According to Forbes, a new report from security firm KnowBe4 reveals that 96% of organizations now struggle to secure the “human element,” with related incidents soaring by 90% in 2025. While 57% of attacks still hit email, with Outlook and Gmail drawing 90% of those, messaging apps like Teams and Slack are catching up fast. KnowBe4 CEO Bryan Palma warns that AI is fueling this, allowing attackers to create convincing deepfake audio and personalized messages that bypass traditional red flags. He states that 2026 will be the year these long-discussed threats become real, lowering the entry bar for criminals from “who knows how to code” to “who knows how to ask.” The report emphasizes that once an attacker takes over a real corporate account, every message from it becomes a trusted delivery system for malware or fraud.
The New Rules Of Trust Are Broken
Here’s the thing that should really scare you. We spent 20 years training people to spot a dodgy email. Check the sender address. Hover over the link. Look for spelling mistakes. That whole playbook is basically useless now. AI can generate perfect, on-brand copy. It can mimic writing styles. And as Palma points out, when a message comes from your boss’s actual Slack account asking for a “quick favor,” who’s trained to question that? Nobody. That’s the point.
And it’s not just text. Deepfake audio is now so convincing that a vishing call can sound exactly like your CEO authorizing a wire transfer. We’re entering an era where you can’t trust your own ears or eyes within a digital conversation. The very foundation of how we verify identity and intent online is crumbling. The attackers aren’t breaking the tech; they’re hijacking the trust that’s already baked into our communication platforms.
Why Messaging Apps Are The Perfect Weapon
Email filters are sophisticated. Your company probably has layers of security gateways scanning every attachment. But what about that Teams chat from “Janet in Finance”? Or the Slack thread you’re tagged in about an urgent invoice? These internal channels are built for speed and trust, not security scrutiny. They’re the soft underbelly.
Once an account is taken over—which is frighteningly common—the attacker doesn’t need to spoof anything. They are the trusted colleague. Every link they drop, every file they share, comes from inside the house. It’s the perfect, frictionless delivery system. This shift means the entire concept of “perimeter security” is laughable. The perimeter is now inside your chat window.
The AI Agent Wildcard
Now, let’s add another terrifying layer. As Google’s recent security blog acknowledges, we’re deploying AI agents with real power. These things can write code, manage cloud resources, and talk to production systems. What happens when one of those gets socially engineered or compromised?
Palma’s warning hits hard: “traditional security tools, which are tuned to catch unusual human behavior, will miss it.” An AI agent acting on malicious instructions won’t look like a frantic human hacker. It’ll look like normal, automated activity. This forces a fundamental question: who’s watching the agents? The industry is nowhere near ready for this, and a “hard reset” on governance is coming.
What Do You Even Do About This?
So, what’s the fix? You can’t just tell people to stop trusting each other. That kills collaboration. The report suggests the defense has to evolve just as radically as the attack. Training needs to move beyond “don’t click the link” to “verify the request,” especially for sensitive actions, using a separate channel. A phone call (to a known number) or a walk over to the desk. Out-of-band verification is becoming critical again.
Basically, we need a culture of healthy paranoia. And technically, monitoring can’t just look for malware signatures anymore. It has to understand normal conversation patterns and flag anomalies, even from “trusted” accounts. It’s a huge lift. The bottom line from KnowBe4 is the most sobering part: defenders can’t comfort themselves thinking only nation-states can pull this off. With AI in the mix, you have to assume almost anyone can. The threat is now, as they call it, truly “uncontrolled.”
