23rd February 2026 - TrendAI, a business unit of Trend Micro, has released new research showing how public social media photos can be quickly converted into highly personalised phishing campaigns using widely available AI tools.
The analysis includes a controlled proof of concept developed by TrendAI’s threat researchers to replicate the workflow an attacker could automate today. The result: profiling an individual using roughly 30 public Instagram images and generating a tailored phishing website can now take less than 30 minutes.
“This doesn’t introduce a new attack technique”, said David Sancho, Senior Threat Researcher at TrendAI. “Targeted phishing has existed for years. But what has changed is the speed and scale, as AI now removes the manual effort that once limited this level of personalisation to high-value targets. Reconnaissance that previously took days of work can now be automated into a repeatable pipeline.”
In the proof of concept, researchers:
In one case, the system inferred from shared images that a subject had recovered from breast cancer and ranked that as the most effective targeting theme. No private data was accessed. The information was already public.
The wider implication is enterprise risk. Executives and employees maintain personal digital footprints outside corporate controls. As AI-driven profiling becomes faster and cheaper, attackers can use personal context to craft more convincing business-focused lures.