5 Min. Reading Time<\/p>\n
The spear phishing email that passed through a mid-sized DACH company’s mail gateway last week was grammatically flawless, contextually precise, and contained not a single heuristic marker that Proofpoint, SpamAssassin, or Microsoft Defender would recognize as suspicious. It was written by an LLM, instructed by a threat actor with thirty minutes of research on the recipient’s role. The detection layer, built on pattern matching and URL reputation for twenty years, no longer catches such emails, and CISOs must rethink their architecture in 2026, rather than escalating filter updates.<\/strong><\/p>\n May 10, 2026<\/em><\/p>\n Key Takeaways<\/p>\n Related:<\/span>AI Agent Finds Linux Zero-Day in One Hour<\/a> \/<\/span> ITDR alongside SIEM and EDR: Detection Architecture 2026<\/a><\/p>\n What is AI Phishing?<\/strong> AI phishing is a class of phishing attacks where content (emails, pretext, links, and attachments) is generated or rewritten by a large language model like GPT-5, Claude 4.7, or a fine-tuned open-source model. The goal is to evade pattern-based detection, which has been trained on typing errors, template fingerprints, and suspicious phrases for years.<\/p>\n The first independent tests from threat reports by Mimecast, Proofpoint, and Group-IB show a clear pattern. A handwritten phishing email is stopped by standard profiles with a 70 to 85 percent probability, while a LLM-rewritten variant of the same email is only stopped in 15 to 35 percent of cases. This is not a tuning problem, but an architecture problem, as the filters simply no longer see suspicious markers.<\/p>\n Additionally, there is an asymmetry on the attacker’s side. A threat actor can generate fifty variants of the same pretext with thirty minutes of research on the recipient’s role, each formulated slightly differently. Anyone who doesn’t recognize this on a behavioral level, but on a pattern level, fails mathematically.<\/p>\n The detection architecture shifts to three parallel layers, each of which is necessary but not sufficient on its own.<\/p>\n Layer 1: Sender DNA<\/p>\n SPF, DKIM, and DMARC remain mandatory. Fresh domains, reputation fluctuations, and sender behavior changes are the early indicators that must now trigger immediately.<\/p>\n<\/div>\n Layer 2: Behavioral Baseline<\/p>\n What does the sender usually write to whom, in what tone, with which attachments? Anomalies against the individual recipient baseline are the most important new detection lever.<\/p>\n<\/div>\n Layer 3: LLM Classification<\/p>\n Specialized classification models (Proofpoint, Abnormal, Microsoft Defender for Office) read the email content itself and evaluate intent against the recipient’s behavioral baseline model.<\/p>\n<\/div>\n<\/div>\n The open question in most mid-market setups is not the tool choice, but integration. Anyone measuring sender DNA in the mail platform, behavioral analytics in the SIEM, and LLM classification in the EDR has three data silos that don’t talk to each other. This gap is precisely what the ITDR architecture shift<\/a> describes: Identity detection as a central layer that looks across mail, endpoint, and cloud.<\/p>\n In the pilot setups of the past few months, three profiles have been notably quick to move. Insurers and financial service providers who already need to implement BAFIN-driven MaRisk requirements and see the AI-phishing wave as a logical extension. Healthcare systems under external audit observation following the data leaks of 2024 and 2025. And IT service providers with clients in the public sector, whose contracts demand concrete response times for detecting spear-phishing.<\/p>\n Three more profiles are moving slower than they should. Traditional medium-sized industrial companies without BSI-relevant supply chains that consider the mail filter update a cosmetic issue. Family-owned and owner-managed businesses that leave the matter to their external IT service provider. And IT maintenance departments that, in Outlook-centric setups, pursue a Microsoft-only strategy, thereby reducing it to a layer that has isolated gaps.<\/p>\n These two movements will converge in 2026 with cyber insurance policies. Cyber insurers are now scrutinizing the detection stack in detail, and an unanswered questionnaire on mail-phishing defense will cost an additional 8 to 15 percent of the policy premium in 2026. The parallel pressure from the Linux kernel area, such as after the AI Agent Zero-Day discovery in May<\/a>, is only accelerating this trend.<\/p>\n Those who don’t want to wait can have a measurably better layer in one quarter.<\/p>\n In most cases, no. Pattern-based filters need an architectural update to behavioral analytics, which is more than just a patch. Those relying on Proofpoint, Mimecast, or Microsoft Defender should actively enable their AI modules and take the learning phase seriously; otherwise, the second layer will remain idle.<\/p>\n It remains important, but expectations must be adjusted. If the email is grammatically clean and contextually appropriate, employees don’t consider it phishing. Training focus in 2026 should be on behavioral anomalies (unusual requests, urgency, unusual channels), not on detecting typos.<\/p>\n NIS2 requires an initial report within 24 hours of a significant incident. If a successful spear phishing attack is only detected after days due to a lack of behavioral analytics, the deadline is mechanically missed. This is an operational trigger, not just a compliance point.<\/p>\n Market prices in 2026 for Abnormal, Proofpoint Nexus AI, and Mimecast CyberGraph range between 4 and 9 euros per mailbox per month in mid-market setups (200 to 2,000 mailboxes). That’s 9,600 to 216,000 euros per year, depending on size. Cyber insurers factor this into policy negotiations.<\/p>\n About the Author<\/p>\n Tobias Massow<\/strong> is CEO of Evernine Media GmbH and publisher of MBF Media Magazines. He observes detection reality through email, SOC, and CISO conversations that the magazine conducts daily and writes from this observation, not from tool marketing.<\/p>\n<\/div>\n More from the MBF Media Network<\/p>\n\n
Where the Classic Mail Filter Fails Today<\/h2>\n
What the New Detection Layer Really Needs<\/h2>\n
Who Will Upgrade First in 2026, and Who Will Wait<\/h2>\n
90-Day Plan for CISOs<\/h2>\n
Frequently Asked Questions<\/h2>\n
Is it enough to update the existing mail gateway?<\/h3>\n
What role does recipient training still play?<\/h3>\n
How does AI phishing relate to NIS2 reporting requirements?<\/h3>\n
What does a behavioral layer cost in the mid-market?<\/h3>\n