Artificial intelligence and machine learning (AI/ML) have seamlessly and fundamentally transformed the way we interact with digital technology [1]. Dual-use applications, such as the case of AI/ML, can be quickly exploited by cybercriminal activities. One example is phishing, one the first types of cybercrime. While phishing in today’s world is still perceived as an outdated scam, AI/ML advancements have paved the way for more convincing phishing attacks and the wider use of hyper-targeted spear-phishing. This article will focus on the AI/ML-enabled transformation of phishing and spear-phishing and the consequences it poses for the cybersecurity environment.