AI-powered business email compromise is outpacing traditional defenses

At a glance

What this is: This webinar explains how generative AI is making business email compromise more convincing, more personalised, and harder for traditional security tools to spot.

Why it matters: It matters because IAM, fraud, and security teams need controls that understand identity behaviour, vendor trust, and relationship anomalies, not just malicious payloads.

👉 Watch Abnormal AI's on-demand webinar on AI-powered business email compromise

Context

Business email compromise has moved beyond obvious phishing artefacts. When attackers can research a target, imitate internal language, and reference real vendors without dropping a payload, the control problem shifts from message inspection to trust validation and behavioural detection.

For IAM and security programmes, the issue is not only email fraud. It is the abuse of business relationships, vendor accounts, and organisational trust signals that sit outside conventional MFA, password, and malware-centric controls.

Key questions

Q: How should security teams defend against AI-generated business email compromise?

A: Security teams should combine identity-aware email controls with independent verification for money movement and account changes. Focus on relationship anomalies, sender history, and workflow context rather than relying only on malicious links or attachments. AI-generated text can be convincing, so the strongest defence is process control plus behavioural detection.

Q: Why do traditional email security tools miss payload-less BEC attacks?

A: Traditional tools are built to detect malware, links, and known infrastructure. Payload-less BEC often contains none of those signals. The message may look clean while the fraud sits in the social engineering, so teams need behavioural analysis and business-process verification to catch it.

Q: What controls reduce vendor-compromise fraud risk?

A: Use separate verification for supplier banking, invoice, and payroll-related requests, and restrict which vendor accounts can trigger internal action. Monitor for changes in communication cadence, sender identity, and approval patterns. Vendor trust should be revocable and revalidated, not assumed permanent.

Q: Who should own response when AI-assisted fraud targets finance workflows?

A: Ownership should sit across security, IAM, finance, procurement, and legal, because the attack crosses identity, communications, and payment approval boundaries. A single team cannot fully contain the problem. The key is a shared escalation path with clear authority to halt suspicious transactions before completion.

Background and context

Payload-less business email compromise and why filters miss it

Payload-less BEC works because the message itself can be clean while the social engineering is dirty. Generative AI lets attackers generate fluent, context-aware text that mirrors prior conversations, business cadence, and tone. Traditional secure email gateways and anti-malware controls are tuned to inspect links, attachments, and known indicators of compromise, so they often have little to flag when the attack uses none of those artefacts. The result is a control gap between content inspection and intent detection.

Practical implication: move detection away from payload analysis alone and into identity, behavioural, and relationship signals.

Lookalike domains, vendor compromise, and relationship abuse

BEC campaigns increasingly exploit domain similarity, compromised supplier accounts, and internal trust pathways. A lookalike domain can pass a surface-level glance, while a compromised vendor mailbox gives the attacker a legitimate relationship to reuse. That combination is dangerous because fraud no longer depends on breaking authentication first. Instead, the attacker borrows legitimacy from a real identity and then uses that legitimacy to drive payment diversion, payroll fraud, or account-takeover follow-on activity.

Practical implication: verify high-risk requests through independent channels and treat vendor and finance workflows as identity-sensitive control points.

Behavioral analysis as a control for relationship anomalies

Behavioral analysis looks for deviations in tone, timing, urgency, sender-recipient history, and payment patterns. Unlike static content filters, it can score whether a message fits the normal relationship between two identities, including a human employee and an external vendor or internal finance approver. This matters because AI-generated text can imitate style, but it cannot easily recreate years of interaction history and process normality across an organisation. That makes relationship drift a stronger signal than language quality alone.

Practical implication: tune detection to unusual relationship patterns, not just suspicious words or known malicious infrastructure.

NHI Mgmt Group analysis

Business email compromise is becoming an identity problem, not just a mail-filter problem. AI makes it cheaper to mimic tone, imitate urgency, and tailor a message to a target’s environment. That means the security question is increasingly whether an identity relationship looks plausible, not whether a message contains malware. Practitioners should treat BEC as trust abuse across human, vendor, and finance workflows.

The 80% rogue-behaviour signal in AI-agent research is directionally relevant here even though this attack is human-directed. It shows how quickly identity abuse scales once systems can behave with context and intent. The same lesson applies to BEC: as attackers automate personalization, review processes built for generic phishing lose relevance. Practitioners should re-centre controls on behavioural drift and relationship validation.

Credentialed trust abuse is the common failure pattern across modern identity incidents. Whether the compromised actor is a vendor mailbox, a service account, or a human inbox, the breach path often starts when trusted identity is reused outside its intended context. The implication is that governance must track how trust is exercised, not just who owns the account.

Vendor compromise without relationship re-verification is a standing fraud exposure. Once an external account is trusted inside a workflow, attackers can pivot from message delivery to payment redirection or internal impersonation. That is a lifecycle failure as much as a detection failure. Practitioners should map where vendor trust becomes executable authority.

Behavioral detection is becoming the practical control layer for AI-assisted fraud. Static signatures cannot keep up with model-generated language that is clean, fluent, and highly specific. The field is moving toward anomaly detection on relationships, timing, and approval patterns. Teams that still anchor on payload-based phishing defence are already underpowered.

From our research:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
• Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
• For the broader control model, see 52 NHI Breaches Analysis for how trust abuse becomes persistence and impact across identity-led incidents.

What this signals

Trust validation is becoming a first-class control requirement. The practical lesson from AI-assisted BEC is that message authenticity and business legitimacy are not the same thing. As attackers get better at simulating tone and context, organisations need stronger verification around invoices, payroll, supplier changes, and internal approvals, with particular attention to identity-sensitive workflows that cross team boundaries.

Relationship intelligence will matter more than content inspection. A message can be syntactically perfect and still be fraudulent if it arrives from the wrong relationship, at the wrong time, or with the wrong business trigger. Teams should expect more investment in behavioural analytics, vendor trust mapping, and approval-chain telemetry because static filters will continue to miss the highest-quality attacks.

For practitioners

• Harden payment and payroll verification paths Require an out-of-band confirmation step for any high-risk transfer, bank detail change, or payroll update, and make the verifier independent of the requester. Use a second channel that is not the same mailbox thread, collaboration tool, or vendor contact list.
• Monitor relationship anomalies, not just malicious content Tune detections to changes in sender-recipient history, message urgency, payment language, and vendor communication patterns. A clean message from a trusted-looking address should still be scored if the relationship context is unusual.
• Treat vendor accounts as identity-sensitive trust edges Review which third-party mailboxes, portals, and delegated workflows can trigger internal action. Remove any ability for a vendor account to initiate business changes without a separate verification control.
• Expand fraud playbooks to include AI-assisted pretexting Update incident response and awareness materials to cover payload-less BEC, lookalike domains, and AI-generated sender style. Include finance, procurement, and IAM stakeholders in exercises so the response path reflects real approval chains.

Key takeaways

• AI-assisted business email compromise shifts defence from payload inspection to identity and relationship validation.
• The attacker advantage comes from personalization at scale, which makes convincing fraud possible without links, malware, or stolen credentials.
• Practitioners should harden approval workflows, verify vendor changes independently, and use behavioural analysis to spot trust abuse early.

Key terms

• Business Email Compromise: Business Email Compromise is a fraud technique where an attacker impersonates a trusted person or organisation to trigger payments, data sharing, or account changes. The attack succeeds through social engineering and trust abuse rather than malware, making workflow verification and relationship context critical controls.
• Payload-less Attack: A payload-less attack is a malicious message or request that contains no obvious malware, attachment, or link. In practice, the danger comes from the social engineering itself, which can exploit human trust and business process shortcuts that traditional email security tools are not designed to validate.
• Behavioural Analysis: Behavioural analysis is the use of interaction patterns, timing, tone, and relationship history to identify activity that looks out of place. It is especially useful when adversaries can generate clean content, because the control focuses on whether the behaviour fits the identity and business context.
• Relationship Anomaly: A relationship anomaly is a message, request, or action that does not match the normal pattern between two identities or business processes. It can include unusual urgency, unexpected recipients, new payment details, or a vendor request that breaks established approval behaviour.

Deepen your knowledge

NHI governance, machine identity security, and identity lifecycle management are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or programme maturity, it is worth exploring.

This post draws on content published by Abnormal AI: a ThreatStream webinar on how generative AI is changing business email compromise. Read the original.