A recent report reveals that the majority of organizations believe cybercriminals are already using artificial intelligence (AI) in email attacks targeting their organizations.

The new report The Role of AI in Email Security, released by SlashNext in partnership with Osterman Research, includes data from a recent survey of U.S. tech and security leaders at organizations of at least 1,000 employees, and sheds light on their views of how AI is being weaponized by cybercriminals in email and other messaging-based attacks, and how they are preparing to defend their organizations against these attacks using AI-enabled security solutions.

The report reveals that 91% of respondents either agreed or strongly agreed that cybercriminals are already using AI in email attacks targeting their organizations, with 74% indicating they have experienced an increase in the use of AI by cybercriminals in the past six months. Similarly, 88% of respondents believe cybercriminals will continue to innovate in their use of AI in these types of attacks going forward. This strongly echoes what security experts and researchers have been warning since ChatGPT became publicly available just a few short months ago, and spinoffs of ChatGPT developed with malicious intent, such as WormGPT, entered dark web forums.

Other report highlights

  • 25% of respondents indicated email security is their top concern, with another 52% indicating it is among their top three concerns.
    • Email provides access to almost everything else within an organization, and from its early inception was not designed to be inherently secure – this has made it both a prime target for bad actors and an incredibly difficult attack surface to defend.
  • The percentage of respondents ranking AI as "extremely important" to their email defenses has increased more than fourfold over the past 12 months, and a total of 92% of respondents currently rate it as moderately or extremely important.
  • 90% of respondents confirmed they have implemented an AI-enabled email security solution beyond what is offered by their cloud email provider.
    • After adopting AI-enabled security solution(s), four out of five organizations observed improved efficacy in detecting multiple types of threats in email (e.g. targeted spear phishing, BEC, account compromise of internal employees, malicious attachments and URLs, etc.), even as threat actors have changed their attack methods.
  • 83.7% of respondents said the ability to protect other communications applications in their ecosystem (e.g. Teams, SharePoint, Zoom, Slack, etc.) was moderately or extremely important when evaluating AI-enabled email security solutions