Research Reports

Longer-form research notes, measurement studies, and periodic threat briefs.

8research notes
7blue-team studies
1red-team studies
0dual-use studies
May 20, 2026latest note

Lead Research Note

Research Note: Measuring AI-Generated Phishing Without the Survey Noise

The interesting question is not whether AI phishing is rising. It is which measurements are decision-grade and which are marketing.

May 20, 20269 min readPhishPond Desk

Research Archive

8 entries

Field Analysis

Blue TeamResearch ReportsMay 20, 20269 min read

Research Note: Measuring AI-Generated Phishing Without the Survey Noise

Vendor headlines about AI phishing blend volume, effectiveness, and survey sentiment into single numbers. Defenders need to separate those measurements to instrument the threat honestly.

Recent Linux LPEs Turn Local Footholds Into Infrastructure Control

Copy Fail, Dirty Frag, and ssh-keysign-pwn show why local Linux privilege escalation still belongs in phishing and infrastructure-defense planning.

Research Note: Phishing-Resistant MFA Still Depends on Recovery Workflow Quality

Phishing-resistant authentication reduces token theft risk, but account recovery, device replacement, and exception handling can reintroduce phishable paths.

Q1 Email Threat Data Points Defenders Toward Links, QR Codes, and BEC

Microsoft's Q1 2026 email threat review shows link-based phishing dominance, QR code growth, CAPTCHA-gated flows, and persistent business email compromise pressure.

Research Note: QR Phishing Needs Measurement Beyond Message Volume

QR phishing programs are easier to understand when teams measure scan context, report timing, landing-page behavior, and control coverage instead of only counting delivered messages.

Research Note: OAuth Consent Debt Builds Quietly Until Incident Response Needs It Gone

OAuth app grants accumulate over time, and stale consent can become a hidden access path when vendors, users, or integrations are later compromised.

By PhishPond Desk

Field Analysis

Red TeamResearch ReportsApr 16, 20267 min read

Quarterly Phishing Brief: Regional Targeting Intensifies in Health Systems

Healthcare organizations are experiencing clustered phishing campaigns aligned to regional staffing and patient billing cycles.

Inside the Metrics: Measuring Mitigation Quality, Not Just Click Rate

Security leaders are expanding phishing KPIs beyond user clicks to include reporting speed, containment time, and repeat exposure risk.

Research Reports

Research Note: Measuring AI-Generated Phishing Without the Survey Noise

Research Archive

Research Note: Measuring AI-Generated Phishing Without the Survey Noise

Recent Linux LPEs Turn Local Footholds Into Infrastructure Control

Research Note: Phishing-Resistant MFA Still Depends on Recovery Workflow Quality

Q1 Email Threat Data Points Defenders Toward Links, QR Codes, and BEC

Research Note: QR Phishing Needs Measurement Beyond Message Volume

Research Note: OAuth Consent Debt Builds Quietly Until Incident Response Needs It Gone

Quarterly Phishing Brief: Regional Targeting Intensifies in Health Systems

Inside the Metrics: Measuring Mitigation Quality, Not Just Click Rate

Explore Other Categories

Research Reports

Research Note: Measuring AI-Generated Phishing Without the Survey Noise

Research Archive

Research Note: Measuring AI-Generated Phishing Without the Survey Noise

Recent Linux LPEs Turn Local Footholds Into Infrastructure Control

Research Note: Phishing-Resistant MFA Still Depends on Recovery Workflow Quality

Q1 Email Threat Data Points Defenders Toward Links, QR Codes, and BEC

Research Note: QR Phishing Needs Measurement Beyond Message Volume

Research Note: OAuth Consent Debt Builds Quietly Until Incident Response Needs It Gone

Quarterly Phishing Brief: Regional Targeting Intensifies in Health Systems

Inside the Metrics: Measuring Mitigation Quality, Not Just Click Rate

Explore Other Categories