Nearly nine out of 10 (87%) of cybersecurity professionals report that their organisation has encountered an AI-driven cyberattack in the last year, according to a new study by SoSafe, a security and human risk management provider.

The finding comes from SoSafe’s 2025 Cybercrime Trends, a comprehensive survey of 500 global security professionals as well as 100 SoSafe customers across 10 countries. It examines social engineering tactics and the escalating risks facing organisations.

The report highlights a growing global tension between the widespread adoption of AI and the inherent security risks that it can pose, with almost all security experts (91%) anticipating a significant surge in AI-driven threats over the next three years. However, only a quarter (26%) have high confidence in their ability to detect these attacks, highlighting how dangerously exposed organisations are today.

“AI is dramatically scaling the sophistication and personalisation of cyberattacks,” said Andrew Rose, CSO, SoSafe. “While organisations seem to be aware of the threat, our data shows businesses are not confident in their ability to detect and react to these attacks”.

Obfuscation techniques, such as AI-generated methods to mask the origins and intent of attacks, were cited as the top concern by over 51% of security leaders. Additionally, 45% reported that the creation of entirely new attack methods was their biggest worry, while two fifths (38%) cited the scale and speed of automated attacks.

Advancements in AI are particularly enabling multichannel cyberattacks, blending tactics across email, SMS, social media and collaboration platforms. Almost all the

cybersecurity professionals surveyed (95%) agree they’ve noticed an increase in this style of attack in the past two years. A clear example is the deepfake attack on WWP’s CEO, where the attackers combined WhatsApp to build trust, Microsoft Teams for further interaction and an AI-generated deepfake voice call to extract sensitive information and money.

“Targeting victims across a combination of communications platforms allows them to mimic normal communication patterns, appearing more legitimate,” said Rose. “Simplistic email attacks are evolving into 3D phishing, seamlessly integrating voice, videos or text-based elements to create AI-powered, advanced scams.”

In-house adoption of AI is also inadvertently expanding organisations’ attack surfaces, he added, opening the door to new innovative attacks such as data poisoning and AI hallucinations.

“Many firms create AI chatbots to provide their staff with assistance, but few have thought through the scenario of their chatbot becoming an accomplice in an attack by aiding the attacker to collect sensitive data, identify key individuals and identify useful corporate insight,” Rose added, with the survey revealing that half (55%) of businesses have not fully implemented controls to manage the risks associated with in-house AI solutions.

But as Niklas Hellemann, CEO of SoSafe, pointed out, AI-driven security is only as strong as the people who use it. “Without informed employees who can recognise and respond to AI-driven threats, even the best technology falls short,” he said. “By combining human expertise, security awareness and the careful application of AI, we can stay ahead of the curve and build stronger, more resilient organisations.”

The post "Businesses face escalating risks from AI-driven cyberattacks" appeared first on Management.Issues