Security leaders have good reasons to fear AI-generated attacks

Generative AI is likely behind the increases in both the volume and sophistication of email attacks that organizations have experienced in the past few months, and it’s still early days, according to Abnormal Security.

Their leading worry is the increased sophistication of email attacks that generative AI will make possible — particularly, the fact that generative AI will help attackers craft highly specific and personalized email attacks based on publicly available information.

Not only are security leaders feeling nervous about these threats, many are already experiencing them. 80.3% of respondents confirmed that their organizations have either already received AI-generated email attacks or strongly suspect that this is the case.

“Generative AI tools like ChatGPT have taken the world by storm, bringing efficiencies to individuals and businesses like we’ve never seen before. But, like everyone else, cybercriminals are also taking advantage of this technology,” said Evan Reiser, Abnormal CEO.

“Threat actors can use these tools to scale email attacks in volume and sophistication, eliminating the telltale signs of an attack like typos and grammatical errors, while applying personalized context, tone, and language to make them even more deceptive. As generative AI lowers the barrier to entry for launching advanced attacks, we are entering a new and increasingly dangerous era of cybercrime, where organizations will need to rely on good AI to fight bad AI,” added Reiser.

Despite widespread concern, the vast majority of security leaders are not adequately prepared to protect against AI-generated email attacks.

The majority of respondents are still relying on their cloud email providers or legacy tools for email security, with 53% of respondents still using secure email gateways to protect their email environments. Unfortunately, this approach does not seem to be working, as 46% of respondents lack confidence in traditional solutions to detect and block AI-generated attacks.

The research highlights an opportunity for an alternative approach with AI-driven security as the next frontier of email protection, as 92% of survey participants see the value in using AI to defend against AI-generated email threats. Additionally, more than 94% of survey participants say that AI will have a major impact on their cybersecurity strategy over the next two years.

“The good news is that cybersecurity leaders recognize the need for a modernized approach to email security—one that puts AI at the center,” continued Reiser. “With generative AI making it possible to create never-before-seen attacks at scale, it’s no longer enough to look for known indicators of compromise. There is a huge opportunity for security leaders to tap into the power of AI to effectively stop advanced attacks targeting their organizations—regardless of whether they were generated by AI or created by humans.”