Do you have something cool to share? Some questions? Let us know:
The discussion centered on the inadequacy of traditional, rule-based email security systems against a new generation of AI-powered adversarial attacks. Cy Khormaee and Ryan Luo, both former Google employees with deep experience in email security and NLP, argued that the problem is fundamentally unsolved, as evidenced by email and social engineering consistently remaining top threats in industry reports (e.g., Verizon DBIR).
Their core thesis is that a shift from rule-based systems to an AI-native, agent-based architecture is necessary to outpace the rapid, bespoke, and sophisticated attacks now enabled by generative AI. They position AegisAI not merely as an augmentation to existing solutions, but as a completely new defense paradigm designed to handle zero-day phishing attacks and adversarial fuzzing at scale.
II. The Adversarial Shift and Market Inadequacy
A. The Velocity and Volume of New Threats
Khormaee highlighted a dramatic increase in both the volume and sophistication of email-borne threats:
Volume Increase: AegisAI has observed a 4000% increase in the volume of attacks. For the average customer, over half of their employees are under attack monthly.
Attack Velocity: The lifecycle of an attack variant has shrunk from months/years to minutes and seconds, resulting in unique, bespoke attacks. This makes the traditional "see-attack, write-rule, deploy-defense" model obsolete.
Sophistication: Attacks previously associated with Advanced Persistent Threats (APTs) or nation-state actors—such as those using compromised, highly targeted identities or leveraging legitimate but compromised infrastructure—are now becoming commonplace in the hands of common cybercriminals.
B. The Failure of Legacy Systems
The guests contended that incumbent security vendors, who have spent 10–20 years building massive, rule-based systems and proprietary ML models, cannot adapt quickly enough:
Architectural Conflict: Attempting to "snap on" an LLM to a legacy rule-based architecture forces a restrictive reconciliation. The LLM's potential is either restricted by the rules, or the two systems constantly conflict.
The "Carpenter to Gardener" Analogy: Effective defense requires moving away from the manual, specific construction of tens of thousands of regex-style rules (the "carpenter" approach) to managing and nurturing 50 or 60 LLM agents (the "gardener" approach). This paradigm shift allows the defense system to grow, mature, and learn independently, staying ahead of adversaries.
III. The AI-Native Defensive Architecture
A. Leveraging Large Language Models (LLMs) for Context
Ryan Luo explained that LLMs are crucial because their natural understanding of human language and context is significantly deeper than any proprietary model previously trained on restricted datasets. This deeper understanding is much harder for adversaries to evade.
The AegisAI system utilizes a multi-agent architecture to achieve both high efficacy and economic feasibility:
Strategic Deployment: The system does not put every email through an expensive LLM. Instead, it uses traditional and initial checks to narrow down the high-risk pool, only invoking the deeper, context-aware LLM agents when necessary.
Agent Orchestration: The agents work collaboratively, similar to a Security Operations Center (SOC) team escalating issues from Tier 1 to Tier 3. Agents can ask each other questions, decide to go deeper or lighter, and piece together disparate data points into a cohesive threat profile.
B. Specific Attack Examples and LLM Efficacy
Khormaee provided concrete examples of attacks that require this new approach:
Document Scam Fuzzing: Adversaries are automatically fuzzing (creating variants of) document scams (e.g., fake DocuSign, Adobe Sign, encrypted invoices) to ensure every attack is bespoke and bypasses rules.
Compromised Infrastructure: Attacks are being sent from legitimate, compromised email distribution systems of Fortune 50 companies. These emails pass all traditional checks (DMARC, DKIM, SPF) because they are genuinely from the domain, yet the content is malicious.
Tailored Business Email Compromise (BEC): The crypto company example demonstrated an adversary compromising a third-party (an events company director) to send a highly contextualized, urgent payment request (a fake AACH invoice for logistics) to a specific target (the head of marketing) while they were at an event.
C. The Recapture Analogy and Zero-Day Detection
In the BEC case, the AI detection system pieced together several diverse, low-signal indicators that a single ML model would fail to combine:
Suspicious AACH payment request flag.
Misconfigured domain records suggesting vulnerability.
The use of an adversary-friendly CAPTCHA on the linked site (e.g., "click any five images").
By connecting these disparate signals, the AI acts like a human analyst, achieving emergent detection to spot a zero-day attack before a rule can be written for it.
IV. The Adversary's AI Arsenal
The guests detailed how adversaries are currently leveraging AI:
High-Fidelity Lures: Creating highly realistic threats embedded in images and QR codes to evade rule-based systems.
AI-Generated Facades: Creating entire, believable personas and infrastructures to support a single, targeted attack. This includes:
Net-new domains (e.g., "Bob's Builders").
Real-looking websites for those domains.
Real-looking human profiles on LinkedIn.
All elements are AI-generated to create a "business-relevant" facade that fools an analyst doing a basic investigation.
Future Trajectory: Khormaee predicted that the industry is moving to a world where all attacks are unique and bespoke to the individual target, eliminating mass-marketed attacks entirely.
V. Strategic Vision and LLM Development Philosophy
A. The AegisAI Mission
The founders expressed a deep-seated mission to solve the enduring problem of email security. Their goal is for email and social engineering to drop below the top 10 list of attacks in future industry reports, effectively "taking it off the list." They believe a centralized, data-driven system (like those built at Google, CrowdStrike, and Chronicle) gives the "good guys" the advantage by creating a dangerous and costly environment for adversaries.
B. LLM Development Tip (Ryan Luo)
Ryan Luo offered a key insight for LLM-driven development:
Avoid Over-Fine-Tuning: Do not try to force a generally intelligent model into a narrow "security analyst" pigeonhole through heavy fine-tuning.
Prioritize Orchestration: Focus on orchestrating and leveraging the model's native intelligence across several cooperating agents. The "system around the LLM is as important, if not more important, than the LLM itself."
Context Management: Be extremely careful about what data is fed into the model, as context is a valuable, finite resource (attention) that should be used sparingly.
C. Recommended Reading (Cy Khormaee)
Khormaee recommended CrowdStrike's Global Threat Reports, specifically the coverage on Scattered Spider, as a crucial read. This report illustrates the current trend of advanced adversary techniques being rapidly democratized and put into the hands of the average cybercriminal, a threat for which the industry is currently unprepared.
Timeline of Key Topics
Establishment of the Core Challenge: The conversation opened by challenging the notion that email security is a solved problem, given the founders' decision to launch a new company in the space.
The AI-Driven Threat Explosion: The discussion immediately pivoted to the 4000% increase in attack volume and the shift from slow, rule-based defenses to fighting AI-powered fuzzing and sophistication with AI.
The Inadequacy of Incumbents: A technical argument was made that legacy, rule-based security architectures cannot effectively integrate LLMs, leading to the "carpenter versus gardener" analogy for system management.
LLMs as Context Engines: The guests detailed the necessity of LLMs to understand deep human context and language, which is vital to outpace adversaries who are iterating on phishing content faster than human analysts can write rules.
Threat Case Studies: Specific, high-stakes examples were introduced, including attacks from legitimate but compromised Fortune 50 domains and highly customized Business Email Compromise (BEC).
The Multi-Agent Architecture: The technical solution was explained, emphasizing the use of orchestrated LLM agents that piece together disparate low-signal data points to achieve emergent, zero-day detection.
Adversary's AI Facade: The conversation expanded to cover the frightening capability of adversaries to build entire, believable AI-generated facades (websites, LinkedIn profiles, etc.) to support single, targeted attacks.
Strategic Mission & Vision: The founders stated their ultimate goal: to make email-borne social engineering drop out of the top 10 threat lists, advocating for a centralized, data-sharing security model to give the "good guys the advantage."
LLM Development Best Practices: Practical advice for engineers was shared, focusing on orchestration over excessive fine-tuning and the careful management of LLM context as a scarce resource.
Recommended Professional Reading: The debrief concluded with a recommendation to review the CrowdStrike Global Threat Reports covering the democratization of advanced tactics via groups like Scattered Spider.
