New Data from Inception Cyber Exposes Blind Spot in Email Security: 1 in Every 50 Employees is Exposed to Advanced Email Threats Each Month

AI-driven NACE™ reveals 93% of evasive attacks bypass traditional defenses—
explaining how these threats continue to reach employee inboxes

Palo Alto, CA—April 15, 2025—Inception Cyber, the inventors of Intent-Based Threat Prevention, today announced new findings from real-world deployments of its Neural Analysis and Correlation Engine (NACE™) platform. An analysis of millions of emails across software development, manufacturing, services and large financial segments revealed that 1 in every 50 employees encountered an evasive email threat—despite existing enterprise security solutions including native security provided by cloud email providers, Secure Email Gateways (SEGs), and Integrated Cloud Email Security services (ICES).

Most notably, 93% of malicious attachments identified by NACE™ were missed by 96% of security engines on VirusTotal, underscoring the blind spots in traditional detection approaches.

These findings follow Inception Cyber’s recent public launch and $3M seed funding round led by Neotribe Ventures. As generative AI empowers attackers to scale, personalize, and rapidly vary phishing, ransomware, and BEC campaigns, the detection gap between legacy tools and modern threats is widening.

“The threat landscape has fundamentally changed and evasive attacks are no longer edge cases—they’re the norm,” said Bill Mann, CEO and co-founder of Inception Cyber. “AI is transforming cyber threats across three dimensions—scale, precision, and variance—each one making attacks more dangerous and harder to detect. This doesn't just mean more attacks. It means we need to prepare for better attacks—built to bypass legacy defenses and exploit human trust.”

Real-World Findings from NACE™ Deployment

Inception Cyber analyzed millions of emails across software development, manufacturing, services and large financial segments all of which were using native security from email providers, Secure Email Gateways and ICES tools. The findings highlight the massive change in attack tactics and sophistication demonstrated by human threat actors and AI. 

“Current attacks are inherently evasive by design,” says Abhishek Singh, founder and CTO of Inception Cyber. “NACE™ employs a first-principles approach to detect evasive phishing URLs and malicious attachments without relying on payloads or landing pages, whether generated by threat actors or AI. By understanding the deeper meaning—intent of emails—and using it as a core feature, NACE™ overcomes the limitations of current technologies, enabling the detection of phishing, malicious attachments without malicious payloads, and BEC without the need for human behavior analysis.”

FINDING #1: 1 in Every 50 Employees Encountered an Evasive Email Threat Per Month—Even with Existing Email Security Tools in Place

These advanced threats slip past existing defenses by combining clever evasion techniques with the power of generative AI.

• AI-generated emails with flawless language and tone
• Links to legitimate domains and CAPTCHAs to appear safe
• No links or obvious attachments, bypassing training and detection
• Impersonation of non-VIPs such as vendors, customers, support, and sales—not just executives
• Highly targeted phishing attacks specifically crafted for each target, using correct corporate branding and legitimate business details relevant to each recipient

FINDING #2: BEC Impersonation Trends: External Identities Now the Primary Target

Findings show that evasive BEC attacks are increasingly focused on impersonating external identities—such as vendors and customers—rather than just internal executives.

• 32% impersonated vendors (the most common vector)
• 15% impersonated customers
• 22% impersonated non-executive employees
• 20% impersonated executives

These findings challenge the conventional assumption that BEC primarily targets executives. Threat actors are shifting tactics—mimicking trusted third parties and rank-and-file employees to bypass both legacy security tools and employee training.

FINDING #3 - Detection Performance: What Others Missed

Inception Cyber’s NACE™ platform caught evasive phishing and malicious attachments that went undetected by all other technologies.

• 93% of SVG/HTML malicious attachments missed by 96% of AV engines in VirusTotal
• 95% of phishing URLs missed by 98% of VirusTotal scanners

FINDING #4 – Attackers Hide Behind Multi-Stage Redirects and Legitimate CAPTCHAs to Evade Detection

Threat actors are increasingly using multi-step evasion sequences to bypass email security tools. One of the most common methods: hiding phishing pages behind legitimate CAPTCHA, services (such as Cloudflare). These CAPTCHAs are designed to stop bots—but attackers now use them to block automated scanners and sandboxes from reaching the final phishing page.

Because the actual malicious content is only revealed after a human solves the CAPTCHA, traditional detection tools are blind to the threat—letting it slip through to the user.

Evasion Sequences Observed:

• SVG → Compromised Redirector → CAPTCHA → Phishing Page
• HTM → Obfuscated JS → Redirector → CAPTCHA → Phishing Page
• DOCX → QR Code → Redirector → CAPTCHA → Phishing Page

Learn more about Inception Cyber findings from production deployments.

About Inception Cyber

Inception Cyber, the inventors of intent-based security, is leading the next generation of threat prevention for an increasingly AI-driven world. The company's patent-pending Neural Analysis and Correlation Engine (NACE™) identifies and stops evolving AI or threat actor-generated ransomware, spear-phishing, and business email compromise attacks that bypass existing security measures and target employees.