Nik Kale
Nik Kale
Building Intelligent Systems That Operate Themselves Securely
⌘K
Subscribe Sign in
Nik Kale
Enterprise Security

The 1,265% Problem: How ChatGPT Broke Every Phishing Training Program on the Planet

Phishing volumes surged 1,265% after ChatGPT's release. The problem isn't just volume. AI-generated phishing eliminates the grammatical errors that security awareness training taught employees to spot. The detection model is now broken.
The 1,265% Problem: How ChatGPT Broke Every Phishing Training Program on the Planet

For fifteen years, enterprise security awareness training taught employees one simple rule: phishing emails have bad grammar. Misspelled words. Awkward phrasing. A Nigerian prince who cannot conjugate verbs. Spot the errors, delete the email, report to IT. This framework was embedded in compliance programs at virtually every Fortune 500 company.

Then SlashNext published its 2023 State of Phishing Report in October, documenting a 1,265% increase in malicious phishing emails since the launch of ChatGPT in November 2022. The emails were grammatically flawless. Perfectly structured. Indistinguishable from legitimate business communication.

The entire detection framework that enterprises had spent billions building was trained to catch the wrong thing.

The grammar problem nobody saw coming

Enterprise phishing defense has operated on an assumption so fundamental that most security teams never questioned it: attackers produce lower-quality written communication than legitimate senders. This assumption was not unreasonable. For years, phishing campaigns were overwhelmingly conducted by non-native English speakers working at volume. The grammar errors were not intentional; they were a side effect of the attacker’s linguistic limitations. And security training programs turned that side effect into a detection heuristic.

Every major security awareness platform taught employees the same indicators. KnowBe4’s training materials, Proofpoint’s awareness programs, Mimecast’s simulations, all emphasized grammatical errors, unusual formatting, and linguistic awkwardness as primary red flags. This approach worked well enough when the cost of producing a grammatically perfect, contextually appropriate phishing email was 16 hours of a skilled social engineer’s time.

ChatGPT collapsed that cost to five minutes.

Five minutes, five prompts, 11% click rate

Stephanie Carruthers, IBM’s chief people hacker and global head of innovation and delivery for X-Force Red, ran the experiment that quantified the threat. Her team conducted an A/B test with roughly 1,600 employees at a global healthcare company. Half received a phishing email crafted by IBM’s experienced social engineering team. The other half received one generated by ChatGPT.

The human-crafted email took about 16 hours to produce. The team researched the target organization using LinkedIn, Glassdoor reviews, and the company’s blog. They discovered a recent employee wellness program launch, identified the manager responsible, and built a highly personalized message around that context.

The ChatGPT email took five minutes and five prompts.

The results: 14% of employees clicked the human-crafted phishing link11% clicked the AI-generated one. A three-percentage-point gap, statistically significant, but operationally terrifying. The AI got 78% of the way to human-level phishing effectiveness with 0.5% of the time investment.

“I have nearly a decade of social engineering experience, crafted hundreds of phishing emails, and I even found the AI-generated phishing emails to be fairly persuasive,” Carruthers wrote in her analysis. She noted that two of the three organizations originally slated to participate in the study backed out entirely after reviewing both emails; their CISOs were too concerned the emails would trick their employees too successfully.

The math is straightforward. A human social engineer producing one carefully crafted phishing email per two-day cycle can generate perhaps 130 personalized phishing campaigns per year. An attacker with ChatGPT producing comparable emails in five minutes can generate thousands. The quality gap is narrow and closing. The volume gap is enormous and growing.

The 1,265% increase nobody could explain away

SlashNext’s annual report, based on analysis of billions of threats across email, mobile, and browser channels over a 12-month period from Q4 2022 to Q3 2023, found more than the headline number. Alongside the 1,265% increase in overall phishing emails, the report documented a 967% increase in credential phishing attacks specifically. On average, 31,000 phishing attacks were sent daily during the study period, with 68% of all phishing emails classified as text-based business email compromise attacks.

Patrick Harr, CEO of SlashNext, was direct in his assessment: “While there has been some debate about the true influence of generative AI on cybercriminal activity, we know from our research that threat actors are leveraging tools like ChatGPT to help write sophisticated, targeted Business Email Compromises and other phishing messages, and an increase in the volume of these threats of over 1,000% corresponding with the time frame in which ChatGPT was launched is not a coincidence.”

The SlashNext research team also conducted in-depth analysis of cybercriminal behavior on the dark web, particularly around the emergence of what they called “Dark LLMs”, malicious chatbots like WormGPT and FraudGPT specifically designed for crafting phishing emails without the ethical guardrails that OpenAI builds into ChatGPT.

Why “look for bad grammar” was already the wrong training

The uncomfortable truth is that grammar-based detection was always a fragile heuristic. It worked not because it identified phishing but because it correlated with attacker demographics. When most phishing campaigns originated from regions where English was a second language, poor grammar was a useful proxy for malicious intent. ChatGPT did not introduce a new attack technique. It eliminated the demographic limitation that made the old detection method viable.

Mika Aalto, co-founder and CEO of security awareness training firm Hoxhunt, framed the shift in comments to Security Boulevard: “AI lowers the technical barrier to create a convincing profile picture and impeccable text, not to mention code malware. The threat landscape is shifting incredibly fast now with the introduction of AI to the game.”

But Aalto also offered the counterpoint that defenders needed to hear: “The good news is that AI can also be used to defend against sophisticated attacks, and we’ve seen that good training continues to have a protective effect against AI-generated threats.”

The nuance in Aalto’s statement matters. Training still works, but not the training most enterprises were deploying in 2023. The old training said: look for grammar mistakes. The new training needs to say: look for behavioral anomalies. Is this request consistent with how this person normally communicates? Does the urgency make sense in context? Is the sender asking you to bypass a normal process?

The CSO Online experiment that closed the gap

CSO Online reported on the IBM X-Force findings alongside separate research from Abnormal Security showing that 98% of senior cybersecurity stakeholders were concerned about the cybersecurity risks posed by ChatGPT, Google Bard, WormGPT, and similar tools. Their leading concern was exactly what the IBM experiment confirmed: AI could help attackers craft highly specific and personalized email attacks based on publicly available information.

Yet the same survey found that more than half of organizations (53%) were still relying on legacy secure email gateways for email security; tools designed to catch known-bad patterns, not to detect sophisticated social engineering. Nearly 46% lacked confidence that their traditional solutions could detect and block AI-generated attacks.

The gap between awareness and action was vast. Security leaders knew AI-generated phishing was a problem. They kept deploying tools designed for a problem that no longer existed.

What the practitioner sees

I build AI-powered systems for a living. From my perspective, the phishing story is a microcosm of a much larger pattern: enterprises training humans to detect artifacts of an attacker’s limitations, then watching those limitations disappear overnight when the attacker gains access to the same AI tools the enterprise uses.

Grammar errors were never the thing that made phishing emails dangerous. The social engineering, the manipulation of trust, authority, urgency, and context, was always the real weapon. Grammar errors were just a convenient tell that correlated with the attack. When AI eliminated the tell, the attack remained. It just became harder to spot.

This is the pattern that shows up across enterprise security: we build detection around symptoms rather than causes, and then we are surprised when the symptoms change while the causes persist. The attacker’s goal has not changed. Their tooling has. And our detection was calibrated to the tooling, not the goal.

For every CISO reading this, the question is whether your phishing training program teaches employees to spot the attack or to spot the artifacts that used to accompany the attack. If your training slides still feature examples with obvious misspellings and awkward syntax, you are preparing your workforce for a threat that has already evolved past those indicators.

Five things to do before your next phishing simulation

First, rewrite your security awareness curriculum. Remove grammar and spelling from the primary indicator list. Replace them with behavioral indicators: unexpected urgency, requests to bypass standard processes, communication from known contacts using unusual channels or making unusual requests, and links that do not match the stated destination. IBM’s Carruthers recommended specifically that organizations stop training employees to rely on language errors as the primary detection mechanism.

Second, update your phishing simulations to use AI-generated emails. If your red team is still writing phishing tests by hand, your simulations are testing for a threat profile that no longer represents the actual threat landscape. Use large language models to generate simulation emails that are grammatically perfect, contextually appropriate, and personalized to your organization. Measure your click rates against this new baseline.

Third, implement behavioral email analysis. Traditional secure email gateways filter on patterns, domains, and known indicators of compromise. AI-generated phishing emails do not trigger these filters because they contain no patterns that differ from legitimate business email. Behavioral analysis tools that model normal communication patterns and flag deviations, unusual sender-recipient pairs, abnormal request types, changes in writing style, are the detection layer that addresses the new threat.

Fourth, deploy verification protocols for high-risk requests. Any email requesting a financial transaction, credential entry, or access grant should require out-of-band verification. Call the person. Use a different communication channel. Do not trust the email, no matter how perfect the grammar. IBM’s X-Force team specifically recommended that organizations emphasize direct voice confirmation as the primary safeguard against sophisticated phishing.

Fifth, measure what matters. Track your phishing simulation click rates over time, but also track reporting rates. The IBM experiment found that employees reported the AI-generated email as suspicious at a slightly higher rate than the human-generated one; suggesting that some employees detected something off even when they could not articulate what. Build a culture where reporting suspicious emails is celebrated, not penalized.

The fifteen-year assumption that ChatGPT killed

The phishing industry and the phishing defense industry co-evolved for a decade and a half around a single constraint: attackers who could not write well in the target language. Training programs, detection tools, and simulation platforms were all optimized for that constraint. When ChatGPT removed it in November 2022, the entire defense ecosystem was left calibrated for a world that no longer existed.

The 1,265% increase in phishing emails during ChatGPT’s first year was not a temporary spike. It was the new baseline. Five minutes and five prompts can now produce phishing emails that a ten-year veteran social engineer finds “fairly persuasive.” The grammar-based detection era is over.

The enterprises that adapt will retrain their workforce to detect social engineering, the manipulation of trust and authority that has always been the real attack, rather than the linguistic artifacts that used to accompany it. The enterprises that do not adapt will discover what a 1,265% increase feels like when it hits their inbox.

More like this

An AI Agent Just Pwned Trivy, Microsoft, and DataDog in One Week

An AI Agent Just Pwned Trivy, Microsoft, and DataDog in One Week

An autonomous AI agent scanned 47,000+ repositories, identified vulnerable CI/CD configurations, and compromised projects from Microsoft, DataDog, and Aqua Security using five distinct techniques. The only target that survived was defended by another AI agent.
88% of You Have Already Had an AI Agent Security Incident. The Other 12% Probably Don’t Know Yet.

88% of You Have Already Had an AI Agent Security Incident. The Other 12% Probably Don’t Know Yet.

Gravitee surveyed 900+ executives and found 88% reported AI agent security incidents, while 82% believed their policies were adequate. The gap between executive confidence and operational reality is the most dangerous metric in enterprise AI security right now.
The npm Nightmare Just Repeated Itself in AI Agents. It’s Worse This Time.

The npm Nightmare Just Repeated Itself in AI Agents. It’s Worse This Time.

1,184 malicious skills infiltrated ClawHub, the plugin marketplace for the OpenClaw agent framework, reaching 20% of the ecosystem in weeks. Unlike npm packages, agent plugins run with full system permissions. The supply chain playbook broke because the blast radius changed.
AI Security Fundamentals: An Architectural Playbook

AI Security Fundamentals: An Architectural Playbook

An architectural foundation for AI security covering the mechanisms that matter, emerging protocols, and the failure modes that appear when teams focus on the model while ignoring the system.
Palo Alto’s Unit 42 Just Found a Way to Hijack AI Agent Conversations - And Your Users Can’t See It Happening

Palo Alto’s Unit 42 Just Found a Way to Hijack AI Agent Conversations - And Your Users Can’t See It Happening

In November 2025, Palo Alto Networks’ Unit 42 research team published a new attack technique they called “Agent Session Smuggling.” The attack exploits a fundamental property of multi-agent systems: agents remember their recent conversations.
MCP Just Got a New Home at the Linux Foundation - But Its Security Debt Followed It There

MCP Just Got a New Home at the Linux Foundation - But Its Security Debt Followed It There

The protocol arrives at its new home carrying five critical CVEs from its first year, a 36.7% SSRF prevalence rate across its ecosystem, and an authentication architecture that the specification itself had to retroactively mandate.