At 2:14 a.m. on March 15, a mid-sized logistics company in Ohio received an email that looked exactly like every other internal request from its chief financial officer. The grammar was perfect. The signature block was correct. The tone was urgent but not panicked, which matched the CFO’s known writing style.

Within 90 minutes, the company had lost control of its entire customer database. The attackers demanded $4.7 million in cryptocurrency.

The only thing unusual about this breach was how it began: the email was written by artificial intelligence, trained on three years of the CFO’s real emails scraped from a previous third-party data leak.

“We are witnessing a fundamental shift,” said John Hultquist, chief analyst for Mandiant’s threat intelligence team at Google Cloud. “AI has democratized sophisticated cyberattacks. You no longer need a nation-state budget or fluent English. You just need access to a large language model.”

According to a report released last week by Google’s Mandiant, AI-generated phishing emails now account for nearly 35% of all credential-harvesting attacks, up from less than 1% two years ago. The same report found that these AI-crafted messages have click rates nearly three times higher than traditional phishing attempts.

For decades, cybersecurity experts told businesses to train employees to spot the telltale signs of a phishing email: awkward phrasing, unusual capitalization, or generic greetings like “Dear Customer.” Generative AI has systematically eliminated those red flags.

“The old advice is dead,” said Rachel Tobac, CEO of SocialProof Security and a white-hat social engineer who has legally broken into dozens of companies. “We cannot tell people to ‘look for bad grammar’ anymore. The grammar is flawless. The personalization is eerie. Your brain’s built-in defense system no longer works.”

The problem extends far beyond email. Cybersecurity firm Sophos reported in its 2025 Active Adversary Report that AI-powered “living off the land” attacks, where malware disguises itself as legitimate system tools, have doubled in the past year. These attacks adapt in real time, rewriting their own code to avoid detection by traditional antivirus software.

“Defenders are used to playing chess,” said Chester Wisniewski, global field CTO at Sophos. “Now the attacker is playing three-dimensional chess while we’re still setting up the board. The speed differential is what keeps me up at night.”

The numbers support his concern. The average “breakout time,” how long it takes an attacker to move from an initial compromised device to the rest of the network, has fallen to just 62 minutes, according to CrowdStrike’s 2025 Global Threat Report. In cases where attackers used AI-assisted tooling, the time dropped to under 20 minutes.

Not all the news is grim. The same AI technology is being deployed on the defensive side. Microsoft’s Security Copilot and Google’s Sec-PaLM 2 now help human analysts triage thousands of security alerts per hour, reducing false positives by an estimated 70% according to internal company testing. Startups like DropZone AI and Torq are building autonomous incident-response agents that can contain a breach before a human analyst finishes their morning coffee.

“AI is a tool, not a side,” said Heather Adkins, vice president of security engineering at Google, in a recent interview. “The adversary will use it. The defender will use it. The outcome depends entirely on who uses it better, and who has better data.”

But regulators and lawmakers are growing alarmed. In February, a bipartisan group of U.S. senators introduced the “Protecting Cybersecurity from AI Exploitation Act,” which would criminalize the use of generative AI to create malicious code or phishing content. The bill remains in committee.

Meanwhile, the private sector is not waiting. Major cybersecurity firms, including CrowdStrike, Palo Alto Networks, and Fortinet, have all announced AI-detection layers in their flagship products over the past six months. But experts warn that detection alone is not enough.

“We are asking defenders to run faster than Usain Bolt while the attacker is handed a motorcycle,” said Tobac. “The asymmetry has never been worse.”

For the Ohio logistics company that lost $4.7 million last month, the aftermath has been brutal. The company, which asked not to be named due to ongoing negotiations with insurers, has laid off 12 percent of its staff to cover breach-related costs. The AI that wrote the initial email has never been identified or traced.

“This is the new normal,” said Mandiant’s Hultquist. “We used to worry about sophisticated hackers in basements. Now we have to worry about anyone with a ChatGPT account and malicious intent. The barrier to entry for cybercrime just hit the floor.”