Notifications
Clear all
Topic starter
27/06/2026 1:09 pm
TL;DR: AI-powered social engineering is outpacing legacy email defenses while business email compromise has drained $55 billion from organisations since 2013, according to Abnormal AI. Legacy gateways miss more sophisticated attacks, so SOC teams need detection and response models that reduce investigation time and account for human trust abuse.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- Business email compromise has drained $55 billion from organizations since 2013.
Questions worth separating out
Q: How should security teams defend against AI-powered social engineering?
A: Teams should combine behavioural email detection with identity-aware response, because AI-generated lures are designed to evade static filters and manipulate human trust.
Q: Why do legacy gateways struggle with modern phishing and BEC attacks?
A: Legacy gateways rely too heavily on known indicators, while AI-assisted attacks can rewrite language, rotate infrastructure, and tailor messages to the target in real time.
Practitioner guidance
- Deploy behavioural detection for social engineering Use mailbox, message, and identity context together so suspicious communication is assessed by behaviour, not only by reputation or signatures.
- Map identity trust paths behind email actions Identify which approvals, password resets, payment steps, and delegated actions are triggered from email and put extra verification around those paths.
- Measure investigation latency as a control metric Track how long it takes analysts to understand, prioritise, and contain a suspicious message after first alert generation, then shorten the steps that consume the most time.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- A live walkthrough of how AI-driven automation can reduce investigation time from hours to minutes.
- Specific examples of social engineering patterns that legacy gateways miss and why those misses matter.
- Operational ideas for using AI inside the SOC without losing analyst control over containment.
- A webinar format with the field CISO perspective and practical discussion points for SOC transformation.
👉 Watch Abnormal AI's webinar on AI-powered SOC transformation and social engineering defense →
AI-powered social engineering: are SOC controls keeping up?
Explore further
27/06/2026 2:22 pm
AI-powered social engineering is now a control-plane problem, not just an awareness problem. When attacks can generate persuasive content at scale, the weakest point is no longer user education alone, it is the SOC and email control stack that still assumes static indicators will surface the threat. That shifts the governance question from whether staff can spot phishing to whether the detection model can adapt fast enough. Practitioners should treat AI-assisted social engineering as a structural blind spot in identity-adjacent defence.
A few things that frame the scale:
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
- DeepSeek accidentally embedded over 11,000 secrets in its training data and left a database exposed online, revealing more than one million sensitive records including chat histories, backend credentials, and API keys, according to LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
A question worth separating out:
Q: Who should own response when phishing becomes an identity incident?
A: Ownership should be shared across SOC, IAM, and the business function that controls the affected workflow, because the incident often spans mailbox, account, and transaction layers. A clean handoff model is less important than a single escalation path that can contain access and freeze risky actions quickly.
👉 Read our full editorial: AI-powered social engineering is exposing SOC blind spots
