Notifications
Clear all
Topic starter
27/06/2026 1:05 pm
TL;DR: Email attacks remain the leading cause of cybercrime losses as generative AI increases attack volume and sophistication, while unfilled cybersecurity roles widen exposure, according to Abnormal AI. The implication is that email defence now has to scale like an industrial control problem, not a human-review problem.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate.
Questions worth separating out
Q: How should security teams defend against AI-generated phishing at enterprise scale?
A: They should combine behavioural email detection with identity controls that react when a message becomes a compromise event.
Q: Why does AI make email attacks harder to contain?
A: AI reduces the cost of producing convincing, varied lures, so defenders face more attacks that look legitimate at first glance.
Practitioner guidance
- Map email compromise to identity risk workflows Route suspicious email events into IAM and help-desk processes so credential resets, session revocation, and account monitoring happen together rather than as separate tickets.
- Measure detection latency across the phishing-to-account-takeover path Track how long it takes from message delivery to triage, user report, containment, and privilege review, because delay is a direct indicator of identity exposure.
- Harden recovery processes against social engineering Require stronger verification for password resets, MFA changes, and access restoration so attackers cannot use email deception to regain control after the first lure succeeds.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- How generative AI changes phishing volume, targeting, and attack speed in practice
- The defensive AI patterns Abnormal AI uses to detect AI-driven email abuse at scale
- Where the webinar connects email security to broader identity and access risk
- The future-state roadmap discussed in the session for AI-assisted defence
👉 Watch Abnormal AI's on-demand webinar on AI, email security, and 2024 attack trends →
AI email attacks and the cybersecurity loss gap: what teams should do?
Explore further
27/06/2026 2:17 pm
Email security is now an identity governance problem, not just a content-filtering problem. The article’s premise is that AI will increase the volume and sophistication of attacks, which means the real boundary being tested is who and what can be trusted after a message arrives. That pulls email compromise into IAM, access review, and account recovery workflows because the inbox is often the first step in credential abuse.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How can organisations reduce the identity impact of email compromise?
A: They should make email incidents trigger identity actions automatically, including access review, MFA revalidation, and session termination where appropriate. This reduces the chance that a successful lure turns into persistence. The most effective programmes treat email compromise as an identity event, not a mailbox event.
👉 Read our full editorial: AI-driven email attacks are widening the cybercrime loss gap
