AI Is Behind 50% Of Spam — And Now It’s Hacking Your Accounts
AI is taking over the spam and phishing sectors.
Artificial Intelligence is, I admit with a certain amount of begrudging respect, impressive to put it mildly. At least when it is used to help make work more efficient and leisure more, erm, leisurely. However, when AI is misused or employed for nefarious purposes, it becomes a concern for all of us. We’ve already seen this when the first big story broke as an AI attack on Gmail users went viral in 2024. Things have changed since then, and not for the better, as the latest research reveals. Now, half of your spam is generated by AI, and cyberattacks are increasingly using AI-powered methods. Here’s what you need to know.
51% Of All Spam Is Now Generated By AI
It’s official: more than half of the spam that you receive has been created using AI tools. That’s the finding of newly published research, a collaboration between Barracuda and researchers from Columbia University and the University of Chicago, which found that, in April 2025, the actual number was 51%.
This isn’t altogether surprising. After all, AI does a better job, for the most part, in producing less spelling and grammatical errors, ensuring that linguistically the messages are understandable across geographies, and can be tweaked to have just the right tone to convince the reader to respond. And that, dear reader, is concerning. Not from the perspective of spamming in the broader sense, but rather when it comes to cybersecurity implications, as such techniques are applied to phishing attacks. The same report found that, already, 14% of the business email compromise attacks analyzed were AI-generated. Extrapolate that across all phishing attack scenarios, and I’m sorry to say, the situation will soon become untenable.
Wei Hao, a PhD student at Columbia University, and one of the researchers behind the report, said that “spam showed the most frequent use of AI-generated content in attacks, outpacing use in other attack types significantly over the past year.”
What the research also found was that AI-generated emails didn’t differ significantly from human-generated attack emails, at least not in terms of engendering a sense of urgency. It appears that AI, like human attackers, recognises the effectiveness of this method in persuading a recipient to act and become a victim. “Urgency is a deliberate tactic commonly used to exert pressure and elicit an unthinking response from the recipient,” Hao said, which suggested “attackers are primarily using AI to refine their emails and possibly their English rather than to change the tactics of their attacks.”