TL;DR: Web applications use email addresses as the primary identifier for critical functions in 64.9% to 92.4% of cases, while Proofpoint reports 59% of compromised accounts still had MFA enabled and 54% of ransomware victims had stolen credentials first. The security problem is no longer inbox protection alone, but identity governance for both humans and the AI systems acting on their behalf.
NHIMG editorial — based on content published by Proofpoint: email identity, credential theft, and agentic AI risk
By the numbers:
- Between 64.9% and 92.4% of web applications use email addresses as the primary identifier for critical functions.
- Proofpoint has found that 59% of compromised accounts had MFA enabled.
Questions worth separating out
Q: How should security teams reduce identity risk in email-driven workflows?
A: Security teams should remove email as the trusted authority for sensitive identity actions wherever possible.
Q: Why do compromised identities matter so much in email security?
A: Because a trusted account can move from email into collaboration tools, SaaS apps, and financial workflows without triggering the same suspicion as an external attacker.
Q: What do organisations get wrong about MFA and email compromise?
A: They assume MFA means the account is safe.
Practitioner guidance
- Map email to downstream identity dependency Inventory every system that uses email for account creation, recovery, notification, or approval.
- Separate inbox access from recovery authority Remove email as the only recovery path for privileged or sensitive accounts and require stronger verification for resets, step-up access, and delegated approvals.
- Treat mailbox compromise as an identity incident Update ITDR and incident playbooks so a compromised mailbox triggers session review, token revocation, and access-path analysis across connected services.
What's in the full article
Proofpoint's full article covers the operational detail this post intentionally leaves for the source:
- Specific examples of email-based credential theft, MFA bombing, and prompt injection patterns observed in the field
- The vendor's framing of agentic workspace protection and how it maps to mailbox monitoring and exfiltration controls
- Additional explanation of how AI tools assigned to email workflows can be targeted through hidden prompts and malicious content
- The original examples and narrative around human-centric security expanding into agent-centric security
👉 Read Proofpoint's analysis of email identity, credential theft, and agentic AI risk →
Email identity and agentic AI: are your controls keeping up?
Explore further
Email is no longer just a human identifier, it is a shared identity control plane. The article shows that email links creation, authentication, recovery, and notification across platforms, which means compromise cascades faster than most IAM programmes model. The practitioner conclusion is that email must be governed as an identity dependency, not treated as a mere contact field.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How do AI agents change email governance for IAM teams?
A: AI agents that read or send email become non-human identities with delegated authority. That means their mailbox access, content handling, and outbound actions need lifecycle control, scope limits, and monitoring. If the agent can trigger business actions, it needs governance that matches the impact of those actions.
👉 Read our full editorial: Email identity is becoming a shared attack surface for humans and agents