Notifications
Clear all
Topic starter
27/06/2026 1:53 pm
TL;DR: Modern phishing and BEC increasingly exploit identities, relationships, and context rather than malicious payloads, and static training or rule-based controls are no longer enough, according to Abnormal AI. The governing problem is that email security now depends on correlating identity risk across collaboration systems, OAuth apps, and user behavior, not on filtering messages alone.
NHIMG editorial — based on content published by Abnormal AI: Key Insights on modern cloud email security capabilities
Questions worth separating out
Q: How should security teams detect phishing that does not use malicious payloads?
A: They should combine message analysis with identity and relationship signals.
Q: Why do compromised identities matter so much in email security?
A: Because a trusted account can move from email into collaboration tools, SaaS apps, and financial workflows without triggering the same suspicion as an external attacker.
Q: What breaks when organisations rely on static phishing training?
A: Static training measures attendance more than resilience.
Practitioner guidance
- Build identity-centric detections for email abuse Correlate sender behaviour, recipient relationships, login anomalies, delegated access, and collaboration activity so email alerts reflect identity misuse rather than message content alone.
- Map risky email settings into identity governance workflows Continuously review mailbox permissions, legacy authentication, insecure connectors, and OAuth app grants, then route remediation through the same governance process used for other privileged access.
- Replace static phishing exercises with adaptive simulations Use behavioural telemetry to target simulations, measure response patterns, and adjust reinforcement based on the specific attack styles users actually encounter.
What's in the full article
Abnormal AI's full article covers the operational detail this post intentionally leaves for the source:
- Capability-by-capability checklist for 2026 email security evaluation, including the detection, posture, and response functions buyers should compare
- Operational detail on AI-native behavioural threat detection, including how language models, relationship graphs, and identity baselines are applied
- Practical guidance on continuous email posture management, including risky OAuth applications, legacy authentication, and mailbox permission drift
- Workflow detail on automated abuse-mailbox triage, enrichment, and integration with SIEM, SOAR, and incident management tools
👉 Read Abnormal AI's checklist of essential cloud email security capabilities →
Email identity risk modeling: what IAM teams need to know?
Explore further
27/06/2026 3:24 pm
Email security has become an identity governance problem, not just a content-filtering problem. The article correctly shifts attention away from payload-based detection and toward relationships, delegation, and context. That is the right lens because modern BEC and vendor impersonation succeed when trust is abused rather than when malware is delivered. The governance conclusion is clear: defenders need to manage identity abuse paths, not only malicious messages.
A few things that frame the scale:
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
- Companies are dedicating an average of 32.4% of their security budgets to secrets management and code security, with US organisations leading at 40.8%, according to The State of Secrets in AppSec.
A question worth separating out:
Q: Who is accountable when risky OAuth apps or legacy auth create email exposure?
A: Accountability should sit with the identity and security teams that own access governance, mailbox posture, and application trust controls. Email exposure from overbroad permissions or insecure connectors is not just a mail-team issue. It is an identity governance issue that requires shared ownership and continuous review.
👉 Read our full editorial: AI-driven email security now hinges on identity risk modeling
