Notifications
Clear all
Topic starter
27/06/2026 1:21 pm
TL;DR: AI-fuelled, socially engineered email attacks are outpacing signature-based secure email gateways, leaving payload-less threats and fraud attempts harder to catch, according to Abnormal AI’s webinar with Pegasystems. Static rules are no longer enough when detection must learn normal behaviour in real time to reduce alert fatigue and SOC workload.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams defend against AI-generated email attacks that do not use malware?
A: They should combine behavioural detection, impersonation analysis, and identity monitoring rather than rely on attachment and signature checks.
Q: Why do legacy secure email gateways struggle with modern phishing and fraud campaigns?
A: Because they were built to catch known bad content, not adaptive persuasion.
Practitioner guidance
- Rebuild email detection around behaviour, not signatures Prioritise controls that model sender behaviour, message context, and relationship anomalies, because payload-less attacks will keep bypassing static inspection.
- Add fraud and impersonation signals to identity monitoring Feed mailbox and communication anomalies into identity workflows so impersonation attempts are visible alongside access alerts.
- Measure analyst time as a security control metric Track how much time the SOC spends tuning rules and clearing benign alerts, then compare it with true positive detection rates.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- A live discussion of how behavioural AI distinguishes legitimate mail from advanced social engineering in practice.
- Pegasystems’ account of replacing the SEG and the operational impact on analyst workload.
- Examples of how real-time adaptive detection reduces noise while preserving signal for novel threats.
- The business-fraud angle that links email security decisions to downstream financial loss.
👉 Watch Abnormal AI's webinar on catching modern email threats with behavioural detection →
AI-fuelled email threats: are legacy SEG controls keeping up?
Explore further
27/06/2026 2:41 pm
Static email controls are now a governance debt, not a protection layer. Secure email gateways were designed for a world in which malicious mail could be identified by content, signatures, or attachment behaviour. That assumption breaks when generative AI produces convincing, payload-less messages that adapt faster than rule updates. The implication is that email security must be treated as behavioural risk management, not signature hygiene.
A few things that frame the scale:
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
- Organisations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control, according to The State of Secrets in AppSec.
A question worth separating out:
Q: How can SOC teams reduce alert fatigue without missing real email threats?
A: They should measure whether the email stack is reducing false positives while still surfacing novel threats, impersonation attempts, and suspicious conversational drift. If analysts spend most of their time tuning rules, the system is shifting work onto the SOC instead of absorbing it. Efficient detection should reclaim time, not consume it.
👉 Read our full editorial: AI-fuelled email threats expose the limits of legacy SEG controls
