AI vs Human Endeavors in Phishing: An Examination of the IBM X-Force Research on Cybersecurity Threats

Phishing, a technique employed by threat actors to deceive individuals into divulging sensitive information, remains the primary infection vector for cybersecurity incidents. IBM X-Force undertook a groundbreaking research project led by Chief People Hacker Stephanie “Snow” Carruthers, exploring the efficiency of human-written phishing emails compared to those generated by AI language models. Their findings shed light on the factors contributing to the success of human-written emails, the looming threat of AI tools, and offer recommendations to counter the growing influence of generative AI in cybercrime.

The research project by IBM X-Force, under the guidance of Stephanie Carruthers, aimed to examine the effectiveness of human-written and AI-generated phishing emails. Carruthers sought to ascertain whether AI-based approaches could outperform the human touch in deceiving recipients.

Click Rates of Human-Written vs. AI-Generated Phishing Emails

Analyzing the data, Carruthers discovered that human-written phishing emails exhibited a 3% higher click rate compared to their AI-generated counterparts. Delving deeper, it was revealed that the AI-generated emails garnered an 11% click rate, while human-written emails proved slightly more successful at 14%.

Factors Contributing to the Success of Human-Written Emails

The researchers attribute the success of human-written emails to their ability to appeal to human emotional intelligence. These emails were crafted carefully, exploiting psychological triggers and persuading recipients to take action. Furthermore, the selection of a specific program within the organization, instead of employing vague or generic topics, allowed the human-written emails to appear more authentic and relevant.

Threat of AI Tools for Phishing

The emergence of tools such as WormGPT, an industrial variant of ChatGPT, raises concerns over the potential for AI models to bypass ethical guardrails and facilitate sophisticated phishing attacks. These unrestrained AI versions offer a streamlined approach for attackers to scale their operations, intensifying the threat faced by organizations and individuals.

Phishing as the Common Infection Vector

IBM’s 2023 Threat Intelligence Index substantiates that phishing remains the most prevalent infection vector for cybersecurity incidents. With the continued evolution of AI and its integration in cybercrime, the significance of tackling phishing attacks becomes increasingly crucial.

Potential Use of Generative AI for Attackers

Carruthers highlights the possibility of generative AI augmenting open-source intelligence analysis for attackers. Though not explored in the research project, the growing sophistication of generative AI models may provide cybercriminals with advanced tools to orchestrate more efficient and targeted phishing campaigns.

As the research conducted by IBM X-Force reveals, human-written phishing emails still exhibit a superior success rate compared to their AI-generated counterparts. The ability to target emotional intelligence and adopt a personalized approach remains a fundamental advantage. However, as generative AI continues to advance, the threat landscape evolves, necessitating a holistic and collaborative approach to cybersecurity. Adapting preventive measures, enhancing employee training, and remaining vigilant against the capabilities of generative AI are crucial for organizations to protect themselves from the ever-growing peril of phishing attacks.

Explore more

Can AI Redefine C-Suite Leadership with Digital Avatars?

I’m thrilled to sit down with Ling-Yi Tsai, a renowned HRTech expert with decades of experience in leveraging technology to drive organizational change. Ling-Yi specializes in HR analytics and the integration of cutting-edge tools across recruitment, onboarding, and talent management. Today, we’re diving into a groundbreaking development in the AI space: the creation of an AI avatar of a CEO,

Cash App Pools Feature – Review

Imagine planning a group vacation with friends, only to face the hassle of tracking who paid for what, chasing down contributions, and dealing with multiple payment apps. This common frustration in managing shared expenses highlights a growing need for seamless, inclusive financial tools in today’s digital landscape. Cash App, a prominent player in the peer-to-peer payment space, has introduced its

Scowtt AI Customer Acquisition – Review

In an era where businesses grapple with the challenge of turning vast amounts of data into actionable revenue, the role of AI in customer acquisition has never been more critical. Imagine a platform that not only deciphers complex first-party data but also transforms it into predictable conversions with minimal human intervention. Scowtt, an AI-native customer acquisition tool, emerges as a

Hightouch Secures Funding to Revolutionize AI Marketing

Imagine a world where every marketing campaign speaks directly to an individual customer, adapting in real time to their preferences, behaviors, and needs, with outcomes so precise that engagement rates soar beyond traditional benchmarks. This is no longer a distant dream but a tangible reality being shaped by advancements in AI-driven marketing technology. Hightouch, a trailblazer in data and AI

How Does Collibra’s Acquisition Boost Data Governance?

In an era where data underpins every strategic decision, enterprises grapple with a staggering reality: nearly 90% of their data remains unstructured, locked away as untapped potential in emails, videos, and documents, often dubbed “dark data.” This vast reservoir holds critical insights that could redefine competitive edges, yet its complexity has long hindered effective governance, making Collibra’s recent acquisition of