Back to blog

Social Engineering vs. Technical Exploits: The AI-Driven Shift in 2026

Research

Research

Written by

Brightside Team

Published on

Pull the four most current threat reports off the shelf and they contradict each other within the first page. Verizon's 2026 Data Breach Investigations Report says vulnerability exploitation is now the top way attackers get in. Mandiant's M-Trends 2026 agrees, and adds that voice phishing has quietly overtaken email as the second most common route. ENISA's 2025 Threat Landscape, drawn from European incident data, says phishing is still comfortably in front. Cisco Talos' first-quarter 2026 numbers show AI-powered phishing snapping back into the lead, just as the exploit share started to shrink.

All four reports can be right at once, because they're measuring a moving target. The initial access mix hasn't settled into a new steady state where one vector wins for good. It's oscillating faster than it used to, because AI has cut the cost of running both social engineering and technical exploitation at the same time. Attackers are pricing out whichever lane is cheapest this quarter, and that price keeps changing.

What the 2026 numbers actually say, side by side

Start with the reports themselves rather than a single averaged claim, because the disagreement between them is informative.

Verizon's 2026 DBIR reports that exploitation of vulnerabilities became the top initial access vector at 31%, while credential abuse fell to 13%. The human element still appears in 62% of breaches overall, a reminder that "top initial access vector" and "most breaches involve a person somewhere" are different measurements answering different questions. The same report flags a patching problem behind the exploitation numbers: only 26% of CISA KEV critical vulnerabilities were fully remediated in 2025, and the median time to full resolution rose to 43 days. Attackers don't need novel exploits when known, cataloged vulnerabilities sit unpatched for six weeks on average.

Mandiant's M-Trends 2026, built from more than 500,000 hours of frontline incident response, lands in a similar place on exploitation (32%, the top initial infection vector) but adds a detail the DBIR doesn't emphasize: voice phishing rose to 11% and became the second most common initial infection vector, while email phishing dropped to just 6%. Social engineering hasn't gone away here. It moved off the channel defenders have spent two decades hardening and onto the one they haven't: the phone.

ENISA's Threat Landscape 2025, covering the EU from July 2024 to June 2025, tells a different story from the same underlying trend. Phishing remains the dominant intrusion vector at roughly 60% of observed initial access, with vulnerability exploitation at 21.3%, though ENISA notes that when an intrusion does start with a vulnerability, it leads to a full compromise nearly 70% of the time. ENISA also puts a number on the AI angle directly: AI-supported phishing campaigns represented more than 80% of observed social-engineering activity worldwide by early 2025.

Then there's the most recent data point available: Cisco Talos' Q1 2026 incident response figures, reported by Help Net Security. In the first quarter of 2026, phishing accounted for over a third of engagements where initial access was determined, retaking the top spot from exploitation of public-facing applications for the first time since Q2 2025. Talos attributes the decline in exploitation partly to the wide availability of emergency patches and better detection coverage after a wave of on-premises SharePoint compromises, and attributes phishing's resurgence directly to attackers' AI usage.

Read together, these numbers describe a market rather than a ranking. Whichever vector currently has the lower AI-adjusted cost per successful intrusion pulls ahead, and defenders closing one gap (faster patching, better exploit detection) pushes volume back toward the other. AI made both products in that market cheaper to run.

AI made social engineering cheap enough to scale like a technical exploit

The mechanism behind social engineering's resurgence isn't mysterious. AI collapsed the cost and skill floor of a convincing lure to the point where it behaves economically like an automated technical attack instead of a bespoke con.

A human-subject study testing fully automated AI spear phishing found it achieved a 54% click-through rate, statistically matching campaigns crafted by human experts, and far above the roughly 12% baseline from a generic control. The estimated cost of a fully automated AI phishing email in that study was about $0.04. That combination, expert-level persuasion at mass-production pricing, is what separates this from the old, typo-riddled phishing email defenders trained a generation of employees to spot.

Personalization scales the same way. An academic paper on context-aware, GenAI-enabled spear phishing built a framework that extracted context from as few as ten public Instagram posts per target and used it to generate individually tailored lures. In a user study, the resulting messages were rated less suspicious on average than real-world phishing emails pulled from the APWG dataset, and in some cases less suspicious than benign control messages. Default AI safety filters in that study failed to block a meaningful share of the generated content, while a purpose-built detector trained specifically for this content reached over 98% accuracy, which says as much about the arms race in detection as it does about generation.

Voice tells the same story from a different angle. M-Trends' finding that voice phishing is now the second most common initial infection vector isn't a niche statistic, and it's a large part of why CISOs are adding vishing simulation to security awareness programs. AI speech synthesis can now clone a specific executive's voice or mimic a colleague's speech patterns well enough to run a live, adaptive phone conversation rather than a scripted message a target can hang up on and forget. A static lure that becomes a live, responsive conversation can be tuned and measured for success rate the same way an exploit's reliability gets tuned and measured, which is exactly why it behaves like a technical attack rather than a one-off con.

AI is also accelerating the technical side, with real caveats

The other half of the shift is happening inside vulnerability research and exploit development, and the evidence supports real capability uplift rather than the more dramatic "AI autonomously hacks companies" framing that circulates in the press.

The UK's National Cyber Security Centre, in its assessment of AI's near-term impact on the cyber threat to 2027, states it is almost certain that AI will increase the frequency and intensity of cyber threats, and specifically names AI-assisted vulnerability research and exploit development as the most significant near-term development to watch. The same assessment says fully automated, end-to-end advanced attacks remain unlikely by 2027. AI is compressing the time and expertise a specific, narrow task inside the attack chain requires. It is not replacing the human operator who plans and executes the full intrusion, at least not on the NCSC's timeline.

The UK AI Security Institute's evaluations of frontier models, including Claude Mythos Preview and GPT-5.5-Cyber, back this up with more granular findings. Both evaluations document measurable uplift on tasks like vulnerability triage and exploitation assistance, treated by the evaluating bodies as capability data points to inform governance and defense rather than proof of imminent autonomous attack capability. One piece of coverage from the same news cycle pushed back directly on the "single hacker now has a nation-state toolkit" framing, arguing the reality is more incremental than the headlines suggest.

Academic research adds a useful, bounded example. A paper demonstrating a multi-agent LLM framework, where one agent plans and separate specialist agents handle categories like cross-site scripting, SQL injection, and server-side template injection, found the framework outperformed baseline automated tools on a real-world web vulnerability benchmark. A separate paper critiquing benchmarking practices in this exact research area raises the important caveat: most of these testbeds have no active defenders, no realistic enterprise noise, and none of the messy dependencies of a live environment. Results like these indicate direction of travel, not a forecast of how often this succeeds against a defended target.

AI is a force multiplier on the technical side of the attack chain, most clearly in vulnerability research and exploit development, and government assessments are treating that multiplier effect as a priority worth watching closely. What it isn't, at least on current evidence, is a replacement for the human expertise that plans and runs a full intrusion.

Identity is where the two paths merge into one attack chain

The technical-versus-social framing starts to break down once you look at how real intrusions are actually structured, because most of them use both, in sequence, connected by identity.

Unit 42's 2026 Global Incident Response Report, based on more than 750 incident response engagements, found that 65% of initial access was identity-driven and that 87% of intrusions involved multiple attack surfaces. Identity, meaning credentials, session tokens, and helpdesk trust, is the connective tissue between a social engineering opening move and a technical follow-through.

The UNC3753 campaign, tracked by Mandiant's Google Threat Intelligence Group against U.S. law firms and other professional services organizations, is a clean illustration. The attack chain starts with an invoice-lure email, pure social engineering. It escalates through a phone call to the target's IT helpdesk, impersonating an employee locked out of their account, another social engineering step. That call gets the attacker a foothold via legitimate remote-access tooling like Quick Assist or AnyDesk, and from there the intrusion becomes technical: pivoting through virtual desktop infrastructure, harvesting documents from legal document management systems, and exfiltrating data, often within a single business day. Extortion demands can follow within thirty minutes of the theft completing. The categorization of this chain as "social" or "technical" simply depends on which hour of the operation you're looking at.

The Dutch ABN AMRO deepfake case runs the same logic in reverse. A fraudster used face-swap software to defeat the bank's mobile onboarding flow, which verified that a selfie matched an ID photo but had no way to confirm a live person was actually present. AI-generated deepfake media, the social and deceptive half of the attack, defeated a technical control, the biometric matching system, and it worked 47 times before a human reviewer caught an anomaly the automated system had waved through. The identity-verification pipeline was the technical layer. The deception that got past it was generated by AI, using the same category of tooling already covered above for phishing and voice.

Filing either case as "social engineering breach" or "technical breach" misses what actually happened: an identity-driven intrusion where AI made the human-facing step and the technical step both cheaper to run. That's the more useful lens for a security program deciding where to spend, because it points at controls that work across both halves of the chain instead of controls that only address whichever half made the headline.

What this changes for how companies defend and train

None of this argues for picking a side between technical controls and human-layer training. It argues for treating patch velocity, identity controls, and training as one connected system, because that's how attackers are already treating the target.

Patch velocity needs to close the gap between known and fixed. A 43-day median resolution time for critical KEV vulnerabilities, per the DBIR, is hard to defend when M-Trends shows the handoff from initial access to a secondary threat group has collapsed from over eight hours in 2022 to 22 seconds in 2025. The organizations getting hurt by the exploitation share of the initial-access mix are disproportionately the ones still running patch cycles built for a slower era.

Identity controls need to assume the helpdesk and the phone are attack surfaces, not just email. CISA, NSA, FBI, and MS-ISAC guidance on stopping the attack cycle at initial access makes the point directly: phishing is an identity, SaaS, mobile, and helpdesk control problem, not only an email filtering problem. Phishing-resistant MFA is the primary recommended control precisely because it removes the credential as the thing an attacker needs to steal, whether they get it through a technical exploit or a convincing phone call.

Training needs to stop assuming annual, static programs are sufficient, because the decay data is unambiguous. University of California research tracking phishing click rates found they sit around 3.5% immediately after training, climb to 5.7% at 30 days, and exceed 15% by 90 days without reinforcement. That "forgetting curve" is a large part of why 94% of organizations run regular training programs but only 6% achieve full completion. A 2024 meta-analysis of 42 studies found that training delivered at the point of error, immediately after someone clicks a simulated phishing attempt, reduces susceptibility by an average of 40%, outperforming videos, gamification, and generic follow-up content, which is also why so many phishing simulation programs fail to change behavior when they stop at annual, low-realism testing. Continuous, adaptive, point-of-error programs beat annual check-the-box training on the actual evidence, not just on vendor marketing.

One more piece belongs on this list precisely because it's easy to overlook: shadow AI. Verizon's 2026 DBIR found that unsanctioned AI tool use is now the third most common non-malicious insider action flagged by DLP systems. Employees adopting AI tools faster than security teams can govern them is itself becoming an exposure, independent of anything an external attacker does. Any adaptation plan built around AI's effect on the external threat landscape has to include the AI tools a company's own employees are already using.

Try our vishing simulator

Experience the most advanced voice phishing simulator built for security teams. Create scenarios, test voice cloning, and explore automation features.

Top AI-powered security training tools for companies

Given how much of the shift above runs through AI-generated social engineering and identity-driven attack chains, the training question worth asking is narrower than whether a platform mentions AI. It's whether the platform ships dedicated, hands-on training content for the specific AI-era threats covered here: deepfake voice and video, AI-personalized spear phishing, and helpdesk-style social engineering, rather than referencing AI mainly in its marketing copy. The five platforms below, listed alphabetically, are worth evaluating against that bar.

Adaptive Security

Adaptive Security is built specifically around AI-era, multi-channel threats. Its conversational red-teaming agents run realistic phishing attempts across email, voice, SMS, and video, with particular depth in deepfake vishing and CEO-fraud scenarios. The platform includes dedicated exercises for OWASP LLM Top 10 risks and prompt injection, including indirect prompt injection delivered through shared documents, which puts it ahead of platforms that only address deepfakes at a surface level. It's the strongest fit for organizations most concerned about executive impersonation and sophisticated, AI-generated spear phishing specifically.

Brightside AI

Brightside AI combines GenAI-generated phishing, vishing, and deepfake-video simulations with OSINT-based personal exposure analysis in a single coordinated workflow. Its vishing simulator generates an AI caller persona and a recommended attack strategy automatically, and it runs hybrid attacks that pair a phone call with a trackable phishing email rather than testing each channel in isolation. Difficulty scaling follows the NIST Phish Scale, and simulations respect a cooling-off period before reusing a domain against the same employee, which addresses a common criticism of repetitive simulation programs. Brightside is best suited to organizations that want AI-era, multi-vector simulation in one platform rather than stitched-together point tools.

Hoxhunt

Hoxhunt is built around continuous, adaptive behavior change rather than static campaign scheduling. Its simulations adjust difficulty automatically based on individual performance, and the platform's own reporting has shown repeat phishing victims dropping significantly within months of adoption, a vendor-reported figure worth validating against your own baseline. Because the adaptive model doesn't require heavy manual reconfiguration to stay current, Hoxhunt fits organizations that want measurable, compounding behavior change without a large dedicated admin overhead.

KnowBe4

KnowBe4 remains the largest platform by customer count, serving close to 70,000 organizations, with the broadest phishing template library in the category and a March 2026 AI agent suite (AIDA) layered on top of its existing simulation engine. Its scale and compliance-reporting depth make it a strong fit for large, compliance-heavy enterprises that need broad content coverage and audit-ready documentation across multiple frameworks. Organizations should weigh that scale against the administrative overhead practitioners commonly report: keeping simulations realistic and current requires more active campaign management than some of the more automated alternatives on this list, which is why some teams evaluate KnowBe4 alternatives once their program outgrows a template-driven model.

SoSafe

SoSafe is the strongest option for European and GDPR-sensitive organizations, with EU-hosted data, support for 30 or more languages, and design choices aimed squarely at NIS2 and DORA compliance requirements. Its AI chatbot, Sofie, delivers personalized guidance alongside an adaptive difficulty engine, and SoSafe's own data shows built-in, workflow-embedded training reducing phishing failure rates meaningfully compared to standalone training delivery. For multinational organizations where EU data residency is a hard requirement, SoSafe addresses a constraint the other platforms on this list don't specifically design around.

Choosing between them comes down to which part of this article's argument matters most to a given organization right now: deepfake and voice-channel exposure, adaptive behavior change with low admin overhead, compliance breadth at scale, or EU regulatory fit. None of them substitute for the patch velocity and identity controls covered above. They're the training layer of a defense that has to work across both the human and the technical side of the same attack chain.

Which vector wins next quarter's headline report is genuinely unpredictable, since that depends on how quickly defenders close whichever gap AI is currently exploiting cheapest. AI showing up on both sides of the chain, at the same time, is the more durable fact, and it's the real reason the social-engineering-versus-technical-exploit debate is worth retiring in favor of one that asks where identity, patching, and training all have to move together.