Artificial intelligence has transformed email security into a full-scale arms race.
On one side, attackers are leveraging generative AI to produce
phishing emails that are faster, cheaper, and more convincing than ever before. On the other hand, defenders are using AI-native tools to detect, analyze, and respond to those threats at equal speed.
The result is a quickly changing battlefield on which
traditional email protections are out of date, and where AI is becoming essential for both offense and defense.
"AI can help you spot and not just stop e-mail threats," explained Faisal Misle, Technical Lead at Red Sift. "[It] can also help evaluate your internal infrastructure quicker. Spot SPF mistakes,
DMARC mistakes, DKIM mistakes, DNS-level mistakes, or mistakes you may have in your infrastructure that make you more vulnerable."
How to spot AI-powered threats
AI has quickly lowered the barrier to entry for email-related cybercrime, making it easy for anyone from nation-state actors to inexperienced attackers to spin up highly convincing phishing campaigns. The resulting email lures aren't full of spelling errors or awkward phrasing; they're grammatically flawless and often tailored to the recipient.
"Bad actors can use things like
Claude, which is getting more and more sophisticated, to create very sharp, very hard-to-detect phishing, business email compromise attacks [and] spoofing attempts," noted Jack Lilley, Senior Communications and Content Marketing Manager at Red Sift.
You can already see this in real-world campaigns such as the
Tycoon 2FA phishing kit, the
Scattered Spider group's social-engineering attacks, and the recent wave of
data-gathering attacks upon Mexican government agencies.
In these cases, attackers combined automation with personalization to bypass traditional defenses. AI-generated business email compromise (BEC) attacks can even incorporate
deepfake audio or highly contextual messaging, making impersonation far more effective.
"As AI gets better and better, it gets virtually undistinguishable from a real human email," said Misle.
But, he added, subtle clues still exist. Changes in tone, such as an unusually formal or overly enthusiastic message, can indicate that something might be off. Misle cited a friend's experience in which deploying an AI model reduced phishing emails by 99% during a week-long test.
"If it doesn't sound right, it probably is not," he explained.
Similarly, inconsistencies in attachments or images — for example, a real-looking person with too many fingers — may reveal AI involvement, although these indicators are becoming less reliable as the AI models improve.
How embedded AI assistants and intelligent domain analysis tools help security teams
Attackers obviously benefit from AI, but email defenders might ultimately gain the upper hand if they use AI at scale. Properly trained AI models can detect patterns that humans often miss, from subtle anomalies in email headers to inconsistencies in message content.
"If you give an AI enough direction, AIs can actually be better than a human trained eye," Misle said. "They can not only spot the subtleties in the headers of [an email message], but they can also analyze the body itself."
That's a key development, because the most effective phishing and BEC messages evade traditional message filters by including no attachments or embedded links. Instead, the message itself, often written by AI, convinces the recipient to cooperate with the scam.
AIs embedded within email defensive systems, said Misle, can also cross-check phone numbers, detect typosquatted domains, and spot deceptive techniques like hidden character substitution in URLs (such as Cyrillic letters replacing Latin ones).
AI also excels at reducing alert noise. Security teams are often overwhelmed by alerts, but AI can prioritize real threats and filter out false positives.
"AI basically helps you weed through the noise and pick out the gems that need fixing or need attention," said Misle. " AI doesn't need to sleep, doesn't need caffeine, doesn't need rest, and the performance does not degrade over time."
How to deploy AI throughout your email protection system
AI's greatest value comes from being embedded across the entire email security stack. Rather than acting as a standalone tool, it should enhance multiple layers of defense, from pre-delivery filtering to post-delivery investigation and infrastructure analysis.
However, as Misle pointed out, the availability of AI assistance depends on what your email-security vendor can offer.
"We offer a variety of add-ons or features in our tools that we deploy AI with," he explained. "One is the agentic AI in our [
Brand Trust] look-alike detection platform, but we also have a cybersecurity trained LLM called Radar that can help you spot misconfigurations in your DNS."
In fact, Red Sift's
Radar Lite is a free version of the Radar tool that uses AI to quickly assess the domain health, authentication configurations, and vulnerabilities of any website.
It gives you immediate visibility into weaknesses in SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting and Conformance) — areas that attackers frequently exploit. (A similar free tool,
Investigate, lets you send in a test email to check the status of your outbound email server.)
Lilley ran the website of SC Media's parent company through Radar Lite. It returned, in his words, "not exactly the prettiest picture for you guys." Like many other websites, it
got a few things wrong.
But the tool also stated that the site's "overall security posture is significantly above the median configuration of domains in the software and IT industry."
Ideally, at the infrastructure level, an
AI-powered email defense tool can, as stated above, spot misconfigurations in DNS records and authentication protocols. At the detection layer, it can analyze incoming email messages for odd technical indicators and linguistic patterns. And at the response layer, it can guide analysts through investigations.
"I think Red Sift is uniquely positioned because we don't come out with AI features for the sake of saying we came out with AI features," said Misle. "The AI features we bake in are meant to help you be more efficient, reduce the noise and help you prepare better."