AI-POWERED phishing has surged to become the top initial-access vector in the first quarter of 2026, overtaking the exploitation of external vulnerabilities, according to Cisco Talos' IR Trends Q1 2026 report. The analysis found that more than a third of compromises investigated started with a successful phishing attack (35%), with attackers using valid accounts in 24% of cases and exploiting public-facing applications in 18%.
The report highlights that AI-generated email lures are typically personalised and written in multiple languages, making phishing harder to filter and detect. Microsoft data also shows clickthrough rates for AI-assisted phishing reaching 54%, up from an average of 12%. Industry voices note a shift to polymorphic phishing and greater targeting of privileged users, underscoring the need to deploy AI-driven defences alongside traditional controls. April 24, 2026.