Episode #4
AI might be transforming cybersecurity… but not always in the way vendors want you to believe.
In this episode, Eliot Baker sits down with Hoxhunt CTO and Co-founder Pyry Åvist to expose what’s actually happening at the front lines of the AI-powered phishing threat. No speculation. Just real research, real data, and real implications for your defense strategy.
Together, they unpack how Hoxhunt’s research team built and tested agentic AI spear phishing agents and what happened when those AI-generated attacks went head-to-head with elite human red teamers. The result? A 24% higher failure rate for AI phishing emails, across 50,000+ real-world simulations. This is more than just a stat. It’s a signal: AI threats are getting smarter, faster than most training programs can adapt.
This episode is both a behind-the-scenes look at the largest AI phishing benchmark ever run and a tactical guide for what to do next.
Here’s what you’ll learn in this episode:
- How AI spear phishing attacks crossed a key threshold in spring 2025 and why that changes everything
- Why traditional training templates and static simulations are now a liability
- What “agentic” AI really means and how it’s enabling scalable, personalized phishing at unprecedented speed
- The common weaknesses attackers exploit (and how to pressure-test your own workforce against them)
- How training programs can use AI to fight back, with individualized simulation paths that actually evolve with the threat
Timestamps:
(00:38) Hoxhunt's AI-Powered Approach
(01:13) The Evolution of AI in Phishing
(02:21) AI's Dual Purpose: Good vs. Evil
(04:08) The Rising Cost of Phishing
(05:50) Human vs. AI in Phishing Attacks
(08:45) The Skynet Moment: AI Surpasses Humans
(16:15) The Future of AI in Phishing
(17:55) Conclusion and Final Thoughts
To get future episodes and the latest threats sent straight to your inbox, join the All Things Human Risk Management Newsletter: https://hoxhunt.com/all-things-human-risk
Resources:
- Our research on AI phishing vs human red teams: https://hoxhunt.com/blog/ai-powered-phishing-vs-humans
- A breakdown of the current threat posed by AI attacks: https://hoxhunt.com/blog/ai-phishing-attacks
Host links:
Eliot Baker: https://www.linkedin.com/in/eliotebaker/
Pyry Åvist: https://www.linkedin.com/in/pyryavist/
****
All Things Human Risk Management is a Hoxhunt Original Podcast.
Hoxhunt is the Human Risk Management platform that goes beyond security awareness to drive behavior change and measurably lower risk.
Data breaches start with people, so Hoxhunt does too. It combines AI and behavioral science to create individualized micro-training experiences people love.
Hoxhunt works with leading global companies such as Airbus, IGT, DocuSign, Nokia, AES, Avanade, and Kärcher and partners with leading global cybersecurity companies such as Microsoft and Deloitte.