Attackers are now using ChatGPT, Claude, and Gemini to write phishing emails that are grammatically perfect, personally targeted, and invisible to spam filters. TrustScan fights back with the same class of technology — detecting AI-written threats automatically inside Gmail.
🔒 No email content stored · Instant results · Works in Gmail
Until recently, phishing emails were easy to spot: broken English, generic greetings, obvious urgency, and suspicious links to misspelled domains. Security awareness training taught users to look for these red flags — and for years, it worked.
That playbook is now obsolete. Large language models like ChatGPT, Claude, and Gemini can be prompted by attackers to produce phishing emails that are grammatically flawless, contextually plausible, stylistically appropriate for the target's industry, and personalised with real details scraped from LinkedIn, social media, or data breaches. The typos and generic greetings are gone. What remains is a message that reads exactly like a legitimate email from a known contact.
AI also removes the bottleneck of scale. A single attacker can now generate thousands of individually personalised phishing emails in minutes, targeting each recipient with context-specific lures — something that previously required a team of social engineers working for days. This shift is not hypothetical. AI-assisted phishing campaigns were documented in the wild within months of ChatGPT's public release — and have become a mainstream feature of the modern threat landscape.
Existing defences were built for a threat model that no longer reflects reality. Here is why each layer falls short.
Gmail's spam filter compares incoming email against databases of known malicious domains, previously flagged URL signatures, and high-volume sending patterns. AI-generated phishing emails arrive from fresh domains, contain no flagged links, and are sent individually — providing no signal for pattern-matching systems to act on.
Users are trained to notice typos, generic salutations, and suspicious urgency. AI-generated phishing has none of these. It uses the recipient's name, references real context, and matches the tone of legitimate communications — defeating every heuristic that awareness training teaches.
Many business email compromise and CEO fraud attacks contain no links at all — just a request to call a number, wire funds, or reply with credentials. URL reputation services, which are a core part of most email security tools, are completely irrelevant against these message-only attacks.
Traditional email security relies on threat intelligence feeds that are updated after an attack is identified. AI-generated phishing creates novel, unique content for every target — by definition arriving before any signature can exist. Reactive databases cannot protect against threats that haven't been seen before.
TrustScan uses a large language model to analyse each email — reading intent and language the way a trained analyst would, at the speed of automation.
When you open an email in Gmail, TrustScan's Chrome extension extracts the message body (up to 2,000 characters), sender address, embedded links, and any images. This data is sent securely to TrustScan's backend for analysis. Email content is never stored after scoring.
TrustScan's backend scores the email across four dimensions in parallel: phishing risk, scam risk, AI-authorship likelihood, and overall threat level. The AI-authorship check specifically evaluates writing uniformity, structural regularity, vocabulary distribution, and manipulation patterns characteristic of LLM-generated content.
The four dimension scores are combined into a composite trust score from 0 to 100. An email that is AI-authored but benign (a marketing email) scores differently from one that is AI-authored with phishing intent — TrustScan distinguishes between AI writing in general and AI writing used for manipulation.
The trust score badge appears next to the subject line in under 3 seconds — green (80–100, safe), amber (50–79, proceed with caution), or red (0–49, high risk). Hover over the badge for a plain-English explanation of what was found.
TrustScan's AI engine analyses four categories of signals in every email — simultaneously and in under 3 seconds.
Writing uniformity, unnaturally consistent sentence length, characteristic LLM phrasing patterns, low lexical surprise, and structural regularity that distinguishes machine output from human writing — even when the AI-generated text is grammatically perfect and appears completely natural.
Credential-theft attempts, fake login-page links, urgency framing designed to bypass rational thinking, authority impersonation, account-suspension threats, and requests for personal information that no legitimate sender would make via email.
Romance fraud language, advance-fee request structures, fake lottery and prize notifications, investment opportunity framing, and impersonation of banks, government agencies, couriers, and technology companies — including AI-generated variants of each.
Images embedded in the email are scanned for AI-generation artifacts, including deepfake profile photos, forged payment confirmations, and fabricated identity documents. QR codes are decoded and the embedded URLs are analysed for phishing destinations.
Understanding what changed explains why the old detection methods no longer work — and why AI-powered detection is now necessary.
| Characteristic | Traditional phishing | AI-generated phishing |
|---|---|---|
| Grammar quality | Poor — typos, broken English | Flawless — indistinguishable from native writing |
| Personalisation | Generic — "Dear Customer" | Targeted — name, employer, recent activity |
| Sending scale | Millions of identical emails | Thousands of unique, individual emails |
| Domain reputation | Often flagged or known bad | Fresh or legitimate-looking — no prior flags |
| Detectable by spam filter? | ✓ Often caught | ✗ Consistently bypasses |
| Detectable by TrustScan? | ✓ Catches | ✓ Catches |
AI-generated phishing is used for targeted attacks — not random spam. These groups are the primary targets.
AI-generated CEO fraud and vendor impersonation attacks are designed to extract wire transfers and payment redirects. The emails are indistinguishable in tone and style from legitimate executive communications.
Personal accounts are targeted with AI-generated fake bank alerts, package delivery notifications, and subscription renewal scams that use your real name and account details scraped from data breaches.
AI-powered phishing targeting IT staff focuses on credential harvesting — fake IT helpdesk requests, MFA reset prompts, and VPN login pages crafted to look exactly like the internal tools the recipient uses daily.
Yes. AI-powered content analysis is currently the most reliable method for detecting AI-generated phishing. Traditional spam filters work by matching known patterns and domain reputations — signals that AI-written emails deliberately lack. TrustScan uses a large language model to analyse intent, language structure, and manipulation tactics inside each email, flagging messages that exhibit AI-authorship signals combined with phishing intent.
An AI-generated phishing email is a fraudulent message written by a large language model such as ChatGPT, Claude, or Gemini, at the instruction of an attacker. Unlike traditional phishing, which is often grammatically poor and generic, AI-generated phishing is fluent, personalised, and contextually believable — making it far harder to identify by eye. Read more about how to spot the warning signs →
Spam filters identify threats by matching against known patterns: flagged domains, recurring URL signatures, and high sending volumes. AI-generated phishing emails have none of these properties — each one is novel text, sent from a fresh domain, with no prior signal to match. Pattern matching cannot detect what has never been seen before. See the full breakdown of why Gmail's spam filter isn't enough →
TrustScan's backend uses a large language model to evaluate each email across four dimensions: phishing risk, scam risk, AI-authorship likelihood, and overall threat level. For AI-authorship detection, the model evaluates writing uniformity, structural regularity, sentence-level entropy, vocabulary distribution, and the presence of manipulation tactics characteristic of LLM-generated social engineering content. The result is a combined trust score from 0 to 100.
In most cases, yes. Traditional phishing emails are often generic and contain obvious red flags that experienced users recognise. AI-generated phishing is grammatically flawless, personalised with real context about the recipient, and stylistically indistinguishable from legitimate email. Security researchers have documented significantly higher click rates on targeted spear phishing versus generic campaigns — and AI eliminates the cost and time that previously kept targeted attacks rare.
Yes. TrustScan's free tier includes 50 email scans per month, covering AI-authorship detection, phishing detection, scam detection, and image analysis. Paid plans starting at $5/month unlock higher monthly scan volumes. See pricing details →
TrustScan adds an AI-powered phishing scanner inside Gmail that detects AI-written threats automatically. Install once — every email analysed instantly.
Install TrustScan for ChromeRequires Google Chrome, Edge, or Brave. No account needed · Uninstall anytime.