AI boosts phishing “conversion” 4.5-fold, Microsoft data shows

Cybercriminals using artificial intelligence (AI) have dramatically increased the effectiveness of phishing attacks, Microsoft reveals in its annual digital security report covering the 2025 fiscal year (July 2024–June 2025).

AI-generated phishing emails prompted 54% of recipients to click on malicious links or download harmful files — a 4.5-fold increase compared to the 12% “conversion” rate for traditional, non-AI phishing campaigns, Caliber.Az reports.

Microsoft explains that AI allows attackers to tailor the content of phishing emails to individual victims, creating more convincing lures. The technology also enhances the efficiency of attacks by simplifying vulnerability discovery, enabling large-scale exploitation, supporting reconnaissance, and aiding in malware development. Attackers are now capable of faking voices and producing deepfake videos to further manipulate targets.

This enormous return on investment will likely encourage cybercriminals who have not yet adopted AI to incorporate it into their operations, the report notes.

The study also highlights a significant rise in state-backed cyber operations using AI. In July 2023, Microsoft recorded no AI-generated content from state-affiliated groups; by July 2024, that figure had risen to 50, climbing to 125 in January 2025 and 225 by July 2025.

By Vugar Khalilov