New Research: AI-Powered Phishing Defenses Made Security Teams Faster, But AI-Generated Attacks Made Defense More Expensive Overall

Phishing now consumes 37% of security team hours and $51,948 per analyst annually, up 13.6% since 2022

IRONSCALES, the leader in AI-powered email security, today released "The (Higher) Business Cost of Phishing," a new research report conducted by Osterman Research that measures the financial and operational impact of phishing on organizations in the era of generative AI. The findings reveal an AI paradox. AI-powered defenses enabled security teams to resolve phishing email incidents faster. However, AI-generated attacks made phishing more expensive overall, as gains in volume, speed, and evasiveness outpaced defender efficiency.

The report, which surveyed 128 IT and security professionals at organizations with 1,000 to 5,000 employees, serves as a direct benchmark against the original "Business Cost of Phishing" study published in October 2022, four weeks before ChatGPT launched. Together, the two studies provide the first before-and-after measurement of generative AI's impact on the phishing threat landscape.

Key findings include:

• Phishing now costs $51,948 per security analyst annually, up 13.6% from $45,726 in 2022. Phishing also consumes 36.5% of security team working hours, up from 33.5% three years ago.
• AI-powered defenses cut per-incident handling time by 16% (27.5 minutes to 23.2 minutes) and reduced cost per phishing email by 12% ($31.32 to $27.51). Growth in attack volume overwhelmed those gains.
• Half of organizations now rate phishing as a high or extreme threat, up from one-third in 2022. The shift reflects the impact of AI-generated phishing campaigns that lack the traditional telltale signs employees were trained to spot.
• 62.5% of respondents say deepfake attacks are immediately disruptive. Deepfake voice and video technology carried the highest "extremely impactful" rating (31.3%) of the emerging threat trends surveyed, signaling that attacks have moved from theoretical to operationally disruptive.
• Only one in five respondents expects phishing to get easier to deal with in the next 12 months. The majority expect the time required to stay the same or increase as AI-generated attacks grow more sophisticated.

"The timing of these two studies creates a natural experiment," said Michael Sampson, Principal Analyst at Osterman Research. "Our 2022 report didn't mention artificial intelligence once. This one has AI on every page. Organizations remediate phishing incidents 16% faster but spend 9% more of their annual hours doing so. Security teams got more efficient at fighting phishing, but attackers got even more efficient at creating phishing attacks. So far, the threat actors have gained the upper hand."

AI accelerates both sides of the phishing equation

The report identifies three dynamics that AI has amplified for attackers: volume, speed, and evasiveness. Personalized phishing attacks that previously required hours or days of manual research now take minutes to prepare. Shorter preparation time translates into faster campaign cadence. And attackers are using AI to probe defensive configurations and autonomously adapt campaign attributes to bypass detection.

Four out of ten respondents expect all three dynamics to worsen over the next 12 months. A minority expect improvement, resting on the assumption that their organizations can deploy AI-powered defenses at a faster pace than attackers can adopt AI for offense. The data suggest that the assumption remains an open question.

Independent research released last month echoes the shift. Verizon's 2026 Data Breach Investigations Report cites a doubling of AI-assisted text in malicious emails compared to prior years, with phishing now accounting for 44% of AI-assisted initial access attempts.

"The economics of phishing have fundamentally changed," said Audian Paxson, Principal Technical Strategist at IRONSCALES. "Before generative AI, personalizing a phishing attack required manual research, which limited it to high-value targets. Now, personalization is cheap and fast, so it can be applied across an entire organization. The defensive model that worked three years ago (detect, investigate, respond) is being overwhelmed by volume. Organizations need to get ahead of attacks, not just respond to them faster."

Shifting from reactive defense to preemptive security

IRONSCALES has responded to the evolving threat landscape with agentic AI capabilities designed to anticipate attacks rather than just react to them. Launched in March 2026, the IRONSCALES platform now includes three agentic AI capabilities: a Red Teaming Agent that researches organizations the way attackers do and hardens detection models before real attacks arrive; a Phishing SOC Agent that performs L2 analyst-level forensic investigation in minutes; and a Phishing Simulation Agent that generates training scenarios based on real reconnaissance against the organization's actual threat landscape.

The IRONSCALES platform also includes Deepfake Protection for Microsoft Teams, the industry's first integrated solution that verifies participant identities in real time using visual and audio analysis, without recordings or transcripts.

Report availability

"The (Higher) Business Cost of Phishing" is available for download at https://ironscales.com/the-higher-business-cost-of-phishing/report-download.

IRONSCALES and Osterman Research will present the full findings in a joint webinar, "37% of Your Team's Time: The (Higher) Business Cost of Phishing," with registration details available at ironscales.com/events.

About IRONSCALES

IRONSCALES is an API-based email security platform that combines Adaptive AI, agentic automation, and crowdsourced human intelligence to detect and remediate phishing, business email compromise, account takeover, deepfake, and GenAI-powered attacks. The platform deploys in minutes via native API integration for Microsoft 365 and Google Workspace with no MX record changes. Beyond threat detection, IRONSCALES includes integrated phishing simulation testing, security awareness training, DMARC management, deepfake protection for Microsoft Teams, and an agentic AI virtual SOC that automates incident response. The platform is powered by a global threat intelligence network of 35,000+ security professionals across 17,000+ organizations and 3,500+ MSP partners. Learn more at ironscales.com.

About Osterman Research

Osterman Research provides analysis and insight into technology trends, market dynamics, and best practices in messaging, collaboration, security, and related technology areas. For more information, visit ostermanresearch.com.