Notifications
Clear all
Topic starter
27/06/2026 1:55 pm
TL;DR: Generative AI has accelerated targeted phishing and business email compromise, while Gartner’s 2025 Email Security Magic Quadrant places Abnormal AI as a Leader for the second year and highest in Completeness of Vision among 14 vendors. The real issue is not vendor ranking but that email security now has to keep pace with machine-speed deception and broader collaboration-tool attack surfaces.
NHIMG editorial — based on content published by Abnormal AI: 2025 Gartner Magic Quadrant for Email Security commentary
By the numbers:
- Among the 14 vendors evaluated in the 2025 quadrant, Abnormal AI was named a Leader for the second consecutive year.
Questions worth separating out
Q: How should security teams respond to AI-generated phishing and BEC attacks?
A: Security teams should combine message analysis with identity and behavioural signals, because AI-generated attacks can look legitimate long before a user clicks.
Q: Why do email security controls need to cover collaboration tools as well as inboxes?
A: Because modern attacks often move from email into chat, shared files, and approval workflows once trust is established.
Q: How do security teams decide whether to use multiple email security vendors?
A: Use multiple vendors when you need complementary visibility, not because of brand preference.
Practitioner guidance
- Correlate email and identity telemetry Join mail signals with identity, device, and collaboration activity so that suspicious messages are evaluated in the context of account behaviour and downstream access events.
- Extend response playbooks beyond the inbox Treat chat, shared documents, and approval workflows as part of the same containment path when a phishing or BEC attempt is detected.
- Tune automation for first-response containment Use automated triage and remediation for high-confidence email threats, but keep escalation paths explicit for cases that affect privileged accounts or sensitive workflows.
What's in the full analysis
Abnormal AI's full analysis covers the market and operational detail this post intentionally leaves for the source:
- Gartner quadrant context and the vendor placement criteria behind the 14-vendor comparison.
- Abnormal's discussion of how its API-based deployment changes rollout mechanics without requiring MX record changes.
- The vendor's view of how AI-driven detection, user coaching, and automated remediation are being operationalised.
- Compliance context around FedRAMP Moderate and ISO/IEC 42001 certification for email security vendors.
👉 Read Abnormal AI’s analysis of the 2025 Gartner Email Security Magic Quadrant →
AI-driven email attacks and what they mean for security teams?
Explore further
27/06/2026 3:26 pm
AI-driven email security is now an identity problem as much as a content problem. Generative AI has reduced the cost of producing believable attacks, but the deeper issue is that the trust model around email was built for human-paced abuse, not machine-paced variation. That means identity, context, and behavioural signals have to be evaluated together, because message-level controls alone cannot explain whether a conversation is legitimate. The practitioner conclusion is that email defence must be treated as part of identity governance.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 44% have implemented any policies to govern AI agents, even though 92% agree governing them is critical to enterprise security.
A question worth separating out:
Q: What does AI-driven email defence change for governance and accountability?
A: It shifts accountability toward how automated detection and remediation are approved, monitored, and escalated. Teams still own the outcome even when machines handle first-response tasks. That means governance must define who can tune automation, who reviews exceptions, and how risky actions are rolled back when a false positive affects business communication.
👉 Read our full editorial: Email security is being reshaped by AI-driven social engineering
