This week, we published two blogs highlighting real-world email attacks caught by our platform. One attack targeted a CFO with a credential phishing attempt, while another impersonated a DocuSign vendor, enticing employees to click on a malicious link.
These attacks bypassed existing security layers, underscoring the need for a new detection paradigm—one that focuses on attacker intent, not just payloads.
In this blog, I wanted to lay out what sets Inception Cyber apart from existing email security vendors.
A Crowded and Competitive Market
In December 2024, Gartner released its Magic Quadrant for Email Security, featuring over 20 vendors all vying for dominance. This group spans legacy Secure Email Gateway (SEG) providers—built in the 2010s—and Integrated Cloud Email Security (ICES) solutions, which emerged around 2018 with cloud-native architectures.
Many of these vendors claim to solve the core challenges—phishing, malware, and Business Email Compromise (BEC)—but most platforms were designed before recent breakthroughs in AI. While adding chatbots or bolting on basic AI features is straightforward, fundamentally reworking detection to focus on attacker intent requires deeper architectural changes. As a result, many email security solutions remain reactive, primarily tackling yesterday’s threats.
Attackers, meanwhile, are leveraging AI to evolve and scale, exposing the weaknesses of traditional and ICES approaches.
Intent-Driven Detection
Inception Cyber was founded on a simple realization: email security must evolve to stay ahead of modern threats. Instead of relying on keyword matches or older natural language processing (NLP) techniques, we built our solution on generative AI models like Llama 3. This shift allows us to interpret attacker intent at a more profound level, identifying threats earlier in the attack chain.
Where most solutions analyze payloads or user behavior, we detect attacks by studying attacker intent. This means going beyond static heuristics and outdated NLP. By focusing on how and why attacks are crafted, rather than on the specific content, our proactive approach catches threats before they become visible to traditional defenses.
Three Key Reasons We’re Different
1. Evasion Tactics Have Evolved
Modern attackers exploit the limitations of payload analysis:
- Links: Threat actors rotate URLs across numerous domains every few milliseconds, making them nearly impossible to track or blacklist in time. They use content delivery networks, redirects, and CAPTCHA to obscure phishing pages.
- Attachments: Encrypted or obfuscated files can slip past even advanced sandboxing solutions.
As a result, signature-based and sandboxing approaches are routinely bypassed by sophisticated evasion techniques. This gap calls for a paradigm shift—neutralizing threats before they even reach the payload stage.
What Inception Cyber Does Differently
We disrupt threats at their inception. By analyzing email routing details, envelope metadata, and body content, we can make decisions before a harmful payload is even introduced. This proactive approach stops attacks rather than reacting to them.
|
2. Attackers Now Use AI
AI is transforming the attacker’s toolkit far beyond basic phishing attempts. Tools like FraudGPT—an illicit chatbot similar to ChatGPT—enable threat actors to craft sophisticated attacks at scale. These tools generate phishing emails that are polished, grammatically correct, and customized to mimic genuine communications, making them nearly indistinguishable from legitimate messages.
But it doesn’t stop at phishing. As AI continues to advance, it’s also powering more complex tactics, including Business Email Compromise (BEC) schemes that use malicious AI to scrape real data—often from social media—in real time. By monitoring company and employee updates, threat actors can create highly relevant, timely messages that foster a dangerous level of trust, leading employees to unknowingly divulge sensitive information or authorize fraudulent transactions. AI is likewise fueling large-scale ransomware campaigns, ramping up their reach and sophistication. Traditional filters, which focus primarily on malicious payloads or known signatures, are increasingly outmatched by these adaptable, AI-driven threats.
What Inception Cyber Does Differently
Our detection models leverage years of data on attacker behavior, not just superficial indicators. We analyze:
- How threat actors craft their messages
- The intent behind the email
- Possible variations of the same campaign
- Tone, emphasis, and subtle linguistic cues
By analyzing message composition, attacker intent, and the contextual interplay among SMTP headers, deep file parsing results, and URL data, we detect threats that others overlook, thereby minimizing exposure.
|
3. Existing Vendors Model Employee Behavior
Many existing solutions rely on profiling individual employees—often executives—as high-value targets. However, attackers have broadened their reach to non-executives like insurance adjusters, healthcare approvers, and others with critical access to systems and data. This user-centric approach simply doesn’t scale across thousands of employees, each with unique roles and behaviors—leading to increased false positives and missed threats.
Meanwhile, attackers leverage AI to expand effortlessly, outpacing systems that depend on modeling employee norms.
|
What Inception Cyber Does Differently
Rather than modeling employees, we model the attacker. We study attacker tactics, techniques, and intentions. This approach scales effectively to any organizational size or complexity. We don’t rely on what’s “normal” for employees; we identify what’s abnormal from the attacker’s perspective, making our detection more precise and less prone to false alarms.
|
Final Thoughts
Email security is at a turning point. Attackers are evolving rapidly with AI and finding new ways to bypass traditional defenses. Many tools were designed for older threats, and the challenge now is to anticipate and understand attacker intent, not just detect known threats.
At InceptionCyber, we believe the time has come for a fundamental shift—from reactive tactics to a proactive, AI-driven model that adapts as quickly as attackers do. Our goal is to reimagine email security from the ground up, protecting organizations against threats as they emerge, not just after they’ve been identified.
