How is Artificial Intelligence Used to Address Email Threats?

In part 3 of our 5-part series, Ed Amoroso discusses how artificial intelligence (AI) technology is particularly useful for reducing cyber risks to cloud email.
January 30, 2023

This article is the third of a five-part series from Ed Amoroso at TAG Cyber. You can read part one here and part two here.

Enterprise security teams are increasingly excited about the use of the most advanced technologies to mitigate their risk and improve security posture. While such innovation creates many new opportunities to reduce cyber risk, it also drives the need for practitioners to develop a reasonable working-level understanding of how these new technologies work, especially when some complexity is involved.

In this article, we focus on the most prominent of new technologies for cybersecurity—namely, artificial intelligence, or AI. The role of AI in security is promising. Still, enterprise teams are advised to develop insights into what truly meaningful AI technology is and what might be considered less relevant aspects of AI, including claims that are more marketing hype than operational reality. By understanding what AI is and how it works, security leaders can ensure that they have the knowledge they need to keep their organizations protected.

How Does AI Work in Security?

The broad discipline known as artificial intelligence (AI) references an assortment of different technologies, algorithms, methods, and underlying foundational math.

The first applications of AI for cybersecurity emerged in the early 2010s with work from experts such as Stuart McClure, then working at Cylance. The idea was then, and remains now, that the application of security-relevant data could be used to inform learning algorithms sufficiently to support the prediction of vulnerabilities or threats. This remains the canonical approach to using AI for cybersecurity.

While taxonomies for AI include a wide variety of strategies ranging from expert systems to complex neural networks, most cybersecurity applications of artificial intelligence utilize machine learning, often based on simple linear regression. This involves reviewing a series of input attributes related to the processing environment and then predicting whether a security issue exists based on learned outcomes.

TAG Cyber Blog AI Canonical Use of Machine Learning for Cybersecurity

Canonical Use of Machine Learning for Cybersecurity

The general strategy for machine learning in cybersecurity involves a training set obtained from security-relevant data. This is analyzed by a learning algorithm that is associated with a hypothesis—usually whether some threat or vulnerability is present. As one would expect, the hypothesis is informed by our features, or attributes of the environment, and generates a predicted value. That predicted value is then used to make a decision about the potential threat.

Can AI Be Used to Protect Cloud Email?

One of the more promising areas in which artificial intelligence has been applied to cybersecurity threats is with the use of email security. Such an application is well-suited to AI due to the high volume of available data and the high likelihood of clear usage patterns that can be detected through normal user behavior. Combining these with good algorithms and strong computing platforms produces valuable results with increasingly high efficacy.

The canonical approach to machine learning can be used to illustrate the tailoring required for cloud email security. Training sets are derived from data collected during cloud email usage and learning algorithms are tailored to the cloud security email use cases of interest, including phishing and business email compromise. The hypothesis is whether evidence of an attack exists and the output determines whether the platform should take action to block the email.

TAG Cyber Blog AI Tailoring Machine Learning to Cloud Email Security

Tailoring Machine Learning to Cloud Email Security

By doing so, artificial intelligence can make decisions much faster and more effectively than users or security professionals. And as a result, the security algorithms can be trusted to detect and prevent email attacks, even those that have never before been detected by traditional tools. In essence, these algorithms are constantly learning from the inputs so that they can make correct decisions about the most dangerous threats targeting organizations today.

In our next article, we explain how Abnormal Security provides strong protection against email attacks and uses machine learning algorithms to improve the accuracy of the output recommendations.

See for yourself how Abnormal leverages behavioral AI to protect your organization from the full spectrum of email attacks. Schedule a demo today.

Schedule a Demo
How is Artificial Intelligence Used to Address Email Threats?

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B 1500x1500 Adobe Acrobat Sign Attack Blog
Attackers attempt to steal sensitive information using a fraudulent electronic signature request for a nonexistent NDA and branded phishing pages.
Read More
B 4 15 24 RBAC
Discover how a security-driven RBAC design pattern allows Abnormal customers to maximize their user setup with minimum hurdles.
Read More
B 4 10 24 Zoom
Learn about the techniques cybercriminals use to steal Zoom accounts, including phishing, information stealers, and credential stuffing.
Read More
Social Images for next Cyber Savvy Blog
Explore how Alex Green, the CISO of Delta Dental, safeguards over 80 million customers against modern cyber threats, and gain valuable insights into the cybersecurity landscape.
Read More
B Images for EDB Blog from Sanjay
Abnormal is excited to announce the establishment of a strategic partnership with the Singapore Economic Development Board (EDB).
Read More
B Automotive Data Blog
Research reveals the automotive industry has become a popular target for business email compromise and vendor email compromise attacks. Learn why.
Read More