Notifications
Clear all
Topic starter
27/06/2026 1:22 pm
TL;DR: Rubicon said its security team protects 13 million service locations and more than 8,000 vendor and hauler partners, and that business email compromise drove a move away from outdated decision-tree tools toward AI-powered security, according to Abnormal AI. The lesson is that sprawling third-party ecosystems expose identity and email trust assumptions that static controls struggle to govern.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- Rubicon's security team protects 13M+ service locations and 8,000+ vendor/hauler partners across the US.
Questions worth separating out
Q: How should security teams reduce business email compromise risk in partner-heavy organisations?
A: Start by identifying the email-driven business processes that can trigger money movement, access changes, or vendor updates.
Q: Why do large vendor ecosystems make business email compromise harder to stop?
A: Because every legitimate partner interaction gives attackers another believable story, sender pattern, or workflow to imitate.
Practitioner guidance
- Map high-risk email workflows Identify which messages can change payment instructions, vendor details, or access approvals, then require secondary verification for those paths.
- Shift detection from signatures to behaviour Evaluate whether email controls can correlate message timing, sender history, reply-chain changes, and unusual request patterns instead of relying only on static indicators.
- Add identity verification to partner change requests Require a callback or out-of-band confirmation before accepting bank, routing, or contact changes from external parties.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- George Insko's first-hand explanation of why the team replaced decision-tree methods with AI-powered security
- The practical steps Rubicon used to streamline threat detection and response across a large partner ecosystem
- The business email compromise scenarios that shaped security investment decisions
- The webinar's full context on how Rubicon thinks about sustainable security programme design
👉 Watch Abnormal AI's webinar on Rubicon's AI-driven response to business email compromise →
Business email compromise at scale: what Rubicon's case means?
Explore further
27/06/2026 2:42 pm
Business email compromise is an identity problem before it is an email problem. The core weakness is not simply malicious messages, but the organisation's willingness to trust sender identity, domain familiarity, and partner context at face value. In a network with 8,000+ partners, that assumption becomes too weak to support safe operational decisions. Practitioners should treat BEC as a governance and verification failure, not just a phishing problem.
A few things that frame the scale:
- Organisations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control, according to The State of Secrets in AppSec.
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
A question worth separating out:
Q: How can security teams tell whether BEC controls are actually working?
A: Measure whether suspicious requests are caught before they change payment, vendor data, or access rights. If the only metric is blocked spam, the programme is blind to the attacks that matter. Effective control shows up in reduced fraud execution, faster verification, and fewer authorised changes from unverified email requests.
👉 Read our full editorial: Rubicon's security shift shows the limits of legacy BEC controls
