AI-powered email compromise is outpacing static security controls

At a glance

What this is: This is Abnormal AI’s 2025 report on behavioral email security, and its core finding is that AI-powered social engineering is outpacing static, rules-based defenses.

Why it matters: It matters because email compromise now intersects with identity, context, and risk signals across human and vendor communications, which means IAM, PAM, and NHI teams all need to think beyond perimeter filtering.

By the numbers:

• Business Email Compromise caused $2.77 billion in losses in 2024.
• In 2024, Business Email Compromise alone caused $2.77 billion in losses.

👉 Read Abnormal AI's 2025 report on behavioral detection for email compromise

Context

Business Email Compromise is a social engineering attack that exploits trust in email conversations to redirect payments, steal credentials, or take over accounts. The problem is not just message content anymore. Attackers now use generative AI to make vendor impersonation, payment changes, and account takeover attempts look normal enough to evade static filters.

For IAM teams, the gap is not limited to email security. Email sits on top of identity, access, and communication context, so a convincing message can become an identity event when it triggers credential theft or fraudulent workflow changes. The article’s core message is that rules and signatures cannot keep up with AI-assisted impersonation, which is a typical failure pattern in modern enterprise environments.

Key questions

Q: How should security teams detect business email compromise without relying on malware?

A: Security teams should use behavioural signals, not just malware indicators. The key is to compare sender identity, communication cadence, financial requests, and account context against established norms. That approach catches malicious requests that look clean at the message level but are abnormal for the relationship, which is where business email compromise usually succeeds.

Q: Why do static email rules fail against AI-powered phishing?

A: Static rules fail because AI can vary tone, wording, timing, and structure faster than human teams can retune filters. A message can look plausible, contain no malware, and still be fraudulent. The real weakness is that rules inspect content in isolation, while AI-powered phishing exploits the trust pattern around the message.

Q: What breaks when email security is separated from identity governance?

A: You miss the path from a suspicious message to a compromised identity and then to fraudulent business action. Email compromise is often the entry point, but the damage appears in access abuse, payment diversion, or internal phishing. If identity telemetry is not tied to messaging data, the attack is visible too late.

Q: How should organisations respond when vendor impersonation targets payment workflows?

A: Organisations should require out-of-band verification for payment changes, new banking details, and account recovery requests. Those workflows need stronger approval logic because trusted email threads are a common abuse path. The practical objective is to stop a fraudulent request before it is converted into a financial transaction.

Technical breakdown

Identity-aware detection for vendor impersonation

Behavioral email security works by building a baseline for how a sender, recipient, vendor, or application usually behaves, then comparing new activity against that baseline. Identity awareness looks at sign-in location, communication history, device context, and relationships between parties. That matters because vendor email compromise often succeeds without malware, using legitimate-looking correspondence and trusted threads. Static filtering struggles here because the content itself can be clean while the intent is fraudulent. A behavioural model can still detect unusual payment language, cadence shifts, or a vendor request that does not fit historical patterns.

Practical implication: security teams need identity-linked baselines for vendor communications, not just spam rules and URL scanning.

Why malware-free phishing defeats legacy sandboxing

Credential phishing increasingly arrives without a malicious attachment or obvious payload, which makes sandbox-based inspection less effective. In that model, there is nothing for the sandbox to detonate, so the attack succeeds through human trust and sequence manipulation rather than malware execution. The report’s emphasis on identity and risk baselines reflects a wider shift in detection logic. Instead of asking whether the email contains known bad content, the system asks whether the request is abnormal for that relationship, context, and communication history. That is a fundamentally different control model.

Practical implication: teams should treat malware-free phishing as an identity anomaly problem, not only a content inspection problem.

Account takeover signals inside cloud communication patterns

Once an attacker compromises a mailbox, the resulting behaviour often changes before any overt damage appears. Suspicious login geographies, device mismatches, and unusual east-west traffic can indicate that the account is being used for reconnaissance or internal phishing. The technical value of behavioural systems is that they correlate these signals across cloud applications rather than isolating email alone. That makes account takeover detectable as a sequence of abnormal actions, not just a single bad login. For practitioners, this moves detection closer to the real abuse path.

Practical implication: correlate mailbox behaviour with identity and application telemetry so takeover is visible before payment fraud or lateral phishing spreads.

Threat narrative

Attacker objective: The attacker wants to exploit trusted email relationships to steal money, credentials, or downstream access with minimal malware exposure.

1. Entry begins with AI-generated phishing or vendor impersonation that persuades a user to trust a message or request.
2. Escalation occurs when the attacker steals credentials or takes over a mailbox and uses the account for reconnaissance, internal phishing, or fraudulent payment redirection.
3. Impact follows when the attacker changes payment instructions, steals information, or extends compromise into additional accounts and workflows.

Breaches seen in the wild

• MongoBleed breach — MongoBleed exposed secrets across 87K MongoDB servers.
• IOS app secrets leakage report — iOS apps leaking hardcoded secrets and credentials endangering user privacy.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Static email defenses are now a governance liability, not just a detection gap. This report reinforces that rules and signatures cannot adapt quickly enough to AI-generated impersonation and mailbox abuse. When attacker language, cadence, and context are produced at scale, the control problem shifts from message screening to identity and behavioural verification. Practitioners should treat legacy email filtering as only one layer in a broader identity security programme.

Behavioral baselines are the right abstraction for email-linked identity risk. The meaningful signal is not whether an email looks malicious in isolation, but whether a person, vendor, or application is acting outside its normal relationship pattern. That aligns with OWASP-NHI and NIST CSF thinking because the control objective is trust validation across identity events, not content classification alone. The practitioner conclusion is to anchor detection in relationship-aware behaviour, not inbox heuristics.

Vendor email compromise exposes a broader identity trust gap across procurement and finance workflows. Attackers do not need to break encryption or exploit a technical vulnerability if they can alter invoicing cadence and payment direction inside a trusted thread. That means finance approvals, vendor onboarding, and account change workflows are part of identity governance, not just back-office process. The practitioner conclusion is to treat vendor communications as governed identity surfaces.

AI-powered phishing is collapsing the assumptions behind user-awareness programmes. Awareness training assumes people can spot patterns that are novel but still visibly suspicious. Generative AI weakens that assumption by producing attacks that fit expected tone, timing, and context. The result is not training failure alone, but a mismatch between human judgment and machine-generated realism. Practitioners should rethink where human review can still add value and where it can no longer be the primary control.

Identity, context, and risk need to be analysed together or the false-negative rate will stay too high. The report’s three-pillar model shows why single-signal tools miss attacks that are individually normal but collectively abnormal. This is especially relevant where email is the entry point for account takeover, fraud, or downstream abuse in connected applications. The practitioner conclusion is to align telemetry, ownership, and escalation paths across IAM, SOC, and finance.

From our research:

• 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
• 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
• For the governance context behind these patterns, see Top 10 NHI Issues for the control failures that let identity risk linger.

What this signals

Vendor-thread fraud is becoming an identity governance problem as much as a messaging problem. Once payment instructions, vendor onboarding, and approval chains are manipulated in email, the control surface extends into IAM, finance, and third-party governance. Teams should map where trusted communication can directly trigger value transfer, because that is where behavioural controls need to sit.

With 96% of organisations storing secrets outside dedicated secrets managers, per the Ultimate Guide to NHIs, attackers who pivot from email compromise into credential abuse often find the environment already permissive. That makes email the front door to a wider identity exposure problem, not an isolated channel risk.

Communication trust debt: the longer organisations rely on humans to distinguish legitimate vendor requests from AI-generated deception, the more the attack surface shifts into business processes that were never built for adversarial prompting. Practitioners should prepare for stronger verification in finance and procurement workflows, not just more inbox filtering.

For practitioners

• Build behavioural baselines for vendors and finance contacts Model normal invoicing cadence, payment language, and thread history for each trusted counterparty so deviations are visible before payment instructions are changed.
• Correlate mailbox events with identity telemetry Link login geography, device changes, and session anomalies to email activity so account takeover is detected as a sequence, not a single alert.
• Treat malware-free phishing as an identity case Escalate credential phishing campaigns that lack a payload into identity review workflows because sandboxing cannot inspect intent when no malware is present.
• Review vendor onboarding and change-of-payment controls Require secondary verification for supplier bank detail changes, invoice redirection, and account recovery requests because those steps are prime BEC targets.

Key takeaways

• AI-generated email attacks now defeat controls built around known bad content, which makes behavioural detection a core requirement rather than an enhancement.
• Business Email Compromise caused $2.77 billion in losses in 2024, showing that trusted communication remains a high-value entry point for fraud and identity abuse.
• The most effective response is to connect email, identity, and workflow controls so abnormal requests are blocked before they become account takeover or payment diversion.

Key terms

• Business Email Compromise: Business Email Compromise is a social engineering attack in which an attacker uses trusted email relationships to induce payments, credential disclosure, or account abuse. The message may look legitimate and contain no malware, which is why the control problem often sits in identity verification and workflow approval, not just content scanning.
• Behavioral Baseline: A behavioral baseline is a model of what normal activity looks like for a person, vendor, application, or account. In email security, it combines identity, context, and content signals so anomalies can be detected even when a message appears technically clean. It is most useful when relationships and timing matter.
• Account Takeover: Account takeover occurs when an attacker gains control of a legitimate user or vendor account and uses it for malicious activity. In email environments, takeover often becomes a launch point for reconnaissance, internal phishing, or fraudulent requests, which makes session, device, and communication anomalies important detection signals.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Abnormal AI: ABX: Built for Change in 2025. Read the original.