AI security breaches are no longer mere fictional tales; they're becoming a reality.
In a concerning development, the use of generative AI in social engineering attacks has significantly increased the scale, sophistication, and success rate of data breaches globally, according to a recent report by IBM.
The report reveals that about 16% of recent data breaches involved AI usage by attackers, primarily for AI-generated phishing (37%) and deepfake impersonation attacks (35%). This shift has reduced the time to craft convincing phishing emails from 16 hours to about 5 minutes, enabling attackers to launch polymorphic (varied) campaigns rapidly and evade traditional defenses.
The automation and scalability driven by generative AI have created a "golden age of scammers," where a few prompts produce thousands of unique, credible phishing messages. This has enabled mass-targeted attacks and increased credential theft, often leading to chained breaches that amplify the overall impact and cost.
AI-powered social engineering leads to higher data exposure rates, with social engineering attacks causing sensitive data exposure in 60% of cases, which is 16 percentage points higher than non-social engineering methods. Business Email Compromise (BEC), a form of social engineering, shows particularly high rates of data leakage.
The economic impact is evident in a significant surge in cyberattacks, including a 126% increase in ransomware in early 2025, linked to AI-enhanced criminal tactics combining phishing, deepfakes, and extortion in a low-barrier ecosystem.
The report also notes that a lack of governance and oversight was a significant factor in these AI breaches, with only 3% of affected organizations having proper AI access controls. Cyber criminals are using generative AI as a new tool in their attacks, with one-in-six breaches in the past year involving AI.
The cost of a data breach varies significantly across regions. For instance, organizations in the Middle East faced an average cost of $7.29 million for a data breach, down from $8.57 million in 2024. However, the cost of a data breach in the US increased by almost $1 million, bringing the average cost from $9.36 million to $10.22 million in 2025. On the other hand, Brazil had an average data breach cost of $1.22 million, a fall of $140,000 from $1.36 million in 2024. Meanwhile, Benelux and Canada experienced a rise in data breach costs, going from $5.90 million to $6.24 million and $4.66 million to $4.84 million respectively.
In conclusion, the use of generative AI in social engineering attacks has transformed them into a more efficient, scalable, and damaging attack vector. This development increases the frequency and severity of data breaches globally, which translates into higher remediation costs, legal liabilities, and brand damage for targeted organizations. Organizations must prioritize AI security and governance to stay ahead of these evolving threats.
Sources: [1] IBM Security [2] Forbes [3] Cybersecurity Dive [4] Help Net Security [5] Dark Reading
- The surge in cyberattacks, including a 126% increase in ransomware, is linked to the use of AI-enhanced criminal tactics in social engineering, as revealed in a report by IBM Security.
- AI-powered social engineering leads to higher data exposure rates, with social engineering attacks causing sensitive data exposure in 60% of cases, as indicated by the report by IBM Security.
- In light of the increased efficiency and damage caused by generative AI in social engineering attacks, organizations must prioritize AI security and governance to stay ahead of these evolving threats, as concluded in the report by IBM Security.
- This transformation of social engineering attacks by generative AI has significant consequences for both business-related sectors such as finance and personal-finance, as well as for wealth-management, demonstrating the importance of data-and-cloud-computing security and technology in today's digital world.
