Notifications
Clear all
Topic starter
27/06/2026 1:42 pm
TL;DR: AI now lets attackers generate thousands of personalised social engineering variants in minutes, lowering cost and raising success rates while bypassing malware-based controls, according to Abnormal AI. The real break point is not message content but the collapse of manual review and rule-based trust assumptions under attacker speed.
NHIMG editorial — based on content published by Abnormal AI: AI-driven social engineering and why legacy detection models break down
Questions worth separating out
Q: How should security teams detect AI-generated social engineering that looks legitimate?
A: Security teams should combine behavioural analysis, workflow verification, and channel-based risk scoring.
Q: Why do fraudulent invoices and wire requests bypass traditional security tools?
A: They bypass traditional tools because many legacy systems are tuned to detect malware, malicious links, or compromised infrastructure.
Q: What do teams get wrong about human-targeted attacks at scale?
A: Teams often treat them as isolated phishing incidents instead of an industrialised campaign model.
Practitioner guidance
- Baseline high-risk communication patterns Map normal sender, recipient, timing, and channel combinations for payment, vendor, and executive-request workflows so anomalous requests can be flagged against a real behavioural baseline.
- Add out-of-band verification for money movement Require independent confirmation for invoice changes, wire requests, and bank detail updates, especially when requests arrive through email or collaboration tools and appear operationally plausible.
- Tune detections for fraud without malware Update triage logic so suspicious payment and impersonation events are not dependent on links, attachments, or known malicious signatures before they are escalated.
What's in the full article
Abnormal AI's full report covers the operational detail this post intentionally leaves for the source:
- Examples of how AI reshapes fraudulent invoice and wire-request tactics across common business workflows
- Operational guidance for shifting from content-only inspection to behaviour-aware detection and triage
- The analyst perspective on where manual review consumes SOC capacity and how attack volume compounds that pressure
- Scenario detail on how communication timing, tone, and context can be used to make fraud appear legitimate
👉 Read Abnormal AI's analysis of AI-driven social engineering and fraud scaling →
AI social engineering at scale: what IAM and SOC teams miss?
Explore further
27/06/2026 3:09 pm
AI has collapsed the economics of social engineering. The attacker no longer needs scarce human effort to produce convincing lures because generation, variation, and testing can now happen at machine speed. That changes the defensive problem from isolated message review to adversarial adaptation at scale. Practitioners should treat social engineering as a continuously optimised campaign, not a one-off event.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Who should approve high-risk requests when a message appears authentic?
A: High-risk requests should require a separate approval path that does not depend on the same communication channel used to submit the request. This is especially important for payments, vendor changes, and privileged account actions. Independent verification reduces the chance that a convincing impersonation can turn into an authorised business action.
👉 Read our full editorial: AI-driven social engineering is outpacing legacy detection models
