TL;DR AI is being used to generate phishing pages in real time — personalised to each victim, with no fixed malicious code to detect. Traditional "spot the bad email" advice isn't enough anymore. Email filtering stops convincing lures from reaching the inbox; DNS filtering blocks malicious connections before pages load; MDR catches the consequences if something still gets through. Layered protection is the only reliable answer.
____________________________
Here's a question worth thinking about: if phishing emails are designed to fool people, why have so many of them looked so obviously fake?
For a long time, it came down to volume. The same email, blasted to tens of thousands of inboxes, hoping to catch a handful of people on a bad day. Sloppy spelling, mismatched logos, generic urgency — it didn't matter much when the numbers were on the attacker's side.
That model isn't going away. But it's evolving, and the direction it's heading concerns us.
When AI meets phishing
Generative AI changed a lot of conversations in 2023. One idea that got airtime was "dynamic websites" — pages assembled on the fly, tailored to who you are, where you're browsing from, what device you're on. It was compelling in theory. In practice, it never became a mainstream tool for legitimate businesses. Too complex, rarely worth the effort.
Cyber criminals have lower standards. They don't need elegant. They need convincing.
Security researchers have now demonstrated how AI can be weaponised for exactly this purpose. The attack works something like this: a victim clicks a link and lands on a page that looks perfectly harmless — no red flags, no obvious malicious code. Once it loads, the page quietly calls a legitimate AI service to generate content in real time. That content assembles itself directly in the user's browser.
The result? A phishing page built specifically for that visitor, at that moment. The wording, layout, even the underlying code can be different every time. There's no single fake site for security systems to detect and block, because the scam doesn't fully exist until someone opens it.
Where things stand right now
We want to be clear: this isn't yet a widespread threat. But the building blocks are already in active use. AI is being used to write convincing malicious code. Malware is increasingly assembled as it executes. AI-assisted social engineering — more convincing emails, better-crafted pretexts — is something we're already seeing in the wild.
For the businesses we work with across Chester, Wrexham, North Wales and the wider North West, this matters. Many of them have been with us for years precisely because they want IT support from people who take these things seriously before they become a crisis.
What this means for your defences
The old advice — "just don't click dodgy links" — was always an incomplete answer. Now it's even less sufficient.
The next wave of phishing won't announce itself with bad grammar or obvious formatting errors. It may look polished, personalised, and entirely professional. That's a deliberate design choice by the people building these tools.
Modern security thinking has shifted accordingly. The focus now is less on hoping everyone spots the mistake, and more on limiting the damage when someone inevitably doesn't.
How DNS filtering, Email filtering and MDR change the equation
Three controls in particular are worth highlighting in the context of AI-generated phishing.
DNS filtering works at the point where your device tries to connect to a website. Before a page even loads, your DNS filter checks the destination against known threat intelligence and category-based rules. With dynamically generated phishing pages, there may be no malicious code to detect on the page itself — but the domain still has to resolve. A well-configured DNS filter can block that connection before the AI-assembled content ever reaches the browser. It's protection that sits upstream of the threat, which is exactly where you want it.
Email filtering addresses the most common delivery method for phishing attacks — the inbox. Modern email filtering goes well beyond blocking known spam. It analyses message structure, sender reputation, link destinations, and attachment behaviour to catch threats that look legitimate on the surface. As AI makes phishing emails more convincing — better grammar, credible context, personalised detail — the filtering layer becomes more important, not less. A well-tuned email security platform can intercept an AI-crafted lure before it ever reaches your staff, removing the human decision point entirely.
Managed Detection and Response (MDR) covers what happens if something does get through. Where traditional antivirus waits to recognise a known threat, MDR combines continuous monitoring with human-led threat hunting — looking for behavioural indicators rather than signatures. An AI-generated phishing page may look different every time, but the activity it triggers — credential harvesting attempts, unusual outbound connections, lateral movement — follows patterns that experienced analysts can identify and shut down fast. The service we deliver through our MDR platform means that if a threat lands in your environment, there's a team actively watching for it around the clock, not just software waiting to be told what to look for.
Together, these three controls address the most important questions in modern phishing defence: can we stop the malicious email reaching the inbox, can we block the connection before the page loads, and if something still gets through, can we catch the consequences before they become a crisis?
Layered protection for a smarter threat
Multi-factor authentication, endpoint protection, email filtering, and secure browsing tools all remain effective — even when a fake page looks legitimate. None of these controls is foolproof in isolation. That's why layered defence matters: the assumption isn't that everything will be stopped at the perimeter, but that multiple controls working together will contain the damage when something gets through.
The threat is getting smarter. Your protection needs to keep pace.
Want to know how exposed your business is?
We work with businesses to assess their real-world exposure — not just ticking compliance boxes, but understanding what would actually happen if someone clicked the wrong thing tomorrow. Get in touch and let's have that conversation - You can contact us for a call back, book an appointment for a quick Microsoft Teams meeting or simply call us on 01244 535527.