Notifications
Clear all
Topic starter
27/06/2026 1:59 pm
TL;DR: AI-generated phishing now rivals nation-state quality, and SOC leaders interviewed by Abnormal AI argue that verification, human judgment, culture, and fundamentals still outperform one-time awareness campaigns. The lesson for identity and security teams is that resilient programmes are built around decision quality, not just detection volume.
NHIMG editorial — based on content published by Abnormal AI: SOC mindset lessons from the cybersecurity frontline
Questions worth separating out
Q: How should security teams reduce the impact of AI-generated phishing?
A: Teams should make verification unavoidable at the moment of risk.
Q: Why does automation help with investigation but not with final security decisions?
A: Automation is best at repetitive evidence gathering, enrichment, and routing.
Q: What do security teams get wrong about awareness training?
A: They often treat awareness as a one-time event instead of a daily operating behaviour.
Practitioner guidance
- Embed verification into sensitive workflows Require step-up confirmation for payments, credential resets, approval requests, and unusual data movements so verification happens at the point of action, not in hindsight.
- Automate collection, keep decisions human Use automation to gather logs, enrich alerts, and standardise investigation inputs, but require a named owner to make the final call on exceptions and escalation.
- Reinforce security culture daily Rotate responsibilities, recognise good reporting behaviour, and make it safe to surface mistakes quickly so pressure and fatigue do not become hidden control failures.
What's in the full article
Abnormal AI's full article covers the operational detail this post intentionally leaves for the source:
- Firsthand SOC leader commentary on how analysts balance automation with human judgment in live investigations.
- Specific examples of role rotation, recognition, and burnout reduction practices used to sustain security culture.
- Additional guidance on tuning detections, testing playbooks, and running tabletop exercises with frontline teams.
- The original interview framing and speaker context behind the five SOC mindset lessons.
👉 Read Abnormal AI's SOC mindset lessons for security teams in the age of AI phishing →
AI phishing and SOC habits: what security teams should take away?
Explore further
27/06/2026 3:32 pm
Verification under pressure is now an identity governance control, not a training slogan. AI phishing has reduced the usefulness of superficial caution because the attacker can now match tone, timing, and context. That means the real control is whether an organisation has built decision points that force confirmation before sensitive action. The implication is that human identity governance must be designed around verifiable moments, not assumed discipline.
A few things that frame the scale:
- 44% of NHI tokens are exposed in the wild, being sent or stored over platforms like Teams, Jira tickets, Confluence pages, and code commits, according to The 2025 State of NHIs and Secrets in Cybersecurity.
- 91% of former employee tokens remain active after offboarding, leaving organisations vulnerable to potential security breaches, according to The 2025 State of NHIs and Secrets in Cybersecurity.
A question worth separating out:
Q: How can organisations tell whether their security culture is actually working?
A: Look for practical signals such as quick self-reporting, low blame in incident follow-up, strong participation in drills, and consistent use of verification steps. A healthy culture shows up when people raise issues early and teams recover quickly. If mistakes are hidden or repeated, the culture is weakening control effectiveness.
👉 Read our full editorial: SOC mindset lessons for security teams in the age of AI phishing
