DNACyber
Security
Back to Blog
Red Team2026-02-208 min

AI Social Engineering: When LLMs Create Personalized Phishing

Analysis of how AI upgrades social engineering attacks and how enterprises defend against AI-personalized phishing.

D
DNA Research Team
Research Team, DNA Cyber Security

Social engineering has always been the most effective attack vector - and AI is making it exponentially more powerful. LLMs can create personalized phishing emails at scale, deepfake voice/video for vishing attacks, and OSINT-driven pretexting that humans struggle to distinguish.

AI-Generated Spear Phishing

LLMs can analyze LinkedIn profiles, social media posts, and public information to create extremely convincing spear phishing emails. Emails are written in the impersonated sender's communication style, reference real projects, and use the organization's internal language.

python
# AI Phishing Simulation - DNA Red Team
# OSINT-driven email generation for testing

osint_profile = {
    "target": "CFO",
    "interests": ["golf", "fintech"],
    "recent_posts": ["Excited about Q1 results"],
    "colleagues": ["CEO John", "CTO Sarah"],
    "company_events": ["Annual retreat Mar 15"]
}

# AI generates contextually relevant email
# referencing real events and relationships
# for authorized phishing simulation only

Deepfake Voice and Video

Deepfake technology allows creating voice clones from just a few minutes of sample audio. In red team engagements, DNA has demonstrated that deepfake voice calls (vishing) have a success rate 3x higher than traditional email phishing.

OSINT-Driven Personalization

  • LinkedIn scraping: Gathering information about role, projects, connections, and interests
  • Social media analysis: Analyzing writing style, topics of interest, and activity timing
  • Company intelligence: Discovering events, press releases, and leaked internal communications
  • Dark web monitoring: Checking for previously leaked credentials and information

Defending Against AI Social Engineering

DNA recommends a defense-in-depth approach: security awareness training updated for AI threats, mandatory multi-factor authentication, verification procedures for sensitive requests, and AI-powered email filtering capable of detecting AI-generated content.

shield DNA provides AI Phishing Simulation services - using the same techniques real attackers employ to test employee awareness and improve defenses.

When AI can write better emails than 90% of employees, the only defense is verification processes - never trust email content when it involves sensitive actions.

#Social Engineering#Phishing#LLM#Deepfake#OSINT

Related Posts

Red Team

AI-Powered Red Team Operations: Simulating Modern APT Groups

How DNA uses AI to simulate APT groups with high fidelity - from initial access to data exfiltration with MITRE ATT&CK mapping.

2026-03-01
Red Team

Using OpenClaw as a Red Team Tool: Opportunities and Risks

Analyzing OpenClaw's potential as an offensive security tool - from automation to custom skill creation, with ethical considerations.

2026-02-12
Red Team

AI Evasion: Bypassing EDR/XDR with AI-Generated Payloads

Analysis of AI-powered evasion techniques: from polymorphic code generation to AI-assisted obfuscation bypassing modern EDR/XDR.

2026-01-30

Ready for Human + AI Security?

Experience next-gen Penetration Testing — where 15+ year experts combine cutting-edge AI to protect your business.

Contact us now