Phishing continues to be the number one threat vector against cyber defense. It’s been like this for years because it continues to work well. It also allows attackers to log in vs break in, which is much cleaner and very effective at bypassing defenses. Hacking people’s trust is WAYYYY easier than compromising a technology.
One common question I’m asked is how is AI changing the game for defenders? Microsoft just posted an example of an answer to this question. Microsoft explains in a post HERE how using LLMs with email security is dramatically improving phishing detection. By how much is the improvement????? These are the numbers posted
…. I mean holy crap 99.995%????? That is insanely good. The new threat classification system provides several improvements for analysts:
- Granular Threat Identification: Provides a deep analysis, classifying threats by type, intent, and severity.
- Improved incident analysis and faster response: The real-time classification helps security analysts build custom detections and makes it easier to prioritize high-risk incidents, speeding up response and lowering breach risk.
- Inclusion in advanced hunting: Perform deeper investigation to identify the tactics and patterns used by the attacker.
Check out the full post HERE to learn more. Regardless of your thoughts of Microsoft security technology, its a good read to see how LLMs is changing the game for cyber defense against phishing.