A finance employee at Arup, the London-based engineering and design firm behind projects like the Sydney Opera House’s structural design, joined a video call with people who looked and sounded exactly like the company’s CFO and senior leadership team. Every face on that call was AI-generated. Every voice was cloned. By the time anyone realised, the business had wired $25 million to fraudsters, and the attackers never had to touch the network to do it. Just a well-briefed employee following an instruction from people who appeared entirely real.
That is the shape of the threat now, and it is why cybersecurity awareness training built around spotting a badly worded email is falling behind. AI has not just made phishing more common. It has removed the tells that training programmes spent a decade drilling into staff.
The numbers behind the shift
Hoxhunt’s 2026 phishing data tracked something remarkable: AI-generated phishing sat under 5% of detected attacks for most of the year, then surged roughly 14-fold in a single month at the end of 2025, jumping to 56% of detected attacks. That was not a slow creep. It was a step change, and it happened fast enough that most training calendars did not have time to react.
IBM’s X-Force research puts a number on why attackers can move that quickly: generative AI has cut the time to write a convincing phishing email from around 16 hours down to roughly five minutes. What used to require a skilled human writer, fluent in the target’s language and industry, now takes a prompt. The FBI’s IC3 unit dedicated its first-ever AI-specific section to this problem in its 2025 report, logging over 22,000 AI-related complaints and close to $900 million in AI-associated losses across all crime categories.
Voice and video attacks are growing even faster than text-based ones. Deepfake incidents grew 680% year-over-year, and voice phishing, calls designed to extract credentials or authorise a payment, increased 442% between 2023 and 2024. A voice can now be cloned from three seconds of audio, according to McAfee’s research. Three seconds is shorter than the average voicemail greeting.
The detection gap is the real problem. Traditional security training teaches people to look for typos, mismatched sender addresses, and generic greetings. None of that applies when the message arrives as a phone call from someone who already knows the target’s name, their manager’s name, and the project they worked on last week. Research on deepfake video detection found that human accuracy at spotting a high-quality deepfake sits at around 24.5%. That is barely better than a coin flip, and it is the exact skill most awareness programmes never test.
This is the same territory we covered in our earlier look at AI-powered phishing and the deepfake threat, and the pattern has only accelerated since.
Why email-only training leaves a blind spot
Most phishing simulation platforms still centre on email. That made sense five years ago, when email carried nearly all the risk. It does not reflect how attacks arrive today.
Attackers are diversifying deliberately. SMS-based phishing now accounts for a meaningful share of all phishing attacks, and callback phishing, where a message directs the victim to ring an attacker-controlled number instead of clicking a link, grew sharply in the final quarter of 2025 because it sidesteps URL scanning entirely. QR code attacks went from a rare novelty to a double-digit share of campaigns within six months. WhatsApp messages, calendar invites, and video conference requests are all now viable delivery channels, and each one bypasses the specific instincts an email-only programme builds.
This matters for a very practical reason: an employee who passes every email-based phishing test your platform runs has never actually been tested on the channel most likely to catch them out. Confidence built on the wrong skill is worse than no confidence at all, because it does not prompt the caution a genuinely unfamiliar situation should.
What effective AI-era awareness training actually covers
A programme built for 2026 needs to do more than swap out email templates for slightly cleverer ones. It needs to change what employees practise.
Voice and video verification, not visual pattern-spotting. Staff need rehearsed responses for a call or video meeting that looks and sounds legitimate but is not. That means practising the moment of hesitation: pausing before authorising anything, and having a scripted, socially comfortable way to say “let me verify this through another channel” without feeling like they are accusing a superior of lying.
Procedural checkpoints that do not depend on human judgement in the moment. The Arup case was not stopped by a sharp-eyed employee. It should have been stopped by a policy: no wire transfer above a defined threshold is authorised on the basis of a call or video alone, full stop, regardless of who appears to be asking. Training has to teach the policy as a hard rule, not a suggestion to use good judgement, because good judgement is exactly what a convincing deepfake is designed to defeat.
Multi-channel simulation, not just inbox simulation. If your simulation platform only sends test emails, extend it. Live AI voice agents can now run realistic vishing simulations that adapt to what the employee says, which gives staff a rehearsed reaction rather than a first-time reaction when the real call comes in.
Recognising AI-written text at the sentence level. Older phishing had grammar mistakes and stiff phrasing that gave it away. AI-written phishing does not. Employees need new signals to watch for: urgency paired with unusual specificity, requests that route around normal approval chains, and any message, however polished, that asks them to act outside a documented process.
AI tool usage inside the business, not just AI attacks against it. Awareness training in 2026 has to cover both directions. Staff pasting client data into public AI chat tools, using unsanctioned AI coding assistants, or feeding sensitive documents into an unmanaged AI platform creates the same kind of exposure as clicking a bad link, just from the inside. A complete programme addresses shadow AI use alongside external AI-driven attacks.
Frequency and reinforcement, not a once-a-year module. KnowBe4’s industry benchmarking found that a baseline phish-prone rate of roughly 33% drops to around 4% after twelve months of consistent training, an 86% reduction. That result comes from sustained, repeated exposure, not a single annual session that gets forgotten by March.
This overlaps with a risk we’ve written about separately: shadow AI use inside organisations, where the exposure comes from staff using unsanctioned AI tools rather than from an external attacker.
The regional picture
UAE organisations carry a specific version of this risk. Dubai’s status as a regional financial and business hub makes it an attractive target for BEC and wire-fraud schemes modelled on cases like Arup’s, and the mix of English and Arabic-language communication, cross-border vendor relationships, and government-adjacent entities creates more surface area for a convincing impersonation than a single-language, single-market business would face. NESA and PDPL compliance obligations also raise the stakes of any breach that starts with a successfully socially engineered employee, since a single compromised credential can turn into a reportable data protection incident.
Boards and CISOs in the region are already responding: Hornetsecurity’s 2026 CISO survey found 77% of security leaders naming AI-generated phishing a serious emerging threat, and that figure lines up with what we see in engagements across the UAE. Concern is high. Programme design has not always caught up.
Measuring whether training is actually working
Click rates on simulated emails are the easiest metric to pull and the least useful one on its own. A programme can post a falling click rate while doing nothing to prepare staff for a vishing call, because the two skills are unrelated. Track reporting behaviour instead of just failure rate: how many staff flag a suspicious message to your security team within minutes versus how many simply delete it and move on. A workforce that reports fast gives your SOC analysts a chance to block a campaign before it spreads. One that stays silent, even if individuals do not click, leaves you blind to what is actually landing in inboxes.
Time-to-report matters as much as time-to-click. Verizon’s DBIR data puts the median time-to-click on a phishing email at roughly 21 seconds, against a median time-to-report of around 28 minutes. That gap is where a real attack does its damage, and it is a gap training can close directly by making the reporting button as familiar as the delete key.
Segment your metrics by role and by channel. A finance team that handles payment approvals needs a different bar than a marketing team that mostly deals with vendor emails. Executives and their assistants, the most common deepfake targets, need voice and video specific drills that most of the wider workforce does not.
Where to start if your current programme is email-only
Audit what your simulation platform actually tests. If it is inbox-only, that is the first gap to close. Map your high-value approval workflows, wire transfers, credential resets, vendor payment changes, and put a hard procedural rule in place for each one that does not rely on recognising a voice or a face. Then rebuild the training calendar around frequency: short, recurring exercises across multiple channels beat a single comprehensive session that fades from memory within weeks.
How iConnect builds this into your security programme
Our security awareness training service designs phishing and social engineering simulations that go beyond email, covering voice, SMS, and the procedural gaps that let deepfake fraud through in the first place. We build the scenarios around what is actually targeting organisations in the UAE right now, not a generic template library, and pair the training with the reporting workflows and follow-up needed to make it stick.
If you want a clear picture of where your current training programme has gaps, particularly around voice, video, and AI-generated social engineering, get in touch with our team for a review of your existing setup and a plan to close the channels it is not covering.