI to automate and accelerate phishing campaigns, reducing preparation time from days to minutes. AI enables personalized, evasive phishing attacks that adapt autonomously to defensive configurations, increasing volume, speed, and sophistication. The primary attack vector remains email-based phishing, with AI-generated text doubling in malicious emails. No specific malware, CVEs, or IOCs were detailed in the reports. **Recommended Response** Organizations should shift from reactive to preemptive security by deploying AI-driven defenses capable of anticipating attacks, such as agentic AI tools that simulate attacker behavior and perform rapid forensic analysis. Monitoring for increased phishing volume, speed, and evasiveness is critical. Implementing multi-factor authentication, continuous user training, and real-time identity verification (e.g., Deepfake Protection for collaboration platforms) will help reduce risk. No specific patches or IOCs were provided.
Source articles (2)
- New Research: AI-Powered Phishing Defenses Made Security Teams Faster, But AI ... — Businesswire · 2026-06-04
New Research: AI-Powered Phishing Defenses Made Security Teams Faster, But AI-Generated Attacks Made Defense More Expensive Overall Phishing now consumes 37% of security team hours and $51,948 per ana… - Report: AI Phishing Raises Costs Despite Faster Response — Channelinsider · 2026-06-04
New IRONSCALES research finds AI speeds phishing response by 16%, but AI-generated attacks are driving higher costs, workloads, and risks. Email security vendor IRONSCALES has released new research th…
Timeline
- 2026-06-04 — IRONSCALES releases new phishing report: The report reveals AI-powered defenses speed up response but increase costs, with phishing consuming 37% of security team hours.
- 2026-06-04 — Channel Insider reports on IRONSCALES findings: The report highlights that AI-generated phishing attacks are driving higher costs and workloads for security teams.
Related entities
- Phishing (Attack Type)
- ironscales.com (Domain)
- scratchmm.com (Domain)
- [email protected] (Email)
- T1566 - Phishing (Mitre Attack)