Phishing that uses context, tone, and timing tailored to the target rather than generic mass messaging. In practice, it reduces obvious red flags and forces defenders to rely on identity, behaviour, and channel correlation instead of message signatures alone.
Expanded Definition
AI-personalised phishing is credential theft or social engineering that uses an attacker’s access to public data, internal context, or prior compromise signals to make the message feel operationally specific. It differs from bulk phishing because the lure is shaped around the target’s role, recent activity, vendor relationships, or workflow timing, which makes simple keyword filtering far less reliable.
Definitions vary across vendors, but in NHI security the key issue is not only the message itself. The real risk is that an AI system can scale research, draft believable variants, and adapt tone faster than a human attacker. That pushes defenders toward identity-aware controls, channel validation, and behavioural correlation rather than relying on the appearance of the email or chat message alone. The NIST Cybersecurity Framework 2.0 is useful here because it frames response around detection, protection, and continuous monitoring rather than message trust.
The most common misapplication is treating AI-personalised phishing as a branding problem, which occurs when teams focus on suspicious wording while ignoring compromised identities and trusted communication paths.
Examples and Use Cases
Implementing detection rigorously often introduces more verification friction, requiring organisations to weigh faster user action against the cost of tighter confirmation steps.
- A finance leader receives a message that references a live invoice thread, a known supplier name, and the timing of quarter-end approvals, making the lure look routine rather than suspicious.
- An engineer gets a chat request that mirrors an internal deployment discussion and uses terminology copied from a public repository or past incident summary.
- A help-desk impersonation attempt uses AI-generated phrasing that matches the victim’s region, role, and ticket language, which defeats generic “urgent request” training.
- A compromise chain begins with a tailored phishing message and ends with stolen API keys or session tokens, echoing the secrets exposure concerns discussed in The State of Secrets in AppSec.
- Attackers use public traces of an organisation’s AI activity or data leaks to increase credibility, a pattern highlighted in the DeepSeek breach research and in guidance from NIST Cybersecurity Framework 2.0.
Why It Matters in NHI Security
AI-personalised phishing matters because NHI environments are built on secrets, tokens, service accounts, delegated access, and automated trust. When a message convincingly references a real system or workflow, the target may bypass normal caution and hand over credentials, approve a malicious action, or expose a token. That is especially dangerous where access is not tied to strong verification of identity, device posture, and purpose.
NHIMG research shows the stakes are not abstract: in The State of Secrets in AppSec, 43% of security professionals expressed concern that AI systems could learn and reproduce sensitive information patterns from codebases. Once AI-generated lures are combined with secret leakage, credential abuse becomes faster and harder to spot. In practice, this term matters most when message-level suspicion fails and defenders must investigate whether a legitimate-looking request was actually a channel, identity, or token compromise.
Organisations typically encounter the operational impact only after a user approves a fraudulent request or exposes a secret, at which point AI-personalised phishing becomes impossible to treat as a simple email problem.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Covers secret exposure and misuse that personalised phishing often targets. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege and access validation reduce damage from stolen credentials. |
| OWASP Agentic AI Top 10 | LLM-06 | Agentic systems can amplify social engineering by generating credible tailored lures. |
Restrict tool access and monitor outputs that could be used to craft convincing phishing.
Related resources from NHI Mgmt Group
- How should security teams handle AI-generated phishing attempts in identity governance?
- Why do AI-driven phishing attacks make passwordless authentication more important?
- How can organisations reduce QR-code phishing in AI-assisted browsing workflows?
- Why do AI-driven phishing attacks still succeed when organisations use modern authentication?
