Last week in Washington, DC, I met with a group of CISOs and security leaders for an event centered on a simple question: what can attackers actually do with AI right now? To help answer that question, I brought in my longtime collaborator and fellow security enthusiast, Freakyclown (FC), an ethical hacker who has been hired by banks, governments, and organizations around the world to break in before the bad guys do. We've been doing versions of our AI vs. AI roadshow together for years, and the attack demonstrations still impress me every time.

Email-based attacks have moved through three distinct eras. Twenty years ago: spray and pray—bulk, unsophisticated, cast a wide net and hope. A decade ago: spear phishing—highly personalized, but slow and expensive because the research had to be done by hand. Today: AI-generated attacks that are both highly personalized and effortless at scale. FC's demo is the clearest illustration I've found of what that actually looks like.

We saw, in real time, how AI enables an attacker to complete what used to take 40 hours of analysis in only minutes. FC completed all research on the target, built the infrastructure, crafted a personalized message that referenced things only a real contact would know, and sent an email that would pass almost any traditional security check, all on a laptop connected to hotel Wi-Fi.

It didn’t stop there. We demonstrated real-time deepfake video with a volunteer from the audience. It’s one thing to hear about a deepfake video—it’s another to see one created live, and of you.

Before joining Abnormal, I spent years running security operations at Fortune 500 companies—building SOC teams, deploying SEGs, writing detection rules, tuning policies. I've been on the other side of this problem. My last SEG took 18 months to stand up properly. I believed in it because it was the best tool available. But the threat it was built for and the threat we face today are two different things.

We've built our defenses around detecting something malicious, such as suspicious links, bad attachments, and known threat signatures. But the most dangerous attacks today don't have any of those things. They're well-crafted messages, from believable senders, asking for something that looks like a normal business request. Nothing to scan. Nothing to flag. Technically clean.

Fail safes will fail. Even the instinct to "just call and verify" runs into trouble when audio and video can be spoofed in real time, as we saw. The tools we've relied on for the last 20 years were built for a different threat, and that threat has evolved.

Fighting AI-powered attacks with static rules is like trying to catch someone who keeps changing their face. The better play is building a detailed picture of what normal looks like for every person in your organization, then flagging anything that doesn't fit. Behavioral AI doesn't need prior threat intel. It just needs to know what's out of character.

Think about how US Secret Service agents are trained to detect counterfeit money. They don't start by memorizing known fakes. They become intimately familiar with genuine currency, counting large sums of real cash repeatedly until they can immediately identify and even feel a fraudulent bill before ever looking for specific security features. Abnormal uses AI in a similar way. We baseline your environment so thoroughly that we know what normal business looks like. It's not about recognizing the counterfeit. It's about knowing the real thing so well that nothing else passes.

As a former customer and early adopter of Abnormal, I can say these things all day, but now I'm paid to say them, so it can feel disingenuous. That's why I was grateful to have Josh Dwyer, Manager of Cybersecurity Incident Response Operations at Markel, share his experience.

Josh's journey to Abnormal started when a socially engineered campaign exposed a critical blind spot: the message body was embedded as an image rather than text, so his SEG couldn't parse the words. It sailed right through a multi-million dollar tech stack and landed directly in employee inboxes. But the bigger problem wasn't the dramatic moments—it was the daily grind. His team was spending 20 to 40 hours a week reviewing and triaging phishing reports. Tickets coming in constantly. Legitimate-looking emails that needed human eyes to evaluate. Time that could be spent on anything else.

"We don't have to deal with phishing emails like we used to. I think now we might spend 4 or 5 hours a week—and almost all the time, it is safe, because Abnormal is catching what's passing through."
— Josh Dwyer, Manager of Cybersecurity Incident Response Operations, Markel

When I asked Josh about the 30-second integration claim—something I initially found hard to believe myself—he laughed and said the longest part of the whole process was getting it through change management. The technical integration was, in fact, fast.

Attacks are faster, more sophisticated, and more scalable than ever. The defenses we built for the last generation of threats are showing their limits. If you were in the room in DC, I hope it was as eye-opening for you as it was for me the first time I saw it. And if you weren't—we're doing more of these. I'd love to see you at the next one. Check out the schedule here.

See how Abnormal handles real-world attacks like these in your environment. Request a personalized demo.