News Highlights   Quality Over Quantity: Phishing volume fell 20% for the second year in a row as attackers recalibrate to high-fidelity, AI-accelerated lures.Services Sector Surge: Targeted hits against the Services

Zscaler Research Finds Cybercrime Economics Are Shifting as AI Trades Mass Volume for Lethal Precision

Zscaler ThreatLabz 2026 findings highlight AI-driven phishing and TLS threats

<section class="insight" data-version="1">
 <section data-block="information">
 <h3>Information</h3>
 News Highlights  Quality Over Quantity: Phishing volume fell 20% for the second year in a row as attackers recalibrate to high-fidelity, AI-accelerated lures.Services Sector Surge: Targeted hits against the Services
 </section>

 <section data-block="ai-summary-paragraph">
 <h3>AI Summary</h3>
 Zscaler released ThreatLabz 2026 Phishing and Initial Access Report, showing a 20% YoY drop in phishing volume but a surge in attack quality. AI-generated text-to-site lures, real-time session hijacking, and 95.2% of phishing within encrypted traffic push demand for Zero Trust and deeper TLS inspection. Deception telemetry reveals broad enterprise reconnaissance ahead of compromises.
 </section>

 <section data-block="ai-summary-bullets">
 <h3>Key Points</h3>
 <ul><li>Phishing volume fell 20% YoY as attackers shift to AI-driven high-fidelity lures.</li><li>Services sector hits surged 65.5% due to trust-based workflows exploited by attackers.</li><li>95.2% of phishing now hides in encrypted traffic, bypassing legacy security stacks.</li><li>413,524 AI-generated phishing site instances; nearly 10% explicitly malicious.</li></ul>
 </section>

 <section data-block="companies-mentioned">
 <h3>Companies Mentioned</h3>
 <ul><li>Zscaler, Inc. (ZS): Released ThreatLabz 2026 report; underscores AI threat Trends and Zero Trust relevance.</li><li>Microsoft Corp (MSFT): Imitated brand for phishing; highlights enterprise identity risks and potential security-spend tailwinds.</li><li>Alphabet, Inc. (GOOGL): Also imitated by attackers; reinforces need for stronger identity security and Zero Trust solutions.</li></ul>
 </section>

 <section data-block="category">
 <h3>Industry News</h3>
 Category: Industry News. The report captures evolving cyber-threat dynamics and reinforces ZS&#039;s market-position in AI-augmented security and Zero Trust adoption.
 </section>

 <section data-block="market-moving">
 <h3>Market-Moving</h3>
 <ul><li>Surge in encrypted-traffic phishing may elevate demand for ZS TLS inspection.</li><li>AI-driven high-fidelity phishing expands ZS addressable market.</li><li>ThreatLabz findings reinforce ZS leadership in zero-trust security.</li></ul>
 </section>

 <section data-block="key-facts">
 <h3>Key Facts</h3>
 <ul><li>Phishing volume down 20% YoY.</li><li>Services sector hits 65.5% YoY increase.</li><li>95.2% phishing traffic encrypted.</li><li>413,524 AI-generated phishing site instances identified; ~10% flagged malicious.</li><li>Deception telemetry: 89.9 million hostile interactions from 1.37 million attacker IPs in six months.</li><li>Data: Jan–Dec 2025; deception telemetry Oct 2025–Mar 2026.</li></ul>
 </section>

 <section data-block="trading-thesis">
 <h3>Trading Thesis</h3>
 In the next 3–6 months, ZS could gain as AI-driven phishing boosts demand for Zero Trust and TLS-inspection capabilities.
 </section>
</section>


<link type="text/css" rel="stylesheet" href="https://www.globenewswire.com/styles/gnw_nitf.css"></link>News Highlights  <ul type="disc"><li style="margin-top:12pt;">Quality Over Quantity: Phishing volume fell 20% for the second year in a row as attackers recalibrate to high-fidelity, AI-accelerated lures.</li><li>Services Sector Surge: Targeted hits against the Services sector jumped 65.5%, as adversaries exploit trust-based workflows like billing and renewals.</li><li>The Encryption Blind Spot: 95.2% of phishing attempts now hide in encrypted traffic, bypassing legacy security stacks that lack deep TLS inspection.</li><li>&#34;Text-to-Site&#34; Weaponization: ThreatLabz identified over 413,000 AI-generated phishing instances, proving how easily attackers can now spin up polished, malicious sites.</li><li>MFA Under Threat: Sophisticated kits like &#34;BlackForce&#34; are being deployed to hijack active sessions and bypass multi-factor authentication in real-time.</li><li style="margin-bottom:12pt;">Reconnaissance Exposed: Deception telemetry recorded 89.9 million hostile interactions from 1.37 million unique attacker IPs in six months, revealing large-scale scanning and credential validation before compromise.</li></ul> LAS VEGAS, June 10, 2026 (GLOBE NEWSWIRE) -- Zenith Live 2026 -- <a href="https://www.globenewswire.com/Tracker?data=eQegGeTlEmO2DDedY292BJaYHnEjN3OB0H2_335QotMxXQH0BG3BBdzl626boE-8DpKxjEa96Rx9aVPlfPkbWQ==" rel="nofollow" target="_blank">Zscaler, Inc.</a> (NASDAQ:<a class="ticker" href="https://www.benzinga.com/quote/ZS">ZS</a>), the cybersecurity platform for the AI era, today announced the release of the <a href="https://www.globenewswire.com/Tracker?data=eQegGeTlEmO2DDedY292BIbmfKwUoHCa0XzBmnuP0-lL2yKcnmZl0rpUApklC85r9JziyvATvQVvP2QkjWwmj8wCl6W3OHA9U7Un9JvMVpmTkygRwy0nYsOFR4SMO90bWj9d_9oa5Sim-ujc19X4Ppch3EUsbJS41tBaFS6Dyilf3asWxC4AKhdtisoVuMMOzdYS6EqI3wgS-14DqLhANg==" rel="nofollow" target="_blank">Zscaler ThreatLabz 2026 Phishing and Initial Access Report</a>. Based on the comprehensive telemetry across the world's largest inline security cloud, spanning phishing activity, encrypted sessions, and deception decoy interactions, the research reveals a fundamental shift in the economics of cybercrime: while overall phishing volume dropped for the second consecutive year (down 20% year-over-year (YoY)), the effectiveness and sophistication of attacks have surged. Threat actors are increasingly utilizing AI-powered &#34;text-to-site&#34; tools and real-time session hijacking kits to bypass multi-factor authentication (MFA). Crucially, adversaries are heavily cloaking these sophisticated campaigns, with 95.2% of phishing attempts now hiding within encrypted traffic to bypass legacy security stacks. Furthermore, newly unveiled deception telemetry, capturing nearly 90 million hostile interactions, reveals that attackers are aggressively scanning and probing enterprise identities and collaboration platforms long before the initial compromise occurs. &#34;We are witnessing a strategic recalibration in the way adversaries approach initial access,&#34; said Deepen Desai, Chief Security Officer, Zscaler. &#34;The decline in raw phishing volume isn&#39;t a sign of retreat; it's a sign of evolution. Attackers are trading quantity for quality, using GenAI to eliminate traditional &#39;tells&#39; like poor grammar and generic lures. With 95% of phishing now hiding in encrypted traffic, organizations can no longer afford to leave their TLS traffic uninspected. A Zero Trust architecture is the only way to break the attack chain, from discovery to data exfiltration.&#34; How Adversaries Are Using GenAI for High-Fidelity Initial Compromise The report highlights how AI has become the primary engine for modern intrusion. ThreatLabz identified 413,524 AI-generated site instances, with nearly 10% flagged as explicitly malicious. Tools like Manus AI, Blackbox AI, and Lovable AI are being weaponized to spin up polished, brand-consistent phishing portals in minutes, tasks that previously required days of manual development. These AI-generated lures are particularly effective at mimicking trusted workflows. The Services sector bore the brunt of this shift, experiencing a 65.5% YoY surge in hits as attackers exploited trust-based interactions like billing, onboarding, and support renewals. Additional Findings From the 2026 Report Include: <ul type="disc"><li style="margin-top:12pt;">The Global Landscape: The U.S. remains a top target for email phishing attacks; Brazil saw a 2,522% surge in phishing hosting, becoming a top-five global origin.</li><li>Industry Breakdown: Manufacturing and Government remain primary targets for email phishing attacks, with Government hits up 50% as attackers pursue high-value intelligence.</li><li>Credential Harvesting Trends: Microsoft and Google are the most imitated brands for phishing attacks, showing continued focus on compromising enterprise identity systems.</li><li>Detection Evasion: Encryption is now the default for cybercriminals, with 87% of malicious activity delivered via HTTPS.</li><li style="margin-bottom:12pt;">Hostile Scanning Activity: Attackers are leveraging legitimate cloud infrastructure for reconnaissance, using over 121,000 unique Public Cloud-hosted IPs to probe environments. </li></ul> Deception Technology Unmasks Attacker Intent Zscaler telemetry from global decoys captured nearly 90 million hostile interactions across 1.37 million unique attacker IPs. This data confirms that adversaries are aggressively probing collaboration and identity platforms to find weak spots, and test assumptions about what defenses will give. Mitigating the Path to Compromise To counter these evolving threats, the Zscaler Zero Trust Exchange&#x2122; platform delivers the AI security platform built on Zero Trust that: <ol style="list-style-type:decimal;"><li style="margin-top:12pt;">Minimizes Attack Surface Discovery: Reduces exposure by hiding applications behind a cloud-delivered proxy, while leveraging Deception technology to surface reconnaissance attempts via scanning, probing, and credential validation attempts early.</li><li>Helps Eliminate Initial Compromise: Blocks AI-enabled phishing and session-based attacks with AI-driven inline inspection, including full TLS/SSL inspection, to expose threats hiding in encrypted traffic.</li><li>Stops Lateral Movement: Connects users directly to applications and enforces Zero Trust access controls to prevent attackers from moving from a single foothold to broader environments.</li><li style="margin-bottom:12pt;">Prevents Data Loss: Reduces breach impact with AI-powered data protection to identify sensitive data in motion and prevent unauthorized sharing or exfiltration.</li></ol> For a deeper dive into the findings and best practices for securing your organization, download the full Zscaler ThreatLabz 2026 Phishing and Initial Access Report at <a href="https://www.globenewswire.com/Tracker?data=zheSDhViLWSLj80x0kbM5etq-uwPpgLHn1fGL3d3906RHOI8v0Ac5HMtbwOGByPsgBdAo1dND3PL1wUYb7-7LnrFRxqvZecIFfw-zbWAMyx6zIHDu17aaEu9dA4ROWkzIT4eaUsAlngLESEPK8t-3SN4Bt7UpRIKMolbQq_RPk9dt4byAL_Uhg4hRJrS22BP0LR2xTisvGUrQpsUEsD-Mwnb2rzLKfzq7HItAwFnquw=" rel="nofollow" target="_blank">https://www.zscaler.com/campaign/threatlabz-phishing-initial-access-report</a>. Methodology ThreatLabz analyzed over 500 trillion daily signals from the Zscaler Zero Trust Exchange, blocking over 9 billion threats daily. The report is based on data collected from January to December 2025, supplemented by deception telemetry observed between October 2025 and March 2026. About Zscaler Zscaler (NASDAQ:<a class="ticker" href="https://www.benzinga.com/quote/ZS">ZS</a>) is a pioneer and global leader in zero trust security. The world's largest businesses, critical infrastructure organizations, and government agencies rely on Zscaler to secure users, branches, applications, data &amp; devices, and to accelerate digital transformation initiatives. Distributed across 160+ data centers globally, the Zscaler Zero Trust Exchange&#x2122; platform combined with advanced AI combats billions of cyber threats and policy violations every day and unlocks productivity gains for modern enterprises by reducing costs and complexity. Media Contact Nick Gonzalez, Director of Global Public Relations, <a href="https://www.globenewswire.com/Tracker?data=pIunkCjaf8fO4lEtgvZ102JJd691ug10db-DP1HjP9-zrfMJHIQW2fTfmMShDFVqxxjFtW90jW78f5iDM08QgbpafS1G8ecGXShZGd9g8go=" rel="nofollow" target="_blank">press@zscaler.com</a> <img alt="" class="__GNW8366DE3E__IMG" src="https://www.globenewswire.com/newsroom/ti?nf=OTczMzkwOSM3NjUyODI2IzIwOTM3ODE="></img> <img alt="" src="https://ml.globenewswire.com/media/NjlmYmEwZjQtMTBmMi00NjUzLTkwOGMtZDg0YjczNmVkYzUwLTExMDUzNTItMjAyNi0wNi0xMC1lbg==/tiny/Zscaler-Inc-.png" referrerpolicy="no-referrer-when-downgrade"></img><a href="https://www.globenewswire.com/NewsRoom/AttachmentNg/bc212637-6ad5-43b1-9aa5-f998c8fe68ba"><img src="https://ml.globenewswire.com/media/bc212637-6ad5-43b1-9aa5-f998c8fe68ba/small/zscaler-brandassets-logolockup-blue-png.png" border="0" width="150" height="35" alt="Primary Logo"></img></a>

Zscaler released ThreatLabz 2026 Phishing and Initial Access Report, showing a 20% YoY drop in phishing volume but a surge in attack quality. AI-generated text-to-site lures, real-time session hijacking, and 95.2% of phishing within encrypted traffic push demand for Zero Trust and deeper TLS inspection. Deception telemetry reveals broad enterprise reconnaissance ahead of compromises.

Zscaler Research Finds Cybercrime Economics Are Shifting as AI Trades Mass Volume for Lethal Precision

AI Summary

Sentiment Rationale

Trading Thesis

Market-Moving

Key Facts

Companies Mentioned

Industry News

Related News