AI amplifies threat complexity
Unlike traditional phishing, VEC attacks mimic legitimate business email threads, often generated using AI to replicate tone, branding, and message history with high accuracy. With no obvious triggers for detection, these emails bypass filters and fool even cautious employees, who, in a tight job market, often rush to resolve perceived issues like missed payments.
“Existing controls like multi-factor authentication are failing against these AI-powered attacks,” Dubal warned. “We need a fundamental strategy shift that addresses psychological manipulation, not just credential verification.”
Perimeter defenses alone can’t stop this AI-driven VEC, he added. “Organizations need three critical upgrades: AI-powered email analytics that detect subtle inconsistencies, active vendor verification protocols, and retrained employees who recognize social engineering, not just technical threats.”
