At Cofense, we have been active in testing, validating, and deploying general AI tools for the last three years – and we have learned a lot. How these tools integrate with our products and processes are constantly evolving, and the trends we are observing may surprise some of you.
AI defensive tactics are not going to solve AI offensive phishing attacks. Although AI is helpful, it’s just one ingredient, and it’s not the most important one. Nothing comes close to the solving and reasoning power of a properly trained human being – in this case your employees. The human brain is integral to and must be (remain) a major part of, the total security solution – especially in communication tools such as email.
As you look at most vendors’ recent security product marketing ‘speak’, you’ll notice the dizzying array of buzzword acronyms including AI, ML, LLM, NN and variations of those. These acronyms certainly drive curiosity, but are they making improvements to the efficacy of defensive email phishing security over the prior art of developing solutions in a more classic programmatic approach?
The answer is yes, but …
Adding elements of properly trained AI large language models, as an example, can help, but we need to look at these models more as an arrow in our security quiver, rather than as a silver bullet.
To paint an effective email security picture, employee security awareness training with risk validation reporting is still an organization’s first and best line of defense against all types of phishing attacks, especially new not-yet-seen vectors, and zero-day attacks.
So how does this relate to AI? First let’s remember that offensive AI is being used by bad actors to make Phishing attacks more effective. Offensive AI does not target the defensive AI built into your secure email gateway (SEG) – it targets your employees.
Cofense is in a unique position to capitalize on AI because we have the world’s largest source of diverse, current, and continuously updating email phishing data from which to train our models.
These data come from over 35+ million Cofense-trained employees who work at thousands of businesses in every industry sector across the globe. Only Cofense’s threat ingest system sees what all the popular SEGS are missing – no other email security vendor has this capability. We verify, on average, one dangerous threat per minute that got past a SEG and landed in an employee’s email inbox. That’s over 1400 malicious and potentially business crippling attacks per day.
Cofense has two products with investments in AI: PhishMe Email Security Awareness Training with Risk Validation, and the one-of-a-kind Cofense Phishing Detection and Response Platform – PDR.
PhishMe uses the data from over 650,000 reports a month to spot new trends in phishing attacks. We are training models to see if AI can help pinpoint patterns we call How Patterns. How it looks, How it sounds, and How it’s structured and delivered. These How patterns will help us deliver better simulation training in future PhishMe releases.
Our PDR platform works together with our expert analysts in our Phishing Detection Center to analyze incoming threats which evade classic SEG programmatic checks. PDR will identify and validate a dangerous SEG miss, and then reach out to all Cofense PDR customers and remove that threat from all employees’ inboxes. In 2023 Cofense processed over 7.3 million ingested examples which we can use as high quantity – high quality model input.
At Cofense we have been modeling in AI for a few years now, and we probably have more valid training data for email security than most. We’ve concluded that AI will help, and we are putting it to work, but AI is not ready to be the conductor of the orchestra, nor do we have evidence that it will rise to that occasion anytime soon.
Buyers of security software should look at what really is effective in stopping phishing attacks – it is still a properly trained and incentivized employee base, using RI – Real Intelligence.
