TL;DR: User-reported phishing triage time can be cut by 91%, with 94% of organisations reporting stronger security outcomes after replacing their SEG, while AI-driven automation removes false positives and graymail and saves thousands of hours annually, according to Abnormal AI. Legacy email controls are being outpaced by threat volume and evasion techniques, so the real question is whether teams can still justify SEG-centric detection models.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- 91%., vioral AI reduces user-reported phishing triage time by 91%.
- 94% of organizations report stronger security outcomes after replacing their SEG.
Questions worth separating out
Q: How should security teams measure whether a secure email gateway is still effective?
A: Measure how often it blocks real threats, how much analyst time it consumes, and how many false positives it creates.
Q: Why do AI-generated phishing emails weaken traditional email security models?
A: AI-generated phishing weakens traditional models because static filters depend on repeated patterns, known malicious infrastructure, and predictable wording.
Practitioner guidance
- Benchmark triage performance against real analyst workload Measure time spent on user-reported phishing, false-positive volume, and graymail load before and after any control change.
- Correlate email alerts with identity events Connect suspicious message telemetry to account takeover indicators, mailbox rule changes, and unusual authentication patterns so email security can trigger identity response instead of operating as a separate silo.
- Test detection against AI-generated lure variation Run controlled simulations that vary wording, sender patterns, and delivery cadence to see whether controls still detect campaigns when the content changes faster than signature updates.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- The underlying benchmark methodology behind the 91% triage-time figure and how it was measured across user-reported phishing workflows.
- The conditions behind the 94% stronger security outcomes claim, including what changed after SEG replacement.
- Operational examples of how AI-driven automation reduces false positives and graymail in day-to-day email operations.
- The webinar's full framing of why legacy gateways fall short against advanced email threats in modern environments.
👉 Read Abnormal AI's webinar on the hidden costs of SEGs and AI-first security →
Legacy email gateways and AI threats: is your SEG keeping up?
Explore further
Legacy SEG thinking is a detection assumption problem, not just a product gap. SEGs assume malicious email can be reliably identified through rules, reputation, and known indicators before delivery. AI-generated phishing weakens that premise because the content can be varied, contextual, and fast-changing at scale. The implication is that email security programmes must be judged by adaptive detection performance, not by the presence of a gateway alone.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The state of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared with nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: How should identity teams connect email security to broader access protection?
A: Identity teams should treat phishing as an access-risk event, not only a messaging issue. Suspicious email activity should feed account, session, and mailbox monitoring so response can begin before credentials are reused or delegated access is abused. That makes the email layer part of the identity control stack.
👉 Read our full editorial: Behavioral AI exposes the SEG gap in email threat detection