Industrial control system (ICS) operators are increasingly targeted by phishing campaigns, a threat amplified by the use of AI. Cybercriminals now deploy polymorphic phishing—rapidly generating hundreds of slightly varied emails by randomizing elements like subject lines and sender names—making them harder to detect. In 2024, one analysis found that 76% of phishing attempts contained at least one such polymorphic trait, while 52% originated from compromised email accounts and 25% used spoofed domains. AI also enables attackers to adapt messages based on user responses, further heightening the threat and undermining traditional filters.

Moreover, AI has dramatically improved the quality and scale of phishing content. No longer easy to spot due to spelling or grammatical errors, phishing emails are now often flawless and tailored using AI-generated language in multiple native languages. A July 2025 survey revealed that 25% of CISOs experienced at least one AI-generated network attack—yet the actual figure is likely higher, as such incidents often go undetected. These emerging tactics emphasize the need for ICS operators to enhance training, detection systems, and awareness to keep pace with increasingly sophisticated threats.

‍

Source: https://gca.isa.org/blog/detecting-ai-generated-phishing-attacks-targeting-industrial-control-system-operators