By NHI Mgmt Group Editorial TeamPublished 2025-10-08Domain: Governance & RiskSource: Abnormal AI

TL;DR: Phishing now accounts for 77% of advanced email attacks, while business email compromise caused more than $2.7 billion in losses last year and account takeovers averaged $4.67 million per breach, according to Abnormal AI. Traditional secure email gateways are losing their edge because modern attacks are contextual, credential-led, and increasingly tied to third-party app abuse.

At a glance

What this is: This is an analysis of how AI-assisted email attacks, account takeovers, and third-party app abuse are bypassing legacy secure email gateways.

Why it matters: It matters because email identity, delegated app access, and inbox trust now sit inside the same attack surface that IAM, PAM, and NHI programmes have to govern together.

By the numbers:

👉 Read Abnormal AI's analysis of AI-driven email attacks bypassing SEGs

Context

Email security is no longer only a content-filtering problem. Once attackers can use AI to remove the obvious spelling, grammar, and formatting clues that legacy systems relied on, the real control question becomes whether the organisation can govern identity, context, and delegated access across the inbox and the apps attached to it.

For IAM teams, this is a boundary issue as much as a detection issue. An email account, a compromised session, or a third-party integration can each become a path into business processes, financial workflows, and connected applications, which means identity governance has to extend beyond authentication events and into mailbox-level trust and app permission lifecycle.

Key questions

Q: How should security teams defend against AI-generated phishing in email environments?

A: Security teams should move beyond header checks and malware scanning to behavioural and identity-aware detection. AI-generated phishing often looks grammatically perfect and uses trusted context, so the defence needs to evaluate sender history, reply-chain anomalies, and unusual requests inside otherwise legitimate conversations. Pair that with mailbox-level containment for any account that starts sending suspicious internal messages.

Q: Why do account takeovers create such a large risk for enterprise identity programmes?

A: Account takeovers matter because a mailbox usually has more trust than a single login session. Once compromised, the attacker can impersonate the user, target coworkers, reach connected applications, and launch further fraud or data theft. The risk is not just access loss, but the inherited authority that the email identity already has across the organisation.

Q: What breaks when third-party email apps are not reviewed after consent?

A: What breaks is ownership and visibility. A third-party app can retain permissions long after the original business need has changed, which means attackers can abuse a legitimate integration rather than forcing a new login. Without regular review, revocation, and purpose tracking, the organisation loses control over who can act in the email environment and why.

Q: Who is accountable when delegated email access is abused?

A: Accountability should sit with the business owner of the integration, the identity team managing consent, and the security team monitoring downstream abuse. When delegated access is misused, the failure is usually lifecycle control, not a single technical event. Frameworks that cover access governance and zero trust principles are the right place to assign and test that responsibility.

Technical breakdown

Why secure email gateways miss contextual phishing

Traditional secure email gateways were tuned for signals such as known malicious links, suspicious attachments, spoofing patterns, and malware signatures. Modern phishing often removes those indicators and instead relies on persuasive language, trusted relationships, and subtle context shifts. AI tools let attackers write convincing, personalised messages that look legitimate at a surface level, while the malicious intent sits in the conversation, not the header. That is why a message can be dangerous even when it contains no obvious technical indicator of compromise.

Practical implication: security teams need detection that evaluates language, relationship context, and sender behaviour, not just message signatures.

Account takeover turns email into a control plane

An account takeover is more than inbox access. Once an attacker has a mailbox, they can read internal communications, impersonate the user, send secondary phishing, and pivot into connected applications that trust the account. The article highlights token theft, password stuffing, brute force, and phishing as entry methods, which matters because the mailbox becomes a control plane for further abuse. In identity terms, the problem is not only initial compromise but the downstream authority the account already holds.

Practical implication: protect email accounts as high-value identities with strong session controls, rapid containment, and access-aware monitoring.

Third-party app abuse expands the email trust boundary

Cloud email environments often include hundreds of authorised third-party applications, each carrying delegated permissions into mailboxes or adjacent data. If one of those apps is compromised, the attacker inherits the permissions that the user granted, which can bypass inbox-centric controls entirely. This is a governance problem as much as a security one because the permissions are often long-lived, widely scattered, and poorly reviewed after initial consent. The attack surface is the app ecosystem attached to email, not the inbox alone.

Practical implication: review delegated application access as part of identity lifecycle management, not as a one-time consent event.

Threat narrative

Attacker objective: The attacker wants to convert trusted email identity into a launch point for financial fraud, data theft, and broader enterprise access.

  1. Entry occurs through AI-generated phishing, QR-code lures, credential theft, or a compromised third-party application that already has delegated access into the email environment.
  2. Escalation happens when the attacker uses the mailbox or app permissions to read trusted conversations, impersonate the user, and reach connected applications or internal recipients.
  3. Impact follows when the compromised identity is used to launch further phishing, divert payments, exfiltrate data, or spread access across business systems that trust the inbox account.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

AI-assisted email attack chains are now an identity problem, not just a message-filtering problem. The article shows that modern phishing, BEC, QR-code lures, and app abuse are all designed to inherit trust from identity and context rather than from malware. That means the control surface has moved from suspicious content to the authority attached to the mailbox, the session, and the connected application. Practitioners should treat email as a governed identity plane, not a standalone inbox technology.

Contextual trust is the named failure mode here: legacy email controls were designed for obvious indicators, not for socially engineered legitimacy. The message-level assumption was that bad email would look bad. AI-generated phishing breaks that premise because the attack can be linguistically clean, relationship-aware, and free of normal red flags. The implication is that detection built around static indicators now fails at the point where trust is earned, not where malware is delivered.

Delegated access without lifecycle offboarding is the control gap that makes third-party app abuse so effective. The article’s 300-plus integrated applications point to a permission sprawl problem: once an app is consented, its access can outlive scrutiny. That is an NHI-style governance issue even when the app is not a classic secret or token. Practitioners should view delegated app permissions as identities that require ownership, review, and removal when no longer justified.

Account takeover creates identity blast radius because one mailbox can legitimately speak to many other trust domains. The article’s $4.67 million average breach cost shows that the damage is not confined to inbox loss. A single compromised email identity can impersonate staff, access shared conversations, and trigger actions in finance or collaboration tools. Security teams should measure how far a mailbox can reach, not only whether it was compromised.

AI-native email defence is converging with identity governance because the boundary between authentication, authorisation, and communication has collapsed. Once an inbox can be used to authenticate into other systems, the email channel becomes part of the broader access architecture. That means IAM, PAM, and NHI teams cannot leave email threats to a separate security stack. Practitioners should align email monitoring with access review, delegated consent management, and rapid account containment.

From our research:

  • Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks, according to The 2024 ESG Report: Managing Non-Human Identities.
  • Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, which shows that identity compromise is rarely a one-off event.
  • For a broader view of breach patterns across machine identities, see The 52 NHI breaches Report, which helps teams connect delegate abuse to repeatable governance failures.

What this signals

Delegated access is becoming the durable weak point in email governance. As organisations accumulate more third-party integrations, the permission graph grows faster than most review processes can follow. Teams should expect consent sprawl to outlast the original use case unless they tie app permissions to ownership, review cadence, and removal events.

Email security programmes that still treat inbox protection as a separate layer from identity governance will keep missing the real control point. The most useful shift is to combine mailbox monitoring, session containment, and delegated app review into one operating model that security and IAM teams can both act on.

The governance question is no longer whether an email threat is malicious enough to block, but whether the identity behind it is authorised to keep existing in that form. Once teams can answer that, the conversation moves from alert volume to trust boundary management.

For practitioners

  • Map mailbox-to-application trust paths Inventory which connected applications can read, send, or act from email identities, then rank them by business impact and revocation difficulty.
  • Review delegated app consent as lifecycle governance Treat every third-party email integration as an identity with an owner, purpose, expiry expectation, and offboarding trigger.
  • Tune detection for context shifts, not only malware Prioritise behavioural signals such as unusual reply chains, injected bank details, sudden CC changes, and anomalous language patterns.
  • Contain account takeover as a privileged identity event Make mailbox lockdown, token invalidation, and recipient quarantine part of the response playbook when a trusted account behaves outside its normal patterns.

Key takeaways

  • Modern email attacks succeed by exploiting trust, context, and delegated access rather than obvious technical indicators.
  • The scale is material, with phishing, BEC, account takeover, and third-party app abuse all producing measurable loss and breach impact.
  • IAM, PAM, and NHI teams should govern email identities as part of the broader access lifecycle, not as a separate inbox problem.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-01Covers exposed or abused non-human access paths, including delegated app permissions.
NIST CSF 2.0PR.AA-01Identity proofing and authentication boundaries matter when email accounts are abused.
NIST Zero Trust (SP 800-207)AC-4Email trust boundaries need explicit authorisation and continuous verification.

Apply least-privilege and continuous verification to email-linked access paths and app permissions.

Key terms

  • Account Takeover: A compromise in which an attacker gains control of a legitimate user or service identity and uses that identity to act with its existing trust. In email environments, takeover is dangerous because the account already carries conversation history, recipient trust, and access to connected applications.
  • Delegated Application Access: Permissions granted by a user or organisation to a third-party app so it can act on behalf of an identity or access its data. These permissions can become a long-lived trust path if they are not reviewed, scoped, and removed when the business need ends.
  • Contextual Phishing: A phishing technique that relies on believable language, relationship knowledge, and timing rather than obvious malware or poor formatting. It is effective because the attack blends into normal business communication and exploits the trust people place in familiar interactions.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Abnormal AI: 8 sinister cyber threats bypassing your SEG. Read the original.

NHIMG Editorial Note
Published by the NHIMG editorial team on 2025-10-08.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org