Generative AI, Content, Security Program Controls/Technologies

Abnormal Security Offers New Tool to Detect AI-Generated Email Attacks

Group of paper airplane in one direction and with one individual pointing in the different way, can be used leadership/individuality concepts.( 3d render )

Abnormal Security, provider of a behavioral artificial intelligence (AI)-based email security platform, has launched CheckGPT, a new tool capable of detecting AI-generated attacks.

The capability determines when email threats, including business email compromise (BEC) and other socially engineered attacks, are likely to have been created using generative AI tools.

Disrupting the Attack Path

Cybercriminals are using tools like ChatGPT or its malicious cousin WormGPT to write what appear to be legitimate emails, scaling their attacks in both volume and sophistication, Abnormal said. In its latest research report, Abnormal uncovered a 55% increase in BEC attacks over the previous six months. In addition, the findings included:

  • An average of 3,973 third-party applications installed on average for organizations with 30,000+ employees
  • A 90%+ chance of receiving at least one BEC attack each week for organizations with 5,000+ mailboxes
  • A 34% increase in vendor email compromise attacks over the previous 12 months

Explaining AI’s use in email fraud, Abnormal Security CEO Evan Reiser said:

“As the adoption of generative AI tools rises, bad actors will increasingly use AI to launch attacks at higher volumes and with more sophistication. Security leaders need to combat the threat of AI by investing in AI-powered security solutions that ingest thousands of signals to learn their organization’s unique user behavior, apply advanced models to precisely detect anomalies, and then block attacks before they reach employees. While it’s important to understand whether an email was generated by a human or AI to understand and stay ahead of evolving threats, the right system will detect and block attacks no matter how they were created.”

What's Different About Abnormal's Approach?

Abnormal’s approach to stopping advanced email attacks is different from traditional methods, the company said. Here’s how it works (per Abnormal):

  1. The API architecture ingests thousands of diverse signals to build a baseline of the known-good behavior of every employee and vendor in an organization based on communication patterns, sign-in events and thousands of other attributes.
  2. It then applies advanced AI models including natural language processing (NLP) to detect abnormalities in email behavior that indicate a potential attack.
  3. After initial email processing, the Abnormal platform expands upon this classification by further processing email attacks to understand their intent and origin.
  4. The CheckGPT tool leverages a suite of open-source large language models (LLMs) to analyze how likely it is that a generative AI model created the message.
  5. The system first analyzes the likelihood that each word in the message has been generated by an AI model, given the context that precedes it. If the likelihood is consistently high, it’s a strong potential indicator that text was generated by AI.
  6. The system then combines this indicator with an ensemble of AI detectors to make a final determination on whether an attack was likely to be generated by AI.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.