For years, cybersecurity efforts have focused on protecting infrastructure—networks, endpoints, and cloud environments. But attackers have shifted their strategy. Rather than forcing their way through technical defenses, they’re finding success by going around them, targeting the people inside instead.

At the same time, the workforce has evolved. Communication no longer lives in a single channel like email; it spans SaaS platforms, collaboration tools, and messaging apps, all woven into a single, trust-based workspace. That trust, while essential for productivity, has also become a point of vulnerability.

Instead of probing for system weaknesses, attackers now study human behavior. They observe how executives communicate, how vendors interact, and how conversations unfold. With that insight, they craft messages that feel authentic—matching tone, timing, and intent closely enough to slip through unnoticed.

AI is accelerating this trend. A recent study from Omdia explores how AI enables attackers to quickly generate highly personalized, socially engineered campaigns at scale—making them more believable, easier to deploy, and increasingly difficult to detect.

Social engineering has always existed. What’s changed is how quickly and effectively it can be executed. AI removes the constraints that once limited attackers. Campaigns that previously required time, effort, and human skill can now be generated in minutes.

That speed matters. It allows attackers to test, refine, and relaunch attacks continuously. Instead of carefully crafting a single attempt, they can generate thousands of variations, each tailored to a specific individual or scenario.

This changes the economics of cybercrime. Lower cost and higher success rates create a feedback loop that favors the attacker. Over time, that imbalance compounds, leading to more fraud, more data exposure, and greater business impact.

To understand why human-targeted attacks are overwhelming security teams, it helps to look at what’s happening inside a typical security operations center.

Every day begins with a queue. Alerts from security tools. Emails reported by employees. Signals from across the environment that need to be reviewed, triaged, and resolved. Each alert demands attention. Each reported email requires analysis. And because many modern attacks lack clear indicators, analysts often have to rely on judgment rather than definitive signals.

Analysts spend more time investigating and less time improving defenses. Strategic initiatives get delayed. Threat hunting becomes reactive instead of proactive. The system becomes optimized for throughput, not effectiveness.

The human cost is just as real. Alert fatigue becomes the norm. Workloads feel unsustainable. And when attention is stretched too thin, the likelihood of missing a critical threat increases.

Most legacy security tools were built for a different kind of threat. They look for known indicators—malicious links, suspicious attachments, or compromised infrastructure.

That approach works when attacks carry detectable artifacts. But many of today’s most damaging attacks don’t.

A fraudulent invoice from a trusted vendor doesn’t include malware. A wire transfer request from a spoofed executive account doesn’t rely on a malicious link. A well-crafted phishing email may contain nothing obviously suspicious at all.

These attacks succeed because they align with normal business processes. They use familiar language, expected timing, and legitimate context. From a traditional detection standpoint, they appear clean.

At the core of this issue is a growing mismatch between how attacks operate and how defenses respond. Attackers move quickly. They iterate constantly. They adapt based on outcomes.

Defenders, in many cases, are still operating within workflows that depend on manual review, predefined rules, and delayed response cycles. Speed becomes a disadvantage. By the time an alert is investigated, the attack may have already succeeded. Scale becomes a limitation.

As data volumes increase, tools and teams struggle to keep up. Precision becomes harder to maintain, leading to more noise and more false positives.

If the attack no longer looks malicious, then detection has to change.

Instead of focusing only on the content of a message, security teams need to understand the behavior behind it.

• Does this communication align with how this person typically operates?

• Is the timing consistent with past interactions?

• Does the request match established patterns between these individuals or organizations?

Behavioral analysis makes it possible to detect subtle anomalies that would otherwise go unnoticed. It shifts the focus from identifying known threats to identifying deviations from what is expected.

In an environment where attackers are actively trying to appear legitimate, that distinction matters.

Human-targeted attacks are overwhelming security teams because they exploit a fundamental imbalance. Attackers are using AI to scale deception. They can move faster, test more ideas, and continuously improve their approach.

Security teams, meanwhile, are often constrained by processes and tools that were not designed for this level of speed or complexity.

The result is a growing operational burden. More alerts. More investigations. More pressure to respond quickly without losing accuracy.

There isn’t a single solution to this problem, but the direction is clear.

Security needs to operate with greater speed, greater context, and greater efficiency. It needs to reduce reliance on manual workflows and improve its ability to detect threats that don’t carry obvious indicators.

Most importantly, it needs to focus on the layer attackers are targeting: human behavior.

Organizations that adapt to this reality will be better positioned to manage the scale and complexity of modern threats. Those that don’t will continue to experience the same pattern—growing volume, increasing pressure, and limited ability to get ahead of risk.

For a deeper look at how security teams can respond to AI-enabled threats and evolving attack patterns, read the full report below.