Notifications
Clear all
Topic starter
27/06/2026 1:11 pm
TL;DR: Identity-based attacks and email threats are becoming harder to detect, and Abnormal AI’s webinar argues that behavioral AI plus bidirectional communication can improve real-time defense against increasingly sophisticated breach paths. Legacy controls are failing because attackers now blend identity theft, email abuse, and rapid adaptation across channels.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.
- Only 5.7% of organisations have full visibility into their service accounts.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
Questions worth separating out
Q: How should security teams detect identity-based attacks that move through email and login paths?
A: They should correlate authentication, mailbox, and privilege telemetry so detection is based on sequences and context, not a single alert.
Q: Why do legacy email controls miss modern identity abuse?
A: Legacy controls usually focus on known indicators, fixed policies, or content inspection, which works poorly when attackers reuse valid credentials and trusted communication paths.
Practitioner guidance
- Correlate identity and email telemetry Map which telemetry sources can be joined across mailbox activity, authentication events, and privilege changes.
- Test behavioural detections against trusted-path abuse Use realistic scenarios where the attacker uses valid credentials, normal sender infrastructure, or familiar access patterns.
- Define response ownership for cross-channel incidents Assign clear accountability for incidents that begin in email but terminate in identity compromise or workload misuse.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- Speaker discussion on how behavioural AI is applied in live threat detection across email and identity channels.
- Vendor-led walkthrough of the CrowdStrike Falcon integration and the response workflow it supports.
- Examples of bidirectional communication between detection systems and security operations tooling.
- ISC2 CPE eligibility details for teams evaluating whether to use the session for continuing education.
👉 Watch Abnormal AI's webinar on behavioural intelligence for identity and email threats →
Identity-based attacks and email threats: are your controls keeping up?
Explore further
27/06/2026 2:26 pm
Behavioral intelligence is becoming a control layer for identity abuse, not just a detection feature. The webinar’s premise reflects a broader shift in security operations: attackers increasingly operate through valid identities and trusted channels, so the control problem is no longer only “block the known bad.” The field is moving toward behavioural context that can connect identity, mail, and access activity into one analytic picture. For practitioners, that means evaluating whether their stack can see misuse across channels, not just within them.
A few things that frame the scale:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which explains why identity-led attacks so often stay hidden until impact.
A question worth separating out:
Q: How can organisations use behavioural AI without replacing governance?
A: Behavioural AI should feed governed response paths, not bypass them. Teams still need defined ownership, escalation criteria, and containment authority so alerts become action. Otherwise, analytics only increase noise. The right model is behavioural context plus accountable decision-making, not automation detached from governance.
👉 Read our full editorial: Behavioral AI for identity-based attacks and email threats
