Notifications
Clear all
Topic starter
27/06/2026 1:19 pm
TL;DR: AI-powered phishing, trusted-platform abuse, and cross-channel conversation shifting are undermining legacy email defenses, according to Abnormal AI’s on-demand webinar preview. The core issue is that inbox security still assumes static patterns and single-channel detection, while modern attackers now personalise, pivot, and persist across the collaboration stack.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams defend against AI-personalised phishing in email?
A: They should combine content inspection with behavioural and identity signals, because AI-personalised phishing is designed to look relevant, timely, and low-risk.
Q: Why do trusted collaboration tools create email security blind spots?
A: Trusted collaboration tools create blind spots because attackers can move the payload out of the inbox and into services users already trust.
Practitioner guidance
- Correlate email and collaboration telemetry Link inbox events to Google Drive, Dropbox, and chat activity so analysts can see whether a lure is being staged, forwarded, or resumed in another channel.
- Score trust on sender behaviour and context Use behavioural and relationship signals to evaluate whether a message fits the recipient’s normal communication patterns, rather than relying on keyword filters or static reputation alone.
- Review third-party platform exposure Inventory which collaboration services can be used to deliver content into the enterprise, then restrict or monitor the ones that routinely carry external files or shared links.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- Specific campaign examples showing how AI-personalised email lures are adapted to different victim roles.
- Threat-intelligence examples of how trusted services such as Google Drive and Dropbox are used to stage delivery.
- Operational guidance on how Abnormal detects conversation shifting across channels in real campaigns.
- A walkthrough of the essential requirements for AI-native email defence strategies.
👉 Watch Abnormal AI's webinar on AI-driven email threats and modern inbox defence →
AI-driven email threats: why are legacy inbox controls failing?
Explore further
27/06/2026 2:38 pm
Email security is now identity security because the attacker’s real target is trust. AI-personalised lures work by exploiting the point where human identity decisions meet connected platforms and delegated access. Legacy filters can reduce commodity spam, but they do not solve the trust assessment problem created by conversation-level manipulation. Practitioners should treat email as an identity attack surface, not just a content channel.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- A second finding from the same research shows that 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, with 38% reporting no or low visibility and 47% reporting only partial visibility.
A question worth separating out:
Q: How can teams measure whether their email defences are keeping up?
A: They should measure how often suspicious campaigns are detected after a channel change, not only at inbox entry. If the same lure can move into collaboration tools without a linked alert, the organisation has visibility into messages but not into the attack path.
👉 Read our full editorial: AI-driven email threats are outpacing legacy inbox defenses
