Zscaler ThreatLabz Uncovers Surge in AI-Driven Cyberattacks on Business Operations.
Zscaler, a global leader in cloud security, has released its 2025 ThreatLabz Phishing Report, revealing a major shift in cybercriminal tactics. The report highlights a dramatic surge in AI-driven cyberattacks, with threat actors increasingly targeting critical business departments like IT, HR, payroll, and finance.
While overall phishing attempts have declined—down 20% globally and nearly 32% in the United States—this reduction in volume masks a growing trend of highly targeted, AI-powered attacks. These modern campaigns leverage generative AI to craft more believable phishing messages, deepfake content, and impersonations of trusted sources. Rather than cast a wide net, cybercriminals are focusing on precision strikes that cause maximum operational disruption.
AI in the Hands of Cybercriminals
ThreatLabz researchers have found that attackers are now using generative AI to produce fake emails, support messages, and even audio impersonations. These tactics are particularly dangerous for organisations without strong verification protocols and Zero Trust policies in place. AI-generated phishing content is becoming indistinguishable from legitimate communication, making traditional detection methods increasingly ineffective.
One emerging tactic is the impersonation of AI tools and assistants. Cybercriminals use fake interfaces and chatbot-like messaging to trick users into surrendering credentials, downloading malware, or entering payment information. This trend has become especially common on platforms like Telegram, Steam, and Facebook.
Notable Trends in 2024 Cyberattacks
In 2024 alone, over 159 million tech support scams were recorded. These scams often lure victims through fake pop-ups and social media messages, pushing them to interact with malicious chatbots or call centers. Zscaler also saw a rise in job scams that target individuals by offering fake employment opportunities to extract personal and financial data.
Although phishing volume dropped overall, the attacks that did occur were more dangerous and effective due to their AI-driven nature. Instead of using generic bait, threat actors are crafting content that speaks directly to the recipient’s job role, responsibilities, and recent online activity.
Why Zero Trust and AI-Led Defenses Matter
Zscaler strongly advises organisations to move toward Zero Trust Network Access (ZTNA) architectures, which reduce the attack surface by verifying users, devices, and apps continuously—rather than assuming trust based on location or credentials. AI-led threat detection and response can help neutralize modern phishing techniques by identifying behavioural anomalies and flagging synthetic content in real-time.
Traditional perimeter-based security models are no longer enough. Businesses that fail to implement adaptive, context-aware defenses are likely to suffer increased data loss, insider threats, and operational outages due to the evolving sophistication of AI-powered attacks.
We Must Evolve at Pace
The findings in Zscaler’s ThreatLabz 2025 Phishing Report are a stark reminder that cybersecurity must evolve alongside cybercrime. Although phishing volumes may be decreasing, the effectiveness of attacks is climbing rapidly, thanks to tools powered by generative AI.
Organisations in every sector—particularly those with high-value departments such as finance and HR—should reassess their security posture, prioritise Zero Trust frameworks, and invest in AI-driven protection tools.
To learn more about the evolving threat landscape and explore defensive strategies, the full ThreatLabz report is available on Zscaler’s website.
