Phishing

New Email Security Focuses on Protecting‌ AI Assistants from‍ Phishing Attacks

As artificial intelligence (AI) assistants become increasingly integrated into both enterprise and personal workflows, a new frontier in cybersecurity is emerging: protecting these AI agents from complex ‌phishing attacks. Proofpoint, a leading email security company,​ is⁤ pioneering a pre-delivery scanning approach designed to identify and neutralize threats specifically targeting AI ⁣systems.

Traditionally, email security has focused on protecting human recipients. However, the rise of AI assistants with direct inbox access introduces a⁣ new vulnerability. These assistants can automatically ‍act on emails the moment they arrive,‌ and their literal interpretation of commands makes them particularly​ susceptible to social engineering tactics. While ‌a human might recognize a ⁤suspicious request, an AI agent⁣ could blindly execute it – for example, initiating a fraudulent money transfer.

“In recent attacks we are‌ seeing cases where the HTML and plain text version are completely different,” explains Ryan Rapp, a security expert at Proofpoint.”The email⁢ client renders⁣ the HTML version while invisible plain​ text contains a prompt injection that ⁣can be ⁤picked up and possibly acted on by an ⁤AI system.” ‌This tactic exploits ⁢the difference in how email clients display content, hiding malicious ⁢instructions in the plain text version that an AI assistant might process.

Proofpoint’s solution addresses⁢ this threat by scanning emails before they reach inboxes. Leveraging its massive scale – processing 3.5 billion​ emails, 50 billion URLs, and 3 billion attachments daily – the company intercepts and analyzes messages in real-time. this “inline” scanning prioritizes speed and efficiency.

to achieve this speed, Proofpoint employs smaller, specialized AI models trained on detection tasks. Rather than relying on the immense ​size of ​foundational large language models (LLMs) like OpenAI’s GPT-5 (estimated ​at 635 billion parameters), Proofpoint has fine-tuned its models⁣ to approximately 300 million parameters. This distillation process maintains detection accuracy while substantially reducing processing time. These models‌ are also updated⁢ every 2.5 days to ‍adapt to evolving attack techniques and understand the intent behind messages, not just relying on known malicious indicators.

The company also utilizes an ​”ensemble detection architecture,” combining hundreds of different signals – behavioral, reputational, and content-based – to create a robust defense against evolving attack vectors.⁣

“By stopping attacks pre-delivery, ​Proofpoint prevents user compromise and AI ⁣exploitation,” rapp stated. “Our secure email gateway ‌can see‍ emails and⁢ stop threats before they hit the‌ inbox.”

According to ⁣security analyst Thiemann, the shift in focus is crucial. “Security tooling must⁢ evolve from detecting known bad​ indicators ⁤to interpreting intent for humans, machines, and ⁢AI agents,” he said.”Approaches that identify malicious instructions or manipulative prompts pre-delivery…address‍ a significant gap in today’s defenses.”

While​ Proofpoint is currently ⁢leading⁢ the charge, the cybersecurity industry is expected to rapidly adapt to this new threat landscape. The urgency is clear: as ‌AI adoption accelerates, so too will⁤ the ingenuity of cybercriminals seeking to exploit its vulnerabilities. The ‍question ⁤isn’t if new AI-borne ⁢threats will emerge,‌ but when.