Two things happened this week that, taken together, should change how every small org thinks about phishing.
On June 10, Zscaler published research showing phishing volume has dropped roughly 20% two years running. On June 12, Google filed a lawsuit against a China-based criminal network called the "Outsider Enterprise" — a group that used Google's own Gemini AI to write custom phishing website code at scale.
Read those two things slowly. Volume is down. But AI-built precision attacks are up. That is not a good trade.
What the Outsider Enterprise Was Actually Doing
The Outsider Enterprise wasn't a gang of skilled hackers. They ran a phishing-as-a-service (PhaaS) platform — a subscription model for criminals who have money but not technical skills. For a fee, affiliates got access to a library of over 290 prebuilt phishing templates impersonating Google, YouTube, USPS, state DMVs, financial institutions, and toll agencies like E-ZPass.
The piece that made this possible at scale? They used Gemini to write the HTML and code for new phishing pages on demand. They just framed the prompts as harmless — "build me a gift redemption landing page" — and the AI did the work. Then the output got imported into their tooling and became a live scam site within hours.
Between November 2025 and April 2026, the group generated more than 1.5 million malicious URLs. In a single 14-day window in May, they blasted out 2.5 million fraudulent text messages. The network links to more than 9,000 fake websites. Hundreds of thousands of victims. Losses in the millions.
This is not sophisticated nation-state hacking. This is a criminal franchise operation — and the franchise just hired an AI development team.
The Zscaler Data Tells the Same Story From the Other Side
The Zscaler ThreatLabz report published two days earlier makes the context clear. Overall phishing volume has declined for two consecutive years. If you're reading that and thinking "great, the problem is getting better," flip that around.
Attackers didn't get tired. They got smarter. They dropped the spray-and-pray campaigns because the conversion rates were garbage and defenders got better at catching mass patterns. Instead, they moved to targeted, AI-crafted attacks that look like real business communications — billing notices, onboarding documents, support tickets, document-sharing links.
Zscaler found over 413,000 AI-generated phishing instances in their data. The click-through rate on AI-crafted lures is roughly 54%, compared to 12% on traditional phishing. Fewer emails. More victims per email sent.
The hardest hit sector? Services — a 65.5% year-over-year increase. Meaning the 20-person consulting firm, the boutique accounting practice, the regional HR provider. The organizations that look exactly like CivSafe's clients.
Why This Wrecks Your Existing Defenses
For years, small orgs have been protected — partially — by the economics of volume phishing. It was cheap to run but also cheap to defend against. Spam filters got good at catching patterns. Security awareness training taught people to look for bad grammar, weird sender addresses, suspicious links. It worked okay.
That playbook is now obsolete.
The new attacks don't have bad grammar. They don't have typos. They don't come from obviously fake domains. They're generated by AI models that have seen billions of legitimate business emails and can produce something indistinguishable from the real thing. The Outsider Enterprise templates impersonate the exact visual branding of the USPS tracking page, your bank's login screen, a state DMV form.
Your spam filter catches volume patterns. These aren't volume patterns — they're surgical. Your employees have been trained to spot obvious red flags. These don't have obvious red flags.
The only defense that still works is one that doesn't depend on human pattern-matching at all.
What Actually Protects You Now
One thing: phishing-resistant MFA.
Traditional MFA — SMS codes, push notifications, TOTP apps — can all be bypassed by attacker-in-the-middle attacks. The Outsider Enterprise phishing kits were designed to intercept those codes in real time. You type the code into the fake site, they use it on the real site before it expires. Done.
Phishing-resistant MFA means hardware security keys (YubiKey, etc.) or passkeys bound to a specific domain. When your credential is tied to the domain cryptographically, it literally cannot be entered on a fake site — the key won't respond. The attack fails at the moment of interception because the authentication requires domain verification the attacker can't fake.
Rolling this out for a 15-person team is a one-day project. It's not expensive. It requires buying hardware keys per user (around $30-50 each) and an afternoon of configuration in whatever identity provider you're using — Entra ID, Okta, Google Workspace. The employee experience change is minimal: tap a key instead of copying a number.
The gap between "we have MFA" and "we have phishing-resistant MFA" is the entire surface area these attacks exploit. Closing that gap right now is the single highest-value security move most small orgs can make.
The Harder Conversation
The Google lawsuit is worth paying attention to beyond the headlines. This is the first time Google has sued someone specifically for weaponizing one of its own AI tools. The complaint details how jailbreaking Gemini required nothing more than reframing the request — no exploits, no hacks, just prompts that sounded like normal development work.
That means every AI tool your team uses — for writing, for code, for document generation — is also potentially usable by someone with a Telegram account and $50/month to spend. The countermeasures AI companies have built are real but porous. Determined actors find the gaps.
This doesn't mean AI tools are bad. It means the threat landscape has shifted from "criminals trying to build attack tools" to "criminals hiring AI-assisted tools that anyone can access." The barrier to running a professional-grade phishing operation just dropped to near zero.
For a small org, the implication is simple: don't wait for a sophisticated attack to motivate you. The sophistication is already available to anyone who wants it.
This is the kind of shift we're helping teams prepare for right now — not with a governance framework, but with a single afternoon and the right setup. If you're not sure whether your org's MFA is phishing-resistant, it probably isn't. Let's talk.