AI is rapidly changing how cybercriminals operate. Social engineering, once easy to spot, has entered a new era. Phishing emails that used to be riddled with spelling mistakes and clumsy language are now polished, persuasive, and tailored using data scraped from social media and other online sources. The result? Messages that look legitimate enough to trick even the most security-aware employees.

In this episode of Security Strategist, host Trisha Pillay sits down with Director of Threat Research at N-able, Kevin O’Connor to unpack how AI is reshaping phishing and what it means for businesses, especially small and medium-sized organizations that often lack the resources to keep up. Drawing on insights from the N-able Threat Report, O’Connor explains why traditional defenses and old-school user training aren’t enough to stop today’s AI-crafted scams.

O’Connor says:

“In the past, phishing emails were easy to spot, you’d see clumsy grammar mistakes, generic wording, they were just very obvious. But with the new wave of AI-enabled phishing emails, we’re seeing tailored attacks that pull from social media profiles and other sources. These messages are highly polished, they look convincing, and the worrying part is that attackers can now do this at scale. That means even IT professionals and security pros are at risk.”

Why Even Experts Are Falling for AI-Powered Phishing

Drawing on insights from the latest N-able Threat Report, this is why the shift is so dangerous:

• AI is changing the landscape of social engineering. Messages are tailored, credible, and increasingly difficult to block or filter.
• Phishing emails are now more convincing than ever. Attackers can create unique, targeted scams instead of blasting out obvious mass emails.
• Even experts are vulnerable. IT teams and security professionals are no longer immune.
• User training must evolve. Old advice like “look for spelling mistakes” won’t cut it anymore. Employees need new skills to recognize modern threats.

Takeaways

• AI is changing the landscape of social engineering.
• Phishing emails are now more convincing than ever.
• Even tech-savvy employees can fall for scams.
• SMBs are increasingly targeted due to their vulnerabilities.
• User training must evolve to address modern threats.
• Two-factor authentication is critical for financial transactions.
• Organizations need to know their data exposure.
• Incident response planning is essential for preparedness.

The threat of compromise is a matter of when, not if.

Chapters

00:00 Introduction to AI-Driven Threats

02:09 The Evolution of Phishing with AI

05:42 The Rise of Attacks on SMBs

08:56 Preventative Measures for Organizations

12:36 The Future of AI in Cybersecurity

About Kevin O’Connor

Kevin O’Connor is the Director of Threat Research at N-Able and brings over eight years of experience in U.S. Intelligence Community and Department of Defense cyber operations, gaining first-hand insight into how nation-state adversaries think and operate. He later applied that expertise in private industry threat research, translating intelligence into practical, enterprise-grade security solutions. O’Connor continues to focus on Threat Research, bringing those capabilities from a startup to a larger organization, increasing reach, insights, and cross-industry impact.

O’Connor’s strength lies in bridging technical depth with strategic insight. He can analyze advanced persistent threats and kernel-level exploits while advising business leaders on risk, investment, and operations. With expertise in offensive cyber operations, defensive engineering, and threat intelligence, he turns complex security challenges into actionable strategies that help enterprises stay resilient.