THE ARROW

AI-Powered Attacks

Issue #02 • May 2026 • Published by SKADI Cyber Defense

01

THE TRAJECTORY

In Issue #01, we identified AI-powered attacks as the defining threat of 2026 — because the data demanded it. 94% of cybersecurity leaders named AI the single greatest driver of cyber change this year (World Economic Forum, Global Cybersecurity Outlook 2026). Criminals and state-linked actors are already using it against organizations like yours.

The shift is not just about speed. Attackers are using AI to remove the skill and effort that previously limited what they could do. That changes everything about how threats need to be caught.

— The SKADI Signal Editorial Team

02

THREE NUMBERS

80%

of phishing campaigns now use AI-generated content.

Source: ENISA Threat Landscape 2025

37%

rise in AI-assisted business email fraud logged in 2025.

Source: FBI IC3 Report 2025

72%

increase in AI-assisted cyberattacks across industries in 2025.

Source: Multi-source aggregate

For Canadian organizations: In June 2025, the Canadian Centre for Cyber Security and the Canadian Anti-Fraud Centre issued a joint advisory warning of threat actors using AI-generated voice messages and deepfake impersonations to target Canadians directly.

03

HOW AI CHANGED THE THREAT

Area 01 Phishing, Now at a Whole New Volume

Phishing is the most common way attackers get in — roughly 60% of all incidents start there. What's changed is how easy it now is to do it convincingly and broadly. Generative AI removes the skill barrier entirely. Attacks can now be drafted, personalized, and sent out widely with almost no human involvement — and they read like they came from someone who knows you. Beyond email: voice phishing using AI-cloned voices surged over 1,600% in a single quarter in early 2025.

Area 02 Malware That Builds Itself

AI isn't just making criminals better communicators — it's helping them build better attack tools. Purpose-built malicious AI systems with no safety guardrails have emerged, designed to automate fraud and generate malware. Researchers have also documented a rise in fake AI tool websites that deliver ransomware to anyone who downloads them — a simple but effective trap for employees searching for productivity software.

Area 03 Faster Targeting

Before launching an attack, criminals profile their targets. AI has made this dramatically faster — mapping your organization, identifying key people, and building a shortlist of entry points in a fraction of the time it once took.

The WEF's 2026 report warns of AI agents now capable of planning and running attacks with minimal human involvement. The practical implication: the time between an attacker choosing you and being inside your systems is shrinking.

04

WHAT TO WATCH FOR

You don't need to be a security expert to spot the signs. These are the patterns worth knowing:

→	Flawless emails asking for something unusual Poor grammar used to be a reliable red flag. AI-generated messages no longer have that tell. If a request feels off — even if it reads perfectly — verify it through a separate channel before acting.

→	Voice or video requests involving money or access AI-cloned voices and deepfake video of executives are being used in real attacks right now. Any request to transfer funds or grant system access should be confirmed through a second contact method, no exceptions.

→	Staff downloading AI tools from unfamiliar sites Fake AI productivity tool websites are an active distribution method for ransomware. If your team is hunting for AI tools, that search needs guardrails.

→	Unusual activity shortly after someone clicks a link or opens a file AI-assisted attacks move faster once they're in. Catching something in the first minutes matters more than it used to.

→	Impersonation attempts involving executives or finance Business email fraud is up 37% year over year. These attempts are happening to organizations of every size. Assume they're coming, and make sure your financial approval processes can't be bypassed by a convincing email alone.

05

THE BIGGER PICTURE

Awareness is improving. The WEF found that 64% of organizations now have some process for reviewing AI security — nearly double the figure from 2025. But roughly one third still have nothing in place, and 87% agree that AI-related threats grew faster than any other risk category last year.

The gap between knowing the threat exists and being equipped to handle it is where most organizations currently sit. The good news: closing that gap doesn't require building a large security team or overhauling your systems. It requires the right defence already working in the background.

06

WE HAVE YOUR BACK

AI-generated phishing, voice impersonation, malware that writes itself — these threats move fast and are designed to look legitimate. That's exactly what Frostbow™ was built for.

Rather than waiting to recognize a known threat, Frostbow™ learns what normal looks like in your environment and flags anything that deviates — automatically, around the clock, at machine speed. When something suspicious happens, it doesn't wait for a human to notice. It acts.

You don't need to wonder whether your defences are keeping up with AI-powered attacks. If you're a SKADI client, they already are.

Next issue: Ransomware Evolution — how the business model has shifted and what it means for organizations that thought they weren't a target.

Have a question about anything in the report? Reply to this email — we read every reply and respond personally.