AI is now writing phishing emails better than most humans do, and your multi-factor authentication is not the safety net you think it is. Barracuda’s 2026 Red Team Report dropped this month and it should scare you sober. The attacks have gotten smarter, faster, and deeply personal — and the old defenses are crumbling.
Security researchers at Barracuda ran a series of red team exercises using AI-powered email attack techniques and what they found is exactly as bad as it sounds. Phishing emails crafted by large language models no longer read like someone translated them through three languages before landing in your inbox. They read like your coworker wrote them. They reference real projects. They mimic tone. They know when to be casual and when to sound urgent. The grammar is clean. The context is right. And you are going to click.
What Is ClickFix and Why Should You Care?
ClickFix is one of the nastier tricks detailed in the report. Here is how it works: you get an email, it looks legitimate, it tells you there is a problem with your account or a document you need to review. You click through. A fake error message appears. The “fix” instructs you to paste a command into your own terminal or run a script. You do it. You just installed malware yourself. No exploit needed. No zero-day. Just your own hands doing the attacker’s work for them.
It is social engineering stripped down to its ugly core. The AI generates the pretext. The human executes the payload. The attacker sits back and watches access roll in.
MFA Is Not Dead, But It’s Bleeding Out
Multi-factor authentication was supposed to be the answer. Add a second layer, problem solved. Except attackers now use adversary-in-the-middle proxies that sit between you and the real website, capture your session token the moment you authenticate, and replay it before it expires. Your MFA code goes through. You think you logged in safely. The attacker has your session. Both of you are in at the same time.
This is not theoretical. The red team report documents exactly this technique being used in simulated corporate attacks in 2026. Push notification fatigue attacks are also on the list — bombard someone with MFA requests until they approve one just to make it stop. It works more often than any security team wants to admit out loud.
The Three Attack Vectors Doing the Most Damage Right Now
- AI-personalized spear phishing — Emails generated using scraped LinkedIn data, public calendars, and company announcements. Extremely high open and click rates.
- ClickFix payload delivery — No malicious attachment. No suspicious link. Just a convincing error and an instruction to fix it yourself.
- Session token hijacking via AiTM proxies — Bypasses MFA entirely by stealing authenticated sessions in real time.
Why AI Makes This So Much Worse Than Before
Scale is the real villain here. A skilled human attacker could craft maybe a handful of convincing personalized phishing emails per day. An AI system can generate thousands per hour, each one tuned to its target. Sector-specific language for healthcare workers. Urgent compliance framing for finance teams. Casual Slack-style tone for tech startups. The model adapts. The volume is industrial. The hit rate climbs.
We have seen AI reshape consumer products dramatically — Meta adding AI modes to Facebook is just one example of how fast the technology is being embedded everywhere. But the same capability that makes product recommendations smarter also makes attack generation cheaper, faster, and more effective. The tools are not neutral.
The Hot Take
The cybersecurity industry built a business model on selling complexity as safety. Firewalls, endpoint detection, threat intelligence platforms, SIEM dashboards — billions of dollars of infrastructure — and a well-prompted language model is now outpacing all of it at the social layer. The problem was never the technology. It was always the human. And now attackers have a tool that understands humans better than most corporate security training ever did. Selling more software is not going to fix this. Changing how people interact with requests for action — any requests, from anyone, at any time — is the only thing that actually moves the needle. The industry does not want to say that out loud because there is no subscription tier for behavioral culture change.
What You Should Actually Do in 2026
Hardware security keys remain the strongest MFA option because they are phishing-resistant by design — no proxy can intercept a physical handshake. Passkeys are heading in the right direction. App-based TOTP codes are better than SMS but not enough anymore. And training your team to treat any instruction to run a command or paste something into a terminal as an immediate red flag is not optional. It is table stakes.
Governments are starting to pay attention to AI-powered consumer risk in other sectors too — Greece recently launched an AI price comparison app to put market transparency in the hands of regular people. The question is whether that same energy gets directed at protecting those same people from AI-powered attacks on their inboxes and credentials.
The attackers are not waiting for a policy framework. They are already running production campaigns with AI tooling that costs them almost nothing. Every week you spend debating security budgets is another week they are learning what works. The bar has moved. Most organizations have not moved with it — and that gap is exactly where the damage happens.