By March 2025, their AI spear phishing agent (codenamed JKR) achieved a 23.8% higher success rate than human red teams across all user skill levels. Prompt Engineering for Task Execution: For novel attacks, JKR uses instructions like:- “Generate a plausible phishing email targeting a Financial Analyst in Germany. AI-powered spear phishing agents have surpassed elite human red teams in crafting socially engineered attacks as recently revealed. The findings underscore the rapid evolution of generative AI tools, which now produce hyper-personalized phishing campaigns at scale, leveraging contextual data such as a target’s job role, geographic location, and behavioral patterns. While only 0.7–4.7% of phishing emails bypassing email filters in 2024 were AI-generated, Hoxhunt analysts warn that the sophistication of these attacks is accelerating. However, the researchers emphasize that defense must now mirror offense as the security teams should deploy “white-hat” AI agents to simulate advanced threats and identify vulnerable user groups. Hoxhunt researchers noted that AI’s dominance stems from its ability to analyze vast datasets of user interactions and optimize phishing lures in real time. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This adaptability has rendered traditional compliance-based security awareness training obsolete, forcing organizations to adopt adaptive human risk management platforms. At the core of JKR’s effectiveness is its dual-task architecture, which combines novel phishing creation and human-authored attack enhancement. Avoid technical jargon.” For attack enhancement, it receives human-drafted emails and iteratively improves them:- “Revise the following email to increase perceived legitimacy. Unlike static human-authored templates, AI agents like JKR employ multi-stage reasoning, they first gather contextual clues about a target, then generate persuasive narratives, and finally test variations to maximize click-through rates. The system feeds the AI agent data such as a user’s job title (“HR Manager”), company size, and recent security training history. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. AI-generated phishing emails evade traditional signature-based detection by avoiding malware attachments or suspicious links. For example, JKR exploited Microsoft Teams integration in March 2025 campaigns, urging users to “update credentials via SSO” with 98% grammatical accuracy. The rise of AI-driven phishing coincides with a 4,157% increase in global phishing volume since the advent of ChatGPT in late 2022. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. From 2023 to 2025, AI’s effectiveness relative to humans improved by 55%, marking a paradigm shift in both offensive and defensive cybersecurity strategies. This shift is attributed to advances in large language models (LLMs) that enable dynamic attack customization and iterative refinement through automated feedback loops. The agent operates within Hoxhunt’s proprietary engine, which selects targets and deploys simulations hourly across a global cohort of 2.5 million users.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 07 Apr 2025 16:45:07 +0000