- Voice phishing incidents increased 442% in Q2 2024, with momentum continuing into 2026.
- AI voice cloning now requires only a few seconds of audio from a podcast, video, or social media clip.
- It’s become increasingly harder to tell a cloned voice from a real one.
- Bot scams can continuously target your entire employee directory. Due to automation, these scams require no manual efforts to sustain.
- Viral AI trends like the 2026 ChatGPT caricature craze are an active corporate security risk. When employees upload photos to create AI versions of themselves, that data can be used to build more convincing deepfake profiles targeting your organization.
- Weak, reused, or unmanaged credentials across your SaaS and AI ecosystem are the #1 target of AI-powered social engineering.
- You don’t need an enterprise security budget to close the credential gap. SaaS visibility, FIDO2 MFA, and encrypted vaults are still the baseline that makes all other defenses more effective.
AI phishing detection is the practice of using AI-assisted tools to identify AI-generated voice clones, video-based deepfakes, and bot-driven phishing. For small and mid-sized teams, the most important thing to understand is that these attacks are now designed to bypass human judgment entirely.
Your CFO gets a call from the CEO. The request is urgent: Approval needed for a same-day wire transfer by end-of-day (EOD). The problem is, your CEO is sitting in a different meeting completely unaware of the call.
This scenario used to require significant resources to pull off. Today, it takes just a few seconds of audio and a free AI tool. Which means the AI attack surface is widening at machine speed, moving faster than human instincts can match.
Here's a case in point: In a controlled experiment with 240 participants, 68.3% believed their interactions with an AI phishing bot called “ViKing” (derived from “vishing” + “king”) were real – ACM ASIACCS
Alarmingly, 46.25% perceived ViKing as credible and trustworthy. In the end, the bot managed to extract sensitive info from 52% of participants.
The researchers used ChatGPT-4 to craft convincing personas for ViKing, such as this one.
Are your loved ones prepared for phishing calls from AI bots like Agent Francis?
Name: “Agent Francis”
Purpose: To make target callers believe they are under federal investigation or related to someone who is. By leveraging this fear, Agent Francis aims to extract sensitive personal and financial details under the guise of “clearing the target’s name” or “ensuring their protection.” Requested information includes Social Security numbers, bank account details, and other personal identifiers.
Tone: Agent Francis alternates between calmly authoritative to stern, characteristic of a federal agent experienced in navigating high stakes scenarios. He emphasizes urgent action, suggesting potential risks if target callers don’t cooperate.
Backstory: Agent Francis is a seasoned FBI officer who has been part of critical investigations throughout his career. Currently, he’s handling a significant case that “somehow” involves the target caller. Due to the sensitivity of the matter, he reaches out directly, bypassing local authorities to ensure confidentiality and prompt action. For “the caller’s safety,” Agent Francis stresses the importance of providing the necessary personal details.
How will your loved ones respond to one of these calls?
Source: ACM ASIACCS
What exactly is the AI attack surface, and why does it keep growing?
Your AI attack surface is every entry point AI-powered social engineering can use to target you. And that surface keeps growing because attacks that once required skill and money can now be automated with free or low-cost kits by the average “noob.”
In 2023 and 2024, IEEE researchers warned that Gen AI can now craft convincing fake content at a scale and personalization level that far outpaces legacy detection tools.
Which brings us to the modern bot scam.
What are bot scams, and how are they different from the phishing attacks you’re familiar with?
Bot scams are automated, AI-powered attacks that generate personalized phishing attempts at volume, often combining email, SMS, and voice in a coordinated sequence.
The difference from older phishing is precision: Bot scams pull from public sources such as LinkedIn profiles, corporate websites, and Dark Web forums to customize lures to each target.
After this type of targeted reconnaissance, attackers use multiple channels to get results:
- First, a phishing email lays the groundwork with warnings about an “urgent account update” or “vendor payment issue.” Alternatively, you may get an email about lucrative “investment opportunities.”
- Next, a smishing text teases an invite link or support contact link.
- Finally, a deepfake call impersonating a trusted voice closes the trap by asking for a code, password, or money.
Here’s why smishing is a critical tool in AI phishing: Employees trust texts more than emails.
According to Forbes, the click through rate for smishing is 20%, compared to 3-5% for phishing emails. So, while phishing is the initial access vector (2026 Verizon DBIR), smishing is the one that gets target victims to act.
And what makes bot scams particularly difficult for lean IT teams is that they require no manual efforts to sustain. With automation, attackers can easily run thousands of personalized phishing attempts at once, test what works, and iterate as they go.
Which means one campaign can target your entire employee directory while you sleep. The World Economic Forum warns that AI-powered manipulation campaigns are driving disinformation at scale.
AI bots continuously analyze your behavior based on your publicly shared data, adjust messaging in real time, and learn which emotional triggers work on you specifically. And this same micro or individualized targeting is being used to drive both financial exploitation and societal instability.
Without strong verification and visibility in this charged atmosphere, trust quickly breaks down.
How does AI vishing work?
AI vishing uses voice cloning technology to impersonate executives and team members.
And attackers only need a few seconds of audio, such as a clip from a podcast, video, or voicemail, to build a convincing voice.
With permission from Dr. Felix Hernandez (CISSP, CCSP), CEO of All American Technology Solutions Group and CISO of Strategic Sentinels, I’m going to share what he says about the ease of creating deepfakes for video vishing.
In an April 2026 interview with ISC2 Insights, Dr. Hernandez identified the core challenge clearly:
“A deepfake can be created using an existing video on YouTube and commercial software to manipulate the imagery and voice. And that video can be sent via text, email, etc. It’s something that’s easy to do and causes a lot of damage. You know, we’ve gone from phishing emails with the CEO saying, “I need you to wire me money” to video calls of the CEO saying, “You need to wire me money.” And the thing is, the videos and images these cybercriminals are using to create these deepfakes are already available ... on social media like YouTube, Instagram, LinkedIn, where CEOs and executives are posting about events they’re at."
At the April 2026Southeast Cybersecurity Summit in Birmingham, Alabama, Dr. Hernandez showed how easy it was to use face swap tech to create movie-quality imitations of real celebrities.
Audience members volunteered for his demo and found themselves turned into Kendrick Lamar, George Clooney, or Eddie Murphy. The danger with face swaps is that it can be highly convincing to casual observers.
And scammers are betting that your busy employees aren’t going to look too closely.
According to Cybercrime Magazine, attackers are increasingly using AI to mimic real people's voices (and faces) in targeted scams, with deepfake-enabled cybercrime set to hit $12 trillion+ in costs by 2031.
For his part, Dr. Hernandez recommends proactive education and the right verification protocols as the best defense.
Interested in connecting with Dr. Felix Hernandez for employee awareness training? Drop him a line or catch up with him on LinkedIn.
Meanwhile, Dr. Hernandez continues to sound the alarm loud and clear: Because we instinctively trust them more than we should, voice and face are probably the AI attack surfaces most organizations are least prepared for.
Deepfakes: Is seeing or hearing someone still enough to trust them?
According to Dr. Felix Hernandez, the answer is no.
Dr. Hernandez warns that as deepfake tech advances, we can no longer trust what we see and hear. So, if you’ve always defaulted to seeing or hearing a familiar person to verify the authenticity of a request, that’s now a broken security protocol.
Trust can no longer be assumed from sensory confirmation alone. You need a second layer that verifies identity through behavior, context, and metadata.
Dr. Hernandez also flagged a less obvious threat vector: AI caricature tools.
Trends like the ChatGPT caricature craze that gained traction in early 2026, where users uploaded their photos to generate stylized AI portraits, have led to strong warnings from security experts like Dr. Hernandez.
And for good reason. First, you have no way of ensuring your photos and personal info (job title, role, personality quirks, & hobbies) won’t be shared with ChatGPT’s affiliates.
And second, your uploaded biometric data could become training material to feed into adversarial facial recognition and fraud tools to build more convincing deepfakes of you.
Which, in turn, could be used against your friends, family, and co-workers.
If your employees are participating in these trends, they’re expanding your organization's AI attack surface without even knowing it.
How can defensive AI stop the bot scams your employees can’t?
Defensive AI analyzes the behavioral signals, traffic patterns, and anomalies that are characteristic of bot scams.
Defensive AI: Security tooling that uses machine learning, behavioral analysis, and real-time threat intelligence to detect and block AI-generated attacks, including bot-driven credential stuffing, synthetic voice fraud, and account takeover attempts.
The problem with relying on employees to spot bot scams is that these attacks are designed to defeat human pattern recognition.
Below, I highlight the best defensive AI tools that remove the pressure from your team, so they don’t have to be hyper-vigilant about every interaction.
What are the top defensive AI tools in 2026?
The top defensive AI tools you’ll want to have on your radar in 2026 include HUMAN Security, Google Cloud Fraud Defense, Radware Bot Manager, Radware, Akamai, Imperva, and Cloudflare.
HUMAN Security
According to HUMAN Security's 2026 State of AI Traffic and Cyberthreat Report:
- Automated traffic is growing eight (8) times faster than human traffic, with AI-driven traffic up 187%.
- Traffic from AI agents and agentic browsers has grown 7,851% YoY. While the majority of bots crawl product listings, a growing number are accessing user accounts and checkout flows.
HUMAN Security says it uses AI-driven behavioral analysis to block bot attacks and automated fraud.
Google Cloud Fraud Defense
Touted as the next evolution of reCAPTCHA, Google Cloud Fraud Defense is Google’s fraud defense platform for the agentic web. Its key value lies in identifying multi-stage digital fraud campaigns, which disconnected endpoint tools miss.
Fraud Defense launched to great fanfare at Google Cloud Next in April 2026, but reviews are mixed depending on whether you’re a business or consumer.
From a business perspective, it can add up to significant savings in terms of fewer fraud losses and chargebacks. But users on this community forum as well as this forum dislike that verification requires an Android phone with Play Services.
That said, Fraud Defense uses the same fraud intelligence apparatus that already protects 50% of Fortune 100 firms and 14 million+ domains worldwide.
Its agentic policy engine lets your business block human or machine traffic based on risk scores, automation type, and agent identity.
And Google maintains it’s already seen a 51% average reduction in account takeover attempts since Fraud Defense premiered.
Radware Bot Manager
The star here is Radware’s patented Intent-based Deep Behavior Analysis tech.
It profiles user actions at the business-logic layer, not just the network layer.
This means Radware can identify the true intent behind traffic, spotting bots that mimic human-like actions like moving the mouse pointer in random (human-like) patterns instead of in straight lines.
Imperva Advanced Bot Protection, Akamai Bot Manager, Cloudflare Bot Mitigation, and F5 Distributed Cloud Bot Defense
These round out the enterprise tier, each combining features like machine learning, device fingerprinting, and behavioral analysis to separate bots from human users across web, mobile, and API surfaces.
All of the above tools have several things in common:
- They don’t put the burden on employees to recognize an attack.
- Instead, they analyze signals like typing cadence, intervals between requests, click frequency, geolocation data, and navigation flows.
- And they act before the threat reaches a human decision point.
If you’re a lean team and aren’t yet ready to deploy Fraud Defense or Radware Bot Manager, however, you have options.
While the above tools can block bots, they can’t stop AI-powered social engineering (deepfake video calls, for one).
That’s where your credential hygiene and verification protocols become a powerful line of defense. Below, I’m going to share how you can get this defense at a price that makes sense for your business.
If you prefer to get straight to it, scroll down until you find the box with the definitive answer to: “What is the fastest way to reduce your AI attack surface without a large IT budget?”
How do different defenses compare for stopping AI phishing attacks?
First, let’s compare defensive options. Defensive AI tools like Radware, HUMAN Security, and Google Cloud Fraud Defense excel at blocking AI traffic. Meanwhile, security awareness training can dramatically reduce employee susceptibility to phishing scams.
But secure access providers like LastPass can block the payoff for attackers by making stolen credentials useless with credential security, smart autofill, continuous SaaS & AI visibility, and FIDO2 MFA enforcement for vault logins.
|
Approach |
What it does well |
Where it fails against AI attacks |
|
Security awareness training |
Improves phishing recognition |
AI voice clones and personalized scams bypass human judgment |
|
Email & endpoint security tools |
Blocks known phishing domains and malware |
Can’t detect voice cloning, SMS, or multi-channel bot attacks |
|
Defensive AI tools |
Strong at blocking automated threats |
No reliable real-time protection against social engineering that tricks employees into giving up credentials or sharing account access |
|
Basic MFA |
Adds a second authentication layer |
Vulnerable to SIM swapping |
|
Secure access platforms like LastPass |
Eliminates password reuse, monitors password health with Dark Web Monitoring, enforces FIDO2 MFA for vault logins, adds SaaS & AI visibility, provides smart autofill that only enters credentials on legitimate sites |
Doesn’t stop the initial social engineering scam, but useful for providing a strong defense against account takeovers |
How does credential security connect to AI phishing detection for a lean IT team?
The connection is direct: At their heart, AI phishing attacks are credential attacks. The goal of every deepfake call, vishing scam, and bot-generated phishing email is to get someone to hand over a password, MFA code, or access to a system.
If your credential management is fragmented, i.e. passwords stored in browsers, shared in Slack, and reused across SaaS, every one of those becomes an open door.
This is where LastPass can help.
What should a small IT team actually do about AI phishing, vishing, and deepfakes right now?
A practical response covers three areas that LastPass excels in: Verification, credential security, and SaaS & AI visibility.
Verification. Dr. Hernandez recommends implementing clear verification steps for any high-risk request. This includes financial transactions, asset transfers, password resets, and participation in sensitive corporate calls.
One of the simplest defenses against AI vishing is a pre-established code word, verbal challenge protocol, or dual approval process. LastPass provides another verification layer with adaptive MFA, SSO, and SaaS Protect Allow/Warn/Block policies.
Credential security. Every AI phishing and vishing attack is trying to reach a credential. Strong, unique passwords in a managed vault and enforced FIDO2 MFA for access eliminate the reuse problem that makes a successful phishing attempt the master key to all your accounts.
And with smart autofill, your credentials will only be entered on legitimate sites. This means your passwords won’t be filled, even if one letter in a URL is misplaced, missing, or swapped with look-alike characters (homoglyphs).
These aren’t new recommendations, but they still work in 2026.
Visibility into your SaaS & AI attack surface. You can’t defend what you can’t see. If your employees are using both corporate and personal emails to connect to SaaS & AI tools or using the same credentials across multiple platforms, those behaviors are invisible without continuous monitoring.
LastPass provides a critical layer of defense with SaaS Monitoring, which discovers all SaaS and AI apps your employees use, with or without IT approval.
The organizations best positioned against AI-powered social engineering almost always focus on closing the credential gap first, ensuring every login is secure and visible.
What is the fastest way to reduce your AI attack surface without a large IT budget?
The fastest and most effective step you can take to reduce your AI attack surface is to deploy LastPass across all employee logins.
LastPass unifies credential security, SaaS Monitoring, SaaS Protect, Dark Web Monitoring, SSO, and FIDO2 MFA under one platform.
Only 27% of small businesses with up to 25 employees have adopted MFA, which means deploying LastPass puts your organization well ahead of the majority immediately (without requiring a large IT investment).
