Notifications
Clear all
Topic starter
27/06/2026 1:07 pm
TL;DR: Mid-sized organisations are facing AI-powered phishing, vendor fraud, and multi-channel impersonation that routinely bypass rule-based and signature-based email defenses, according to Abnormal AI. Legacy controls fail because they cannot evaluate identity, context, and risk in real time, making behavioural detection the new baseline for email security governance.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams defend against AI-powered phishing in email workflows?
A: Security teams should move beyond static filtering and treat email as an identity risk signal.
Q: Why do vendor fraud and impersonation attacks bypass legacy email defenses?
A: They bypass legacy defenses because those controls rely on signatures, known bad patterns, and repetitive indicators.
Practitioner guidance
- Map email-driven trust into identity workflows Identify where inbox activity leads directly to payment approval, vendor onboarding, credential reset, or privileged access changes, then add stronger verification steps for those paths.
- Replace static email indicators with behavioural scoring Tune detection to user, sender, and conversation context so unusual timing, request patterns, and relationship changes are scored before a message reaches an approval point.
- Extend fraud playbooks across communication channels Build response steps that follow the same impersonation pattern across email, chat, and messaging tools so containment does not stop at the inbox.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- Where mid-sized organisations sit on the email security maturity curve and which control gaps matter most
- The 2026 attack trends behind AI-powered phishing, vendor fraud, and impersonation campaigns
- Why AI-driven behavioural detection is being positioned as the control model that static email security cannot provide
- The webinar preview of what defenders should watch for as attack techniques continue to evolve
👉 Watch Abnormal AI's webinar on AI-powered phishing and modern email security →
AI-powered phishing and vendor fraud: are your controls keeping up?
Explore further
27/06/2026 2:20 pm
Static email controls are no longer sufficient because the attack surface is now identity-driven. The article’s core point is that rule-based and signature-based defenses were built for a world where malicious messages were easier to classify. AI-powered phishing breaks that model by making each message context-aware and harder to distinguish from routine business traffic. For identity teams, the real issue is that email is now part of the access decision chain, not just a transport layer.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: How can teams tell whether behavioural email detection is working?
A: It is working when suspicious requests are flagged before approval, when impersonation patterns are detected across channels, and when legitimate business processes still move without excessive friction. The best signal is fewer unsafe actions taken on convincing but fraudulent requests.
👉 Read our full editorial: AI-powered phishing exposes the limits of legacy email security
