AI-generated email threats: what the leadership shift means for defenders

TL;DR: Advanced attacks bypassing secure email gateways rose 97% over six months as AI-generated threats increasingly mimic trusted communications, according to Abnormal AI, prompting leadership hires across product, customer success, and legal functions. The underlying issue is that traditional detection and governance assumptions break when identity and behaviour become harder to distinguish from legitimate business traffic.

NHIMG editorial — based on content published by Abnormal AI: Abnormal AI Expands Leadership Team to Advance Behavioral AI Platform

By the numbers:

• Over the past six months, Abnormal has seen a 97% increase in advanced attacks bypassing Secure Email Gateways.
• Abnormal is trusted by thousands of organizations, including more than 25% of the Fortune 500.

Questions worth separating out

Q: How should security teams defend against AI-generated phishing that bypasses email gateways?

A: Teams should combine behavioural detection with identity-based response, because content inspection alone is increasingly easy to evade.

Q: Why do connected applications increase the impact of email-based attacks?

A: Connected applications extend trust beyond the inbox.

Q: How can organisations tell whether behavioural AI is working in practice?

A: Look for reduced dwell time between suspicious delivery and response, better correlation between email and identity events, and fewer missed cases where legitimate-looking traffic leads to account abuse.

Practitioner guidance

• Map inbox controls to identity outcomes Review how email detections feed account lock, session revocation, and step-up verification when suspicious communication is confirmed.
• Correlate behavioural signals across connected apps Join mail telemetry with sign-in events, token usage, and app-to-app activity across Microsoft 365, Google Workspace, Slack, Workday, ServiceNow, and Zoom.
• Add auditability to behavioural decisions Require security tooling to preserve the evidence that led to a detection, including sender relationships, message timing, and abnormal interaction sequences.

What's in the full analysis

Abnormal AI's full article covers the operational detail this post intentionally leaves for the source:

• The leadership rationale behind the three executive hires and how each role maps to product, customer success, and legal governance.
• The vendor's own explanation of how its behavioural AI platform is evolving across email and connected applications.
• The full context for the reported 97% increase in advanced attacks bypassing secure email gateways.
• The company positioning around trust, transparency, and compliance for enterprise deployments.

👉 Read Abnormal AI's analysis of rising AI-generated threats and leadership changes →

AI-generated email threats: what the leadership shift means for defenders?

Explore further

View Full Forum →  |  NHI Foundation Course →