New Email Security Focuses on Protecting AI Assistants from Phishing Attacks
As artificial intelligence (AI) assistants become increasingly integrated into both enterprise and personal workflows, a new frontier in cybersecurity is emerging: protecting these AI agents from complex phishing attacks. Proofpoint, a leading email security company, is pioneering a pre-delivery scanning approach designed to identify and neutralize threats specifically targeting AI systems.
Traditionally, email security has focused on protecting human recipients. However, the rise of AI assistants with direct inbox access introduces a new vulnerability. These assistants can automatically act on emails the moment they arrive, and their literal interpretation of commands makes them particularly susceptible to social engineering tactics. While a human might recognize a suspicious request, an AI agent could blindly execute it – for example, initiating a fraudulent money transfer.
“In recent attacks we are seeing cases where the HTML and plain text version are completely different,” explains Ryan Rapp, a security expert at Proofpoint.”The email client renders the HTML version while invisible plain text contains a prompt injection that can be picked up and possibly acted on by an AI system.” This tactic exploits the difference in how email clients display content, hiding malicious instructions in the plain text version that an AI assistant might process.
Proofpoint’s solution addresses this threat by scanning emails before they reach inboxes. Leveraging its massive scale – processing 3.5 billion emails, 50 billion URLs, and 3 billion attachments daily – the company intercepts and analyzes messages in real-time. this “inline” scanning prioritizes speed and efficiency.
to achieve this speed, Proofpoint employs smaller, specialized AI models trained on detection tasks. Rather than relying on the immense size of foundational large language models (LLMs) like OpenAI’s GPT-5 (estimated at 635 billion parameters), Proofpoint has fine-tuned its models to approximately 300 million parameters. This distillation process maintains detection accuracy while substantially reducing processing time. These models are also updated every 2.5 days to adapt to evolving attack techniques and understand the intent behind messages, not just relying on known malicious indicators.
The company also utilizes an ”ensemble detection architecture,” combining hundreds of different signals – behavioral, reputational, and content-based – to create a robust defense against evolving attack vectors.
“By stopping attacks pre-delivery, Proofpoint prevents user compromise and AI exploitation,” rapp stated. “Our secure email gateway can see emails and stop threats before they hit the inbox.”
According to security analyst Thiemann, the shift in focus is crucial. “Security tooling must evolve from detecting known bad indicators to interpreting intent for humans, machines, and AI agents,” he said.”Approaches that identify malicious instructions or manipulative prompts pre-delivery…address a significant gap in today’s defenses.”
While Proofpoint is currently leading the charge, the cybersecurity industry is expected to rapidly adapt to this new threat landscape. The urgency is clear: as AI adoption accelerates, so too will the ingenuity of cybercriminals seeking to exploit its vulnerabilities. The question isn’t if new AI-borne threats will emerge, but when.
