Notifications
Clear all
Topic starter
27/06/2026 1:50 pm
TL;DR: AI-generated phishing raises user engagement by 4x and can make attacker campaigns up to 50x more profitable, according to Abnormal AI. The real divide is no longer whether a tool has AI, but whether AI is foundational enough to detect and respond at machine speed before identity abuse spreads.
NHIMG editorial — based on content published by Abnormal AI: Key Insights on AI-native security and AI-powered attack economics
By the numbers:
- Attackers can increase campaign profitability by up to 50 times using AI.
Questions worth separating out
Q: How should security teams evaluate AI-powered email defence tools?
A: Teams should test whether AI changes the control loop or only adds analyst convenience.
Q: Why do AI-generated phishing attacks create more risk for identity programmes?
A: AI-generated phishing increases trust at scale, so the first failure is often identity entry rather than malware execution.
Q: What breaks when email security relies on static rules against AI-driven attacks?
A: Static rules break when the message is constructed to look like ordinary business communication.
Practitioner guidance
- Separate AI capability claims from control-path impact Inventory where AI actually influences detection, triage, or response.
- Baseline behaviour across users, vendors, and applications Use behavioural models that connect sender-recipient patterns, communication frequency, and historical context so that trusted-looking messages can still be judged against normal identity behaviour.
- Measure containment speed against real compromise windows Compare automated response times with the likely dwell time of account takeover and fraud workflows.
What's in the full article
Abnormal AI's full article covers the operational detail this post intentionally leaves for the source:
- Specific examples of how the platform models user, vendor, and application behaviour across Microsoft 365, Google Workspace, and other connected systems
- The underlying detection logic behind AI-native baselining and how it differs from AI added as a summary or triage layer
- Operational examples of account takeover remediation and investigation workflow reduction in live enterprise environments
- The vendor's own explanation of why third-party secure email gateways were retired by many customers after adoption
👉 Read Abnormal AI's analysis of AI-native security versus AI-powered attacks →
AI-native email security: are AI-powered tools keeping up?
Explore further
27/06/2026 3:18 pm
AI-generated phishing is now an identity problem, not just an email problem. Once the message is good enough to trigger trust, the real risk shifts to the identity event that follows, whether that is credential entry, delegated access, or account takeover. The control question is no longer only whether a message looks suspicious, but whether identity systems can recognise abnormal behaviour early enough to stop abuse. Practitioners should treat phishing defence and identity governance as one connected control surface.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: How can organisations tell whether response automation is actually effective?
A: Measure whether response actions occur before the compromise can expand into account takeover, vendor fraud, or business email misuse. A fast dashboard alert is not enough if the control cannot revoke access or stop abuse within the attacker’s working window. Effective automation reduces blast radius, not just analyst effort.
👉 Read our full editorial: AI-native email security is outpacing AI-powered attack economics
