Key findings from the 2026 Sublime Email Threat Research Report

The 2026 Sublime Email Threat Research Report highlights a rapidly evolving threat landscape in which attackers increasingly prioritize precision and trust exploitation over high-volume campaigns. In 2025, business email compromise (BEC) attacks remained prevalent, with thread hijacking surpassing traditional methods by inserting attackers into legitimate conversations to deceive targets. QR code phishing surged, exploiting the vulnerability of mobile devices outside corporate security, while AI-generated attacks rose significantly, showcasing the adaptability of attackers using AI. Calendar invites emerged as a new phishing vector, bypassing traditional email security, and evasion stacking combined multiple techniques to outsmart defenses. Attackers also shifted towards abusing lesser-known platforms, leveraging trust in emerging services. Organizations are urged to adopt adaptive detection systems integrating machine learning and agentic AI to counteract these sophisticated social engineering tactics and the increasing speed of attack evolution.