Defending Against AI‑Driven Phishing and Malicious URLs

Authors

  • Richard Kabanda College of Engineering, University of New Haven, West Haven, USA Author
  • Rhoda Ajayi College of Engineering, University of New Haven, West Haven, USA Author
  • Pedro Ogbe Michael Marwadi University, India Author

DOI:

https://doi.org/10.32628/CSEIT26121314

Keywords:

AI-driven phishing, Adversarial Machine Learning, Phishing-Resistant Authentication, DMARC Enforcement, Zero Trust Architecture, Cyber Resilience Modeling

Abstract

Artificial intelligence has transformed phishing from opportunistic deception into automated, adaptive social engineering on a scale. Contemporary campaigns leverage generative content synthesis, adversary-in-the-middle credential relay, QR-code mobile pivots, and infrastructure churn to evade traditional signature-based and reputation-driven defenses. As identity systems increasingly underpin cloud services and critical infrastructure, phishing mitigation becomes a resilience challenge rather than a purely technical filtering problem. This study introduces the AID-PDR Framework (AI-Driven Phishing Defense & Resilience), a multi-layer socio-technical architecture integrating phishing-resistant authentication (FIDO2/WebAuthn), standards-based email authentication (SPF, DKIM, DMARC with MTA-STS and TLS-RPT), browser-level enforcement, adversarially robust machine learning detection pipelines, and adaptive AI-driven phishing simulation. A quantitative resilience model illustrates how layered controls produce multiplicative risk reduction across independent defensive mechanisms. Grounded in breach investigations, threat intelligence reporting, applied ML design patterns, and alignment with NIST and Zero Trust frameworks, this work advances a unified approach to mitigating AI-driven phishing risk at enterprise and national scale.

Downloads

Download data is not yet available.

References

Atrix10. (2025, January 28). Understanding email security: DMARC, SPF, DKIM, MTA-STS, TLS-RPT, and BIMI made simple. https://atrix10.ca/2025/01/28/email-security-dmarc-spf-dkim-explained/

Cofense. (2026, February 4). The new era of phishing: Threats built in the age of AI. Business Wire. https://www.morningstar.com/news/business-wire/20260204840917/cofense-report-reveals-ai-powered-phishing-accelerated-to-one-attack-every-19-seconds

DCHost. (2025, December 30). What are MTA-STS, TLS-RPT and BIMI? Advanced DNS settings for safer email and stronger brands. https://www.dchost.com/blog/en/what-are-mta-sts-tls-rpt-and-bimi-advanced-dns-settings-for-safer-email-and-stronger-brands/

European Union Agency for Cybersecurity (ENISA). (2025, October 1). ENISA threat landscape 2025. https://www.enisa.europa.eu/publications/enisa-threat-landscape-2025

Email on Acid. (2025, September 17). Email authentication protocols in 2025. https://www.emailonacid.com/blog/article/email-deliverability/email-authentication-protocols/

Google. (2024, March 14). Real-time, privacy-preserving URL protection (Safe Browsing). Google Security Blog. https://security.googleblog.com/2024/03/blog-post.html

Mishra, Chandan. (2025). Modernizing PeopleSoft Financial Systems: Automation, Cloud Integration, and Workflow Optimization. International Research Journal on Advanced Science Hub. 7. 882-890. 10.47392/IRJASH.2025.097. DOI: https://doi.org/10.47392/IRJASH.2025.097

Google. (2025, February 11). Defending one billion Chrome users with enhanced protection. https://blog.google/products-and-platforms/products/chrome/google-chrome-safe-browsing-one-billion-users/

KnowBe4. (2025, March). Phishing threat trends report (Vol. 5). https://www.knowbe4.com/hubfs/Phishing-Threat-Trends-2025_Report.pdf

Microsoft. (2026). Enhanced phishing protection in Microsoft Defender SmartScreen. Microsoft Learn. https://learn.microsoft.com/windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection

Microsoft. (2026). Microsoft Defender SmartScreen URL reputation demonstrations. Microsoft Learn. https://learn.microsoft.com/defender-endpoint/defender-endpoint-demonstration-smartscreen-url-reputation

FNU Pawan Kumar (2025), Scalable Microservices Architecture for High-Volume Order Processing in Cloud Environments. International Journal of Innovative Science and Research Technology (IJISRT) IJISRT25JUN1313, 2542-2548. DOI: 10.38124/ijisrt/25jun1313. DOI: https://doi.org/10.38124/ijisrt/25jun1313

National Institute of Standards and Technology. (2025, March). Adversarial machine learning: A taxonomy and terminology of attacks and mitigations (NIST AI 100-2e2025). https://csrc.nist.gov/pubs/ai/100/2/e2025/final

Sophos DMARC Manager. (2025). MTA-STS overview. https://help.sophosdmarc.com/dmarc-manager/theory/mta-sts/

Verizon. (2025). 2025 data breach investigations report. https://www.verizon.com/business/resources/Tca1/reports/2025-dbir-data-breach-investigations-report.pdf

Zscaler ThreatLabz. (2025). 2025 phishing report. https://www.zscaler.com/learn/2025-phishing-report

Downloads

Published

25-02-2026

Issue

Vol. 12 No. 1 (2026): January-February

Section

Research Articles

License

Copyright (c) 2026 International Journal of Scientific Research in Computer Science, Engineering and Information Technology

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Richard Kabanda, Rhoda Ajayi, and Pedro Ogbe Michael, “Defending Against AI‑Driven Phishing and Malicious URLs”, Int. J. Sci. Res. Comput. Sci. Eng. Inf. Technol, vol. 12, no. 1, pp. 410–425, Feb. 2026, doi: 10.32628/CSEIT26121314.