Defensive AI shifts email security from indicators to intent

At a glance

What this is: This is Abnormal AI’s analysis of how Defensive AI changes email and vendor-risk detection by shifting from signatures to behavioral baselines.

Why it matters: It matters because IAM, SOC, and fraud teams increasingly need identity-aware detection that can spot compromised accounts and deceptive workflows before traditional controls fail.

By the numbers:

• 98.4% of security leaders report adversaries are already using AI to attack their organizations.
• Automating analysis of user-reported messages with Defensive AI can reduce manual SOC review by more than 90%.
• 100% of surveyed security professionals ranked implementing AI in the SOC as their top business objective.

👉 Read Abnormal AI's analysis of Defensive AI for email and vendor compromise detection

Context

The core problem is that AI-assisted fraud and phishing increasingly look normal at the message layer while behaving abnormally at the identity and workflow layer. Traditional email security leans on static indicators, but those signals are easy to mimic when attackers can generate fluent language, reuse real thread history, and copy legitimate communication patterns.

For IAM and security operations teams, this shifts the question from whether a message looks malicious to whether the sender, account, or vendor behavior fits the established baseline. Defensive AI is Abnormal AI’s framing for intent-focused detection, where deviations in tone, timing, login patterns, and process sequence become the signal rather than isolated bad words or known signatures.

Key questions

Q: How should security teams detect AI-assisted phishing that looks legitimate?

A: Security teams should focus on behavior, not wording alone. Compare sender history, thread continuity, login patterns, timing, and workflow sequence against established baselines. When a message is fluent but the account or process deviates from normal practice, treat that as a higher-confidence signal than keyword matching or domain reputation checks.

Q: Why do traditional email controls struggle against AI-generated fraud?

A: Traditional controls were built to catch malformed content, known bad domains, and obvious anomalies. AI-generated fraud can reuse real threads, mimic tone, and preserve authentic-looking structure, so the message itself no longer looks suspicious. That forces defenders to validate whether the request fits the identity and workflow context, not just whether it looks clean.

Q: How do you know if behavior-based detection is actually working?

A: It is working when it reduces false confidence in polished messages and surfaces compromises before the action completes. Track whether the system catches abnormal invoice timing, unusual account switching, or off-pattern approvals that legacy filters miss. The best measure is fewer manual reviews and faster identification of compromised identities tied to real business workflows.

Q: Who should own vendor compromise detection in an enterprise?

A: Ownership should sit across IAM, SOC, and procurement or finance, because vendor compromise is both an identity problem and a process problem. Security teams need the trust signals, while business teams know the normal approval and payment patterns. Shared ownership prevents gaps where a technically valid account still gets treated as trusted after behaviour changes.

Technical breakdown

Behavioral baselines in email security

Behavioral baselining means learning how people, teams, and vendors normally communicate so the system can spot deviations that signatures miss. In this model, the control surface is not just message content but cadence, sender history, timing, account usage, and workflow sequence. That matters because modern BEC and vendor compromise often use authentic domains, valid threads, and polished language. A system tuned only to indicators of compromise will miss attacks that are syntactically clean but contextually wrong. Practical implication: security teams should instrument communication patterns, not just content filters, when evaluating email and collaboration risk.

Practical implication: build detection around behavioral drift, not only static email indicators.

Why workflow deviations matter more than keyword filters

Workflow deviation detection looks for requests that break the normal order of business, such as invoice timing, approval path changes, or account-switching in a vendor conversation. This is especially useful for supply chain compromise and business email compromise, where the attacker’s goal is to blend into the process rather than trigger an obvious alarm. Keyword filters and domain reputation checks are weak against this pattern because the language can be perfect while the process is wrong. Practical implication: map high-risk workflows and alert on out-of-pattern execution, especially where payment, access, or sensitive data transfer is involved.

Practical implication: monitor invoice and approval workflows for abnormal sequencing and account behavior.

SOC automation and analyst triage

The SOC use case is not about replacing analysts but about moving repeatable review steps into machine-assisted triage. The article’s point is that large volumes of user-reported messages can be normalized, scored, and grouped against known behavior patterns before a human reviews them. That is a throughput problem as much as a detection problem. If the organization waits for manual review, it creates backlog and delays response. If the machine handles pattern matching, analysts can spend time on exceptions and impact. Practical implication: automate first-pass message review, but keep human escalation criteria tied to business risk and account context.

Practical implication: use AI to shrink triage volume while reserving analyst judgment for high-impact cases.

Threat narrative

Attacker objective: The attacker wants to convert trusted identity and communication context into fraudulent action, data access, or financial loss.

1. Entry begins when an attacker uses AI-generated phishing, stolen threads, or a compromised vendor account to insert themselves into a legitimate-looking communication path.
2. Escalation occurs when the attacker abuses trust signals such as thread history, invoice cadence, account patterns, or fluent language to bypass legacy controls and gain the next action in the workflow.
3. Impact follows when the organization processes a fraudulent payment, exposes data, or accepts a malicious request that would have been rejected if behavioral deviation had been detected earlier.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Intent detection is replacing indicator detection as the relevant security primitive for AI-assisted fraud. Static rules are increasingly weak because the attacker can now generate convincing language and reuse real business context. The real control question is whether a programme can distinguish a legitimate request from a request that merely looks legitimate. Practitioners should treat behavioral anomaly as the new decision layer.

Behavioral baselines expose a governance gap that traditional email security never had to solve. Legacy controls assumed malicious content would look abnormal at the message level, but generative AI collapses that assumption by producing polished text inside valid threads. The named concept here is identity and workflow drift: a communication is compromised when the sender, timing, and sequence no longer match the established identity pattern, even if authentication still succeeds. Practitioners need to govern drift, not just content.

Vendor compromise is now an identity problem, not only a fraud problem. When invoice timing, phrasing, and account patterns become detection inputs, the security team is really validating whether a vendor identity is acting within its normal operating envelope. That brings supply chain trust, IAM signals, and fraud prevention into one control plane. Practitioners should stop treating vendor email as a separate domain from identity governance.

Automation in the SOC is justified when it removes repetitive review, not when it obscures accountability. The article’s strongest claim is operational: AI can absorb message triage at scale so analysts can focus on exceptions. That makes sense only if the decision boundaries are explicit, audited, and tied to the business workflows the system is monitoring. Practitioners should use AI to compress review time, not to dilute ownership.

Defensive AI is a response to adversary scale, but the programme win comes from better governance, not broader detection alone. If security teams cannot explain which workflows are normal, which identities are trusted, and which deviations matter, AI simply increases alert volume faster. The right outcome is tighter identity-linked process control across email, vendor interaction, and SOC operations. Practitioners should align detection with identity governance, not treat them as separate programmes.

From our research:

• 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
• Only 44% of organisations have implemented any policies to manage their AI agents, even though 92% agree that governing AI agents is critical to enterprise security.
• That gap matters because OWASP NHI Top 10 shows how quickly identity assumptions break when access, delegation, and runtime behaviour are not tightly governed.

What this signals

Behaviour-based detection is becoming the practical bridge between email security and identity governance. As message content becomes easier to fake, the programme signal shifts to whether the account, vendor, or workflow remains inside its normal operating envelope. That is where identity, SOC, and fraud controls begin to overlap in a useful way.

Identity and workflow drift: teams should treat a legitimate account that behaves abnormally as a governance event, not only a detection event. The implication is that access ownership, account offboarding, and payment authority need to be reviewed together, especially where vendor trust has operational consequences.

With 67% of organisations still relying heavily on static credentials despite the risks they pose to agentic AI deployments, per The 2026 Infrastructure Identity Survey, the broader lesson is that static trust assumptions are already under strain across machine and human workflows alike.

For practitioners

• Instrument communication baselines for high-risk identities Track sender cadence, thread continuity, login patterns, and workflow sequence for employee and vendor accounts that can trigger payments or access changes.
• Map business email and vendor workflows to detection points Define which approval paths, invoice intervals, and account-switching events are normal so the detection layer can alert on process drift rather than just suspicious language.
• Automate first-pass SOC review for user-reported messages Use machine scoring to cluster and prioritize reports before human review, but keep escalation thresholds tied to account privilege, payment authority, and business impact.
• Treat vendor account compromise as identity governance exposure Correlate vendor communication anomalies with account ownership, offboarding status, and payment authority so compromised third-party identities do not stay trusted by default.

Key takeaways

• AI-assisted fraud now defeats message-only defenses because the real signal has moved to behavior, identity context, and workflow sequence.
• Security leaders already see the scale change, with 98.4% reporting that adversaries are using AI to attack their organisations.
• The practical response is to govern communication drift, automate repetitive review, and tie vendor trust to identity and process ownership.

Key terms

• Behavioral Baseline: A behavioral baseline is a profile of how a person, team, vendor, or system normally acts across time. In identity security, it combines timing, sequence, account use, and interaction patterns so deviations can be flagged even when the content itself looks legitimate.
• Business Email Compromise: Business email compromise is a fraud pattern where an attacker manipulates a trusted email relationship to trigger payment, disclosure, or other business action. The attack often succeeds by copying real communication context, which makes identity and workflow validation more important than content filters alone.
• Workflow Drift: Workflow drift is a situation where a request, approval, or interaction departs from the established business sequence without an obvious technical failure. It matters because many AI-assisted attacks are designed to look credible while quietly changing timing, order, or account behavior.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or programme maturity, it is worth exploring.

This post draws on content published by Abnormal AI: Key Insights on Defensive AI, AI-driven attacks, and the CISO guide. Read the original.