Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Phishing at scale for mid-market firms: what changes for defence?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9924
Topic starter  

TL;DR: AI has reduced the cost and effort of credible phishing campaigns to a few cents and minutes, while modern PhaaS stacks now combine uncensored LLMs, breach-data fine-tuning, AiTM proxies, and plug-and-play kits, according to Abnormal AI. Mid-market security teams should treat phishing as a scale economics problem, not a signature problem.

NHIMG editorial — here’s why we think this discussion matters

Questions worth separating out

Q: How should security teams defend against AI-generated phishing at scale?

A: Security teams should combine behavioural email detection with identity-aware verification and rapid response.

Q: Why do rules-based defences struggle against modern phishing campaigns?

A: Rules-based defences depend on stable malicious patterns, but AI can continuously vary wording, sender style, and delivery shape.

Practitioner guidance

  • Rebuild phishing detection around behaviour, not signatures. Prioritise sender reputation, session anomalies, authentication context, and unusual navigation patterns over message text alone.
  • Harden identity verification after suspicious clicks. Add step-up checks for password resets, MFA changes, mailbox forwarding, and privileged login attempts when a phishing indicator appears.
  • Review recovery paths for the identities most likely to be abused. Map how help desk, password reset, and account recovery workflows behave after a lure succeeds.

What to expect at the briefing

Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:

  • A walkthrough of the modern PhaaS stack, including uncensored LLMs, breach-data fine-tuning, and AiTM proxies.
  • The attack progression from lure creation to credential capture and post-compromise identity abuse.
  • The specific reasons mid-market security teams are being targeted with enterprise-style phishing campaigns.
  • The defensive signals Abnormal AI says are still catching AI-generated lures when rules-based controls fail.

👉 Watch Abnormal AI's webinar on phishing at scale and mid-market defence →

Phishing at scale for mid-market firms: what changes for defence?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9408
 

Phishing economics now matter as much as phishing content. When credible lures cost only cents and minutes to produce, defenders can no longer rely on volume reduction as a primary assumption. The relevant question is how quickly identity teams can recognise abuse once an initial lure lands, because the attacker has already won the economics game before any single message is inspected. Practitioners should treat scale as the real threat variable.

A few things that frame the scale:

  • 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
  • Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.

A question worth separating out:

Q: How can organisations reduce account takeover after a phishing event?

A: Organisations should tighten recovery and verification workflows, especially for password resets, MFA changes, and privileged access. If those paths are weak, a single phishing success can turn into durable account compromise. Strong verification and fast session invalidation are the main containment levers.

👉 Read our full editorial: Phishing at scale is lowering the cost of mid-market attacks



   
ReplyQuote
Share: