The latest report from Unit 42, the threat intelligence division of Palo Alto Networks, reveals that corporate phishing is reaching unprecedented levels of sophistication and speed thanks to the widespread adoption of generative artificial intelligence (GenAI). Tools initially created for writing content, building websites, or deploying chatbots are now being repurposed by malicious actors to clone brand identities, craft persuasive messages, and deploy large-scale campaigns in very little time.
The analysis also highlights that, between April 2024 and April 2025, traffic to GenAI platforms has shown steady growth, with usage peaks in September 2024 and March 2025. Simultaneously, the number of sites incorporating AI services has increased, which expands the digital ecosystem and multiplies the risks of exposure to attacks.
Who Uses GenAI and for What
In the corporate sphere, the report indicates that the technology sector leads adoption of these solutions with a 74% usage, owing to its natural fit with innovation. However, its use is beginning to expand into education (9.1%), telecommunications (5.6%), and professional and legal services (3.1%), broadening the range of sectors potentially vulnerable to phishing attacks that previously had lower exposure.
Regarding the most common applications, the study emphasizes that writing assistants (31.8%) and multimedia generators (24.5%) are the leading-demanded tools, followed by data and workflow automation (15.8%) and chatbots (13.2%).
While generative AI boosts productivity and creativity, it also introduces risks that cybercriminals are already exploiting. For example, programming assistants can expose sensitive data, text generators enable the creation of more convincing phishing messages, model services leave critical information accessible, and automation and multimedia tools can be used to craft fake websites or leak data.
Unit 42’s report concludes that the most used tools in phishing campaigns are website generators (40.4%), followed by writing assistants (29.6%), chatbots (10.5%), and multimedia generators (8.4%), which explains the speed and high realism of current attacks.
Key Strategies to Counter Phishing Risks
In response to these rising threats, Palo Alto Networks recommends that organizations strengthen their defenses by combining technology, processes, and awareness:
- Advanced URL and DNS filtering, capable of identifying malicious domains and IP addresses in real time.
- Monitoring GenAI platform usage within corporate environments to detect unauthorized access or misuse.
- Training and awareness programs to prepare employees to recognize more sophisticated phishing messages.
- Rapid response plans, supported by specialized teams, to contain and mitigate attacks in their early stages.
- Access and privilege management based on the principle of least privilege, reducing exposure of sensitive information during an attack.
- Periodic security assessments and penetration testing to identify vulnerabilities in processes and applications.
- Clear policies on AI usage in the company, defining which tools are authorized and how they should be used securely.
Shared intelligence and sector collaboration, such as that promoted by the Cyber Threat Alliance (CTA), to collectively anticipate emerging campaigns.