Upcoming Presentation RSA 2025 Presentation: Leveraging Generative and Predictive AI to Detect AI Based Attacks

I am excited to announce I’ll be presenting our research on Leveraging Generative and Predictive AI for the Detection of AI-based Attacks on April 30th 1:50 PM - 2:10 PM  PT in Briefing Center #2 at the RSA 2025.

In the first part of the presentation, I will share how AI can be used to amplify the generation of attacks. This includes crafting numerous variations of conversational BEC messages, developing evasion techniques, and creating diverse forms of malicious attachments and phishing pages. The numerous variations of conversational payloads can increase the likelihood of false negatives in fine-tuned binary and multi-class classifier neural networks, such as BERT, if they are not trained on all possible semantic variants. Similarly, the introduction of evasion techniques will hide malicious payloads and phishing pages at the time of scanning, enabling them to bypass detection technologies within the email security pipeline.

In the next part of the presentation, I will dive into the technical details of how our core technology, NACE, addresses this problem from first principles by eliminating reliance on the detection of malicious payloads or landing Phishing URL, thereby rendering it immune to the evasion techniques designed to conceal them.

The presentation will then dive into the details on the semantic and thematic analysis leveraged to determine the purpose or deeper meaning i.e. intent of an email by analyzing text from the body, attachments, and subject of an email. This is achieved using fine-tuned classifiers, similarity analysis, hierarchical topic modeling, phrase-based topic modeling, and a Cross Encoder-based semantic re-ranker to derive the email’s intent. The derived intent serves as a key feature in assessing and classifying the attachment or URL as either malicious or benign, without requiring the analysis of malicious payloads or landing phishing URLs which is hidden behind evasions.

The presentation will then conclude with the details of some of the results which have been observed in real world deployment. 

Figure 1.0 Attack Distribution in a Real-World Deployment.

• 93% of the evasive malicious attachments (such as SVG, HTML, docx  files) detected by NACE were missed by 96% of the AV engines in VirusTotal.
• NACE  detected complex cases of BEC, where threat actors impersonated customers and vendors.
• In the production traffic, NACE detected multi-stage phishing campaigns and malicious attachments, where payloads and landing URLs were obfuscated using multiple evasion techniques, as detailed in Figure 2.0.

Figure 2.0: Attacks Detected Employing Evasion Categories.

These results highlight NACE’s first-principles design, enabling the effective detection of AI-based attacks and blocking malicious email attachments, URLs at the initial access stage. NACE’s ability to understand the deeper meaning of emails further enables it to detect complex BEC cases, while its Zero-Shot semantic classification layer ensures the detection of AI-driven variations in conversational payloads.

Join us on April 30th 1:50 PM - 2:10 PM  PT in Briefing Center #2 at the RSA 2025 where we look forward to sharing our research.