A 4-Part Executive Cybersecurity Series for Business Leaders - PART 3

AI-Powered Attacks and the Rise of Mobile Social Engineering

Source: Verizon Data Breach Investigations Report (DBIR) 2026

Artificial Intelligence is no longer a future cybersecurity concern.

It has already become part of the modern attack lifecycle.

The Verizon 2026 DBIR provides some of the clearest evidence yet that threat actors are actively leveraging AI to improve efficiency, scale, and targeting.

Cybercriminals Are Using AI Today

The report found that threat actors are using Generative AI throughout multiple attack stages, including:

  • Target research

  • Initial access

  • Malware development

  • Tool creation

  • Vulnerability discovery

The median malicious actor studied used AI assistance across approximately 15 attack techniques. Some used AI for 40–50 techniques.

This isn't experimental anymore.

It's operational.

AI Is Making Attackers Faster, Not Necessarily Smarter

One important DBIR conclusion stands out.

AI is not yet creating entirely new attack methods.

Instead, it is helping attackers automate techniques they already use successfully.

Think of AI as an efficiency multiplier.

Cybercriminals can now:

  • Write phishing content faster

  • Generate malware variations

  • Research targets more efficiently

  • Scale operations with fewer resources

The Human Element Remains the Weakest Link

Despite all the discussion around AI, people remain central to breaches.

The report found that:

62% of breaches involved a human element.

That number has remained consistently high.

Mobile Attacks Are More Effective Than Email

One of the most interesting findings involves social engineering.

According to Verizon:

Mobile-centric attacks achieve click rates approximately 40% higher than email-based attacks.

Attackers increasingly use:

  • Voice calls

  • SMS messages

  • Mobile notifications

  • Impersonation tactics

  • Pretexting scenarios

The goal is to catch users distracted and away from traditional security controls.

Why Pretexting Is Growing

Pretexting involves creating a believable scenario to convince a victim to take action.

Examples include:

  • Fake IT support calls

  • Vendor impersonation

  • Executive impersonation

  • MFA reset requests

The DBIR notes that pretexting is increasingly appearing in ransomware attacks and extortion campaigns.

Executive Takeaways

Expand Security Awareness Beyond Email

Train employees on voice, SMS, and mobile-based attacks.

Verify High-Risk Requests

Require validation for credential resets and financial transactions.

Monitor Emerging AI Risks

Expect attackers to become faster and more convincing.

Focus on Human-Centered Security

Technology alone will not solve social engineering.

Final Thought

AI may be changing how attacks happen.

Human trust is still why attacks succeed.

In Part 4, we'll explore Shadow AI, insider risk, and the cybersecurity strategies organizations must adopt moving forward.

Ready to see where your company defenses stand?

👉 Request your customized cyber vulnerability report today and stay ahead of threats.
👉 Gain insights into your unique cybersecurity vulnerabilities with a custom report.
👉 Train your team to be your first line of defense

📞 Schedule a call today or 📧 contact us for a consultation.