Notifications
Clear all
Topic starter
27/06/2026 1:15 pm
TL;DR: More than 70% of customers have moved away from traditional secure email gateways because AI-driven attacks are bypassing legacy detection and filtering, according to Abnormal AI, and it frames SEG replacement as a practical response to modern email threat tactics. The real takeaway is that email security now depends on adapting controls to attacker behaviour, not preserving old perimeter assumptions.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- Over 70% of Abnormal customers transitioned away from traditional secure email gateways.
- 200 customers were guided through SEG replacement., placement.
Questions worth separating out
Q: How should security teams respond when legacy secure email gateways miss AI-generated phishing?
A: Teams should treat SEG misses as a signal to strengthen identity-linked controls, not just to tune filters.
Q: Why does email compromise so often become an identity problem?
A: Because a mailbox is a trusted communication channel that can trigger credential recovery, approvals, and impersonation.
Practitioner guidance
- Map inbox compromise to identity recovery paths Review how password resets, MFA resets, delegated approvals, and help desk recovery work when a mailbox is compromised.
- Test detection against AI-generated lure variation Run phishing simulations that change tone, sender structure, and request patterns across many variants, then measure whether the SEG still blocks them or merely delays them.
- Tie email controls to account takeover prevention Require identity signals for sensitive mailbox actions, including forwarding-rule changes, new device sign-ins, approval requests, and recovery flows.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- Guidance from Dan Nickolaisen on the practical steps used across more than 200 SEG replacement engagements.
- Examples of attacker tactics that bypass legacy secure email gateways in real deployments.
- The immediate benefits practitioners reported after moving to an AI-native email security model.
- ISC2 CPE eligibility details for teams that need training credit as part of the viewing experience.
👉 Read Abnormal AI's webinar on replacing secure email gateways →
Legacy secure email gateways: what email security teams should re-evaluate?
Explore further
27/06/2026 2:31 pm
Legacy email gateways now fail the trust test, not just the filter test. AI-generated phishing changes message uniqueness faster than static policy models can track, so the problem is no longer only malicious content classification. It is the collapse of a control model that assumes attackers reuse stable indicators long enough to be detected. Practitioners should treat inbox security as a live identity risk surface, not a content moderation problem.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- Another finding from the same research shows that 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, with 38% reporting no or low visibility and 47% only partial visibility.
A question worth separating out:
Q: Which controls should sit alongside email security to limit account takeover?
A: Identity-aware controls should sit alongside email security, especially strong recovery verification, privileged action approval, and monitoring for mailbox rule changes and unusual sign-ins. These controls stop a compromised inbox from becoming a direct path to broader access or fraudulent action.
👉 Read our full editorial: AI-driven email attacks are exposing the limits of legacy SEGs
