Are You Ready to Fight AI-Powered Phishing Attacks?
As attackers use AI to launch more sophisticated phishing attacks, new startups are needed to keep companies and their data safe
By: Robby
Picture this — you’re sipping your morning coffee and get an email marked ‘URGENT.’ And it’s not just any email — it’s a message from your boss.
This email greets you like an old friend. It’s personalized with knowledge about your ongoing project, mentioning team members’ names and project specifics. Your boss needs you to call her ASAP — and she’s got a new number, so asks you to use the one listed in the email.
The urgent tone makes you anxious. Before you have time to think, you call your boss’s new number. The voice is unmistakably hers. She completely forgot about a payment due to one of your project’s vendors and wants you to transfer funds ASAP to avoid a late fee. Without a second thought, you follow the instructions and send the money.
Unfortunately, this call wasn’t from your boss — it was from an AI voice clone, sent by an attacker. Now, you’re dealing with not only losing the money, but internal investigations that could lead to legal issues, disrupt operations, and hurt your company’s reputation.
The growing threat of AI-powered phishing
While AI offers magical experiences and heightened productivity, it also has a dark side. Bad actors can use AI to harvest a massive amount of information about a target and use it to drive hyper-personalized attacks.
Natural Language Processing (NLP) is the killer feature. It can appear as a trusted source, crafting content that seems authentic. NLP can also manipulate language to induce fear and urgency, compelling the target to act instinctively.
In addition to email and SMS — voice, video, social media, QR codes, and browser-based chat are becoming increasingly common attack vectors. Voice-based attacks, known as ‘vishing attacks,’ have witnessed a 6-fold increase in annual incidents. And, thanks to advancements in voice cloning technology from companies like ElevenLabs, a staggering 35% of people can’t differentiate between an AI scam and a genuine human caller.
Generative AI is a master of rapid content creation. Since the launch of ChatGPT, there has been a 13x increase in phishing emails. At a frighteningly low cost, phishing campaigns can quickly and easily proliferate across an organization, gathering information on gaps in security protocols and tools, as well as the weak links among employees. That information can be used for even more targeted and sophisticated attacks on a company.
There will also be more cross-medium attacks. One example is “hybrid vishing” where an attacker uses a combination of email and phone. We’re already seeing 600% annual growth in hybrid vishing attacks.
The anti-phishing landscape
In the early days of phishing, email was the primary focus. That’s when first-gen anti-phishing vendors like Proofpoint were launched. Email-based attacks continue to be a major problem today, with 90% of successful cyber attacks starting with email phishing.
When mobile went mainstream, mobile-focused anti-phishing vendors such as Lookout and Zimperium came out. As phishing attacks increased in sophistication — with personalized attacks that posed as trusted individuals or brands — anti-phishing vendors added advanced analytics and machine learning to understand behavior and communication patterns to better detect attacks.
For instance, Abnormal Security has used AI to detect anomalous behavior by analyzing tens of thousands of unique signals in email messages. Last year, they hit $100M in ARR after less than 5 years in market, pointing to the growing need (and budget) for anti-phishing software.
Today’s Anti-Phishing Ecosystem
Call for next-gen anti-phishing startups
Given the accelerated development of GenAI, we’re at a new inflection point. Attacks are evolving at an alarming rate, which calls for a new wave of anti-phishing software. We’re looking for founders innovating in the anti-phishing space, and believe next-gen solutions will include:
- AI to detect anomalous communication 10x faster, with 10x better accuracy than existing solutions
- A unified view of employees across mediums (e.g. email + phone) to better identify sophisticated, cross-platform attacks
- Features that all great, modern security products have such as fast time-to-value, cloud-native approach, seamless integrations, real-time functionality, the ability to work at scale, and board-level metrics
AI will do a lot of good for humanity, but will also be behind powerful attacks. The age of AI-powered software means we need anti-phishing software that stays on the forefront of what AI offers, to handle sophisticated, cross-vector, hyper-personalized attacks.
Our team at Cowboy Ventures has backed several cutting-edge security companies, including compliance automation platform Drata and email phishing detection software Area1. We’re on the lookout for founders who combine strong AI chops with security know-how and GTM savvy in the anti-phishing space.
Within AI, we’re also actively investing in founders building in Vertical AI, per our recent blog post, as well as AI infrastructure which we break down in our primer.
If you’re a founder focused on helping companies defend against AI-powered phishing attacks, I’d love to chat.
Find me on X at @amanda_robs 🤠
