Research Report

State of AI Phishing 2026

What Threat Terminal Data Reveals About Human Detection Gaps

By Scott Altiparmak · Based on data from the Threat Terminal experiment.

What's Inside

Which of six phishing techniques bypass trained humans most often
How confidence calibration reveals where people are wrong and sure of it
Whether security professionals actually outperform other groups
What authentication signals (SPF/DKIM/DMARC) do and don't tell recipients
Practical recommendations for security awareness programs

Download

Coming Soon

The report will be published once the study reaches 100 participants.

Get notified when the report is published.

Background

This report is based on data collected through Threat Terminal, a game-based research platform where players classify AI-generated emails. The study protocol has been published on Zenodo, and findings update in real time as data comes in.

Study protocol (DOI) →Research platform →Full methodology →Blog writeup →