During a live recording of CYBR.HAK.CAST at the inaugural CYBR.HAK.CON, hosts Michael Farnum and Phillip Wylie sat down with Scott DeLuke, Field Technical Director at Abnormal AI, to discuss the rapidly evolving state of email security. While the conversation covered everything from phishing-as-a-service to cloud email security, one theme surfaced repeatedly: email security has become an AI arms race.
Check our the full episode:


For years, email security was a game of signatures, blocklists, and known bad indicators. Security teams identified malicious domains, suspicious attachments, and recognizable phishing templates. Attackers responded by changing tactics, and defenders adjusted accordingly.
That era is ending.
Today, security teams are confronting something fundamentally different: AI-powered attacks capable of generating thousands of unique phishing messages, leveraging trusted services, and adapting faster than traditional security controls can respond. The result is a new reality where email security increasingly resembles an AI-versus-AI conflict, with humans playing a supporting role rather than serving as the primary line of defense.
Attackers Are Operating at Machine Speed
The evolution of phishing has mirrored broader changes across cybersecurity. Just as endpoint security evolved from signature-based antivirus to behavioral detection and EDR, email security is undergoing a similar transformation.
The reason is simple: attackers no longer need to rely on malware attachments or obviously malicious infrastructure. Modern phishing campaigns frequently abuse legitimate cloud services, trusted domains, and sophisticated phishing-as-a-service platforms designed to evade traditional detection methods.
According to DeLuke, AI has dramatically accelerated this shift.
More from CYBR.HAK.CON:


Where attackers once spent days crafting a handful of convincing phishing emails, they can now generate hundreds of thousands of highly personalized messages in a fraction of the time. Many campaigns are effectively zero-day attacks, meaning there are no existing signatures or indicators for traditional security tools to detect.
The volume alone presents a challenge. The sophistication makes it worse.
Modern phishing kits increasingly include anti-analysis capabilities, human verification checks, and infrastructure designed to frustrate investigators. Some can distinguish between human and automated interaction. Others hide behind trusted cloud services that make tracing activity back to the attackers significantly more difficult.
The result is an environment where attackers can innovate at unprecedented speed.
Why Human Defenders Can't Keep Up
Security operations centers were never designed to operate at the pace AI enables.
For years, analysts could manually investigate suspicious messages, review alerts, and identify patterns. That model becomes increasingly difficult when attackers can launch massive campaigns composed of messages that all look different from one another.
The challenge isn't simply volume. It's the disappearance of reliable patterns.
Traditional detection technologies were built around recognizing known threats. AI-generated attacks often lack those recognizable fingerprints. They arrive from legitimate domains, leverage trusted services, and mimic normal business communication with alarming accuracy.
During the CYBR.HAK.CAST discussion, DeLuke described a reality where human analysts can no longer sit in front of the problem and expect to keep pace. The economics no longer work. Attackers have automated their operations, and defenders must do the same.
That doesn't mean humans become irrelevant. It means their role changes.
The Future of Email Security Is Behavioral
The next phase of email security will be defined by behavioral analysis rather than signatures.
Instead of asking whether a message matches a known threat, security platforms increasingly ask whether a message behaves like normal communication. Does the sender typically communicate with this recipient? Is the request consistent with previous interactions? Does the behavior align with established patterns?
Those questions are difficult for humans to answer at scale. They are precisely the kind of problem machine learning excels at solving.
The organizations that adapt most successfully will likely embrace a partnership between humans and technology. AI will handle the overwhelming volume of routine threat detection, while security professionals focus on incident response, strategic decision-making, and the edge cases that require human judgment.
That shift is already underway.



