"Check for typos" was once solid security advice. AI phishing attacks made it obsolete. Large language models produce flawless, contextually appropriate text in any language.

The grammar tells that once flagged malicious emails have simply disappeared—and the detection playbook security teams have used for decades no longer works.

This article draws on insights from the webinar "The Adversary's New Assistant: Weaponizing AI Chatbots".

Traditional user training taught employees to look for specific red flags: check the headers, verify the sender, scan for typos. The assumption was that attackers—often operating from non-English-speaking countries or working at scale—would make mistakes that careful readers could catch.

These heuristics assume attackers are sloppy. AI-enabled attackers are anything but.

The traditional approach essentially tells users: look here, look here, look here—if you don't see anything suspicious, you're safe to click the link. But when AI-generated phishing emails contain no typos, no awkward phrasing, and no obvious red flags, that entire framework collapses.

As Inma Martinez, AI scientist and global chair for GenAI and Agentic AI projects at GPAI, put it during the webinar: "We're trying to find a new challenge with wooden tools. These are not the tools for this. We need to build new ones."

Modern attackers have learned to weaponize not just AI-generated content, but the trust users place in legitimate platforms. One particularly effective technique involves using tools like Gamma AI or Canva to host phishing content.

The attack works like this: an email arrives from a legitimate application—Gamma, Dropbox, or another trusted service—inviting the recipient to view a shared presentation. Because the email comes from a legitimate vendor, it passes through secure email gateways without issue. When the user clicks through to the presentation, they're now on a legitimate platform, viewing what appears to be a normal document. That document contains the actual phishing lure—a link to credential harvesting or malware.

The click-through rate for AI phishing attacks on trusted platforms is dramatically higher than for traditional email phishing. Once users leave the inbox, they abandon the vigilance they were taught to maintain. The security training that told them to scrutinize emails simply doesn't transfer to documents hosted on trusted platforms.

The scale of exploitation is staggering. In the first six months of this year alone, approximately eight million registered attacks using chatbots were recorded in Europe. And AI isn't just improving the quality of attacks—it's enabling entirely new attacker profiles.

Consider North Korean operatives applying for IT jobs at Western companies. Previously, cultural gaps and unfamiliarity with casual conversation would expose them during interviews. Questions like "What do you do on weekends?" would reveal their lack of exposure to Western culture. When they use GenAI to answer those interview questions, the models—trained predominantly on North American data—perform brilliantly. Multiple successful infiltrations have been documented where operatives secured positions at legitimate companies.

What makes AI phishing attacks fundamentally different isn't just improved quality—it's democratized capability. The barrier between intent and capability has collapsed. Previously, executing sophisticated social engineering attacks required significant technical skill and cultural knowledge. Now, anyone with malicious intent has access to tools that can craft convincing, contextually appropriate attacks at scale.

This shift is visible across the threat landscape. Leaked chats from the Blackbasta ransomware group reveal eCrime operators actively experimenting with AI to streamline operations—from troubleshooting malware to rewriting capabilities. Nation-state actors are leveraging LLMs for reconnaissance, parsing stolen data more efficiently, and developing AI-assisted malware. Russian threat actors have deployed AI-assisted malware in operations against Ukraine, demonstrating real-world application of these capabilities in active cyber warfare.

The financial impact is already measurable. Business email compromise attacks—which rely heavily on convincing, well-written communications—resulted in nearly $3 billion in reported losses in 2023 alone. With AI removing the linguistic barriers that once made these attacks detectable, that number will only grow.

If signature-based detection and user vigilance can no longer keep pace, what can? The answer lies in behavioral AI—systems that understand what "normal" looks like and flag deviations.

Piotr Wojtyla, Head of Threat Intelligence and Platform at Abnormal AI, frames it in operational terms: effective defense requires "understanding what is known good" and detecting what deviates from that baseline. This means building behavioral profiles—learning how organizations communicate, how vendors interact, how employees typically behave—and flagging deviations that signal compromise or malicious intent.

Rather than trying to recognize known-bad signatures, behavioral systems identify when something simply doesn't fit established patterns. An unusual sender-recipient pairing. A request that doesn't match historical communication patterns. Urgency in a context where urgency would be abnormal. These signals, individually subtle, become clear indicators when analyzed against a baseline of normal behavior.

This represents a fundamental shift from reactive to proactive defense. Traditional secure email gateways scan for known threats—malicious attachments, suspicious URLs, blacklisted senders. AI-native email security learns what legitimate communication looks like and surfaces anything that deviates, even if the specific attack technique has never been seen before.

The arms race isn't going away. Attackers will continue to leverage AI to scale and sophisticate their operations. But the defensive strategy must evolve in parallel.

Organizations hesitant to adopt AI-powered defense are creating a massive gap between the capabilities available to attackers and those deployed by defenders. That gap will only widen as generative AI tools become more powerful and more accessible.

The grammar-check era of phishing detection is over. What replaces it must be smarter, more adaptive, and built on understanding human behavior—because that's exactly what attackers are now exploiting. The path forward isn't teaching users to spot better fakes. It's deploying systems that understand communication patterns deeply enough to identify threats before they ever reach an inbox.

Grammar-based detection is obsolete: Large language models produce flawless, contextually appropriate text—eliminating the typos and awkward phrasing users were trained to spot.

Trusted platforms are the new attack vector: Attackers use legitimate services like Gamma, Canva, and Dropbox to host phishing content, bypassing secure email gateways entirely.

AI has democratized attack capability: The barrier between intent and capability has collapsed—anyone with malicious intent can now craft convincing attacks at scale.

Signature-based defenses can't keep pace: Traditional secure email gateways scan for known threats, but AI-generated attacks have no signatures to detect.

Behavioral AI is the path forward: Effective defense requires understanding what "normal" looks like and flagging deviations—not hunting for known-bad indicators.

The defender-attacker gap is widening: Organizations hesitant to adopt AI-powered defense are falling further behind adversaries who have already embraced these tools.

Ready to see how behavioral AI detects the threats legacy tools miss? Request a demo to learn how Abnormal protects organizations from AI phishing attacks.