Security teams should combine behavioural analysis, workflow verification, and channel-based risk scoring. The goal is to detect whether a request fits historical communication patterns, not just whether it contains suspicious text. That approach is stronger than relying on links, attachments, or keyword triggers, which AI-generated fraud can easily avoid.
Why This Matters for Security Teams
AI-generated social engineering is difficult to stop because it often looks operationally normal: the grammar is clean, the timing feels plausible, and the message can mirror real project language without using obvious phishing markers. That makes keyword filters and link scanning insufficient on their own. Current guidance suggests treating legitimacy as a workflow question, not a text-analysis problem, and pairing it with identity assurance and channel risk controls from NIST Cybersecurity Framework 2.0.
For security teams, the main risk is false trust. A convincing request sent through the right account or a familiar collaboration channel can bypass alert fatigue, especially when the message references real vendors, finance processes, or incident response tasks. That is why NHI governance matters as well: compromised service accounts, OAuth apps, and other non-human identities can be used to make fraudulent requests appear routine, as discussed in Top 10 NHI Issues. In practice, many security teams encounter this only after a legitimate-looking request has already triggered payment, access, or data movement.
How It Works in Practice
Detection works best when it combines behavioural baselines, workflow verification, and channel context. The goal is to ask whether the request makes sense for the sender, the account, the time, and the business process. A message that is syntactically perfect but arrives from an unusual identity, at an unusual time, or outside the normal approval sequence should be scored as higher risk.
Teams should tune controls around the identity behind the request, not just the content. That means correlating email, chat, ticketing, and identity telemetry with expected patterns from NIST CSF detection and response practices, and validating whether the account has a history of making this kind of request. Where possible, require a second path of verification for high-impact actions, such as payment changes, secrets access, or privilege grants.
- Score requests by sender reputation, account age, and recent authentication anomalies.
- Verify the workflow: does the request match the approved business process and current ticket?
- Compare tone, urgency, and timing against historical communication patterns.
- Flag requests that combine authority language with unusual channel switching or secrecy.
- Check whether the identity involved is a human account, an app, or another NHI that should not be initiating the action.
This is especially important in environments where agentic systems and automations can send requests on behalf of users, because a compromised workflow can look just as legitimate as a human message. For identity assurance and stronger verification of who or what is behind a request, NIST SP 800-63 Digital Identity Guidelines help frame the assurance question, while the NHI Lifecycle Management Guide is useful for understanding how identity drift and weak lifecycle controls create openings for abuse. These controls tend to break down when teams cannot unify communications telemetry across platforms because the evidence needed to prove abnormality is fragmented.
Common Variations and Edge Cases
Tighter verification often increases friction, so organisations have to balance user experience against the need to stop high-value fraud. That tradeoff becomes sharper in finance, executive support, incident response, and outsourced operations, where legitimate urgency is common and attackers can exploit that speed.
There is no universal standard for this yet, but current guidance suggests using stronger checks when the request involves money movement, access expansion, credential resets, or bypassing normal review. AI-generated fraud also becomes harder to spot when it borrows details from real incidents or copies internal terminology, which is why teams should treat familiarity as a signal, not proof. If the message comes through a trusted collaboration tool, the channel itself may look normal even when the identity is compromised.
Teams should also be cautious about overfitting detection to email. Many campaigns now move through chat, ticketing, document comments, and voice-assisted workflows. The practical answer is to monitor the request chain end to end and to separate normal business urgency from abnormal process shortcuts. Research on the DeepSeek breach shows how exposed secrets and compromised identities can turn trusted systems into delivery mechanisms for deception, which is why social engineering detection increasingly overlaps with NHI monitoring.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A1 | Covers deceptive agent-driven requests that mimic legitimate workflows. |
| CSA MAESTRO | GOV-2 | Addresses governance for autonomous or semi-autonomous request generation. |
| NIST AI RMF | GOVERN | Supports oversight of AI-related risk, including persuasive synthetic content. |
Define ownership, monitoring, and escalation paths for AI-enabled social engineering.
Related resources from NHI Mgmt Group
- What steps should security teams take to prevent Shadow AI risks?
- How do security teams detect abuse of legitimate AI platform content?
- How should security teams stop AI-powered social engineering from leading to privileged access?
- How should security teams respond to AI-assisted phishing and social engineering?
