ChatGPT and generative AI have made life difficult for security teams. Simply by writing a brief prompt, a wannabe hacker can generate a phishing email template in seconds, which they can send off to countless unsuspecting users until one makes the mistake of clicking on a malicious link or attachment. 

Email security provider SlashNext is looking to fight AI with AI. BEC Generative AI, its new patent-pending solution, is designed to help identify and block scam messages generated by ChatGPT and other AI models. 

BEC Generative AI uses AI data augmentation and cloning technologies to automatically generate thousands of potential business email compromise (BEC) threats. SlashNext’s existing Human AI solution then analyzes these with natural language processing to learn how to better detect malicious emails.  

While SlashNext claims the solution is the first in the industry to use generative AI to stop BEC attacks, more broadly, the release demonstrates how generative AI can play a positive role in the data security landscape — in this case, by enhancing the detection of phishing emails and social engineering scams, which result in so many data breaches. 

How generative AI is revolutionizing phishing 

The release comes as phishing scams are on the rise following the release of ChatGPT in November, with Vade finding 278.3 million unique phishing emails in Q4 2022, compared to 74.4 million in Q3 2022. 

These attacks are incredibly popular because they’re low-effort and high-reward. For instance, an individual can create a fake Office 365 login form, send out a phishing email template to unsuspecting users and harvest their account details when they attempt to log in. 

For both end-users and security teams, it’s also very time-consuming to review each email and determine if the content is legitimate. In fact, research finds that 70% of organizations spend anywhere from 16-60 minutes dealing with a single phishing email. 

If a user succumbs to fatigue and takes a scam at face value just once, they may cause a data breach that can cost millions. With generative AI use on the rise, the volume of threats employees are exposed to is only going to increase.

“Generative AI is already being used by threat actors to automate thousands of uniquely tailored phishing messages. What’s more, it can create thousands of variations of those messages to further increase their success rate,” said Patrick Harr, CEO of SlashNext. 

“Large language models such as GPT-3 are freely available, and bad actors are very quick to take advantage of any new tool that allows them to increase their volume of attacks while reducing the time, effort and cost involved. It’s a win-win for the threat actors, and the security community must be prepared to fight AI with AI,” Harr said.

While an uptick in scams created by generative AI presents new challenges, organizations can look to use AI themselves to automate and upscale their security operations, ensuring they are prepared to detect AI-generated malicious content at speed.

The email security market 

SlashNext’s solution falls within the cloud-based email security market, which Mordor Intelligence valued at $762.82 million in 2020 and expects will reach a value of $1,246.99 million by 2026. 

One of SlashNext’s main competitors is Abnormal Security, an AI-driven email security provider offering a platform that uses AI to assess incoming issues and compare them to a user’s baseline activity. The platform can then identify anomalous communications that indicate BEC attempts and phishing scams, automatically remediating malicious emails so human users don’t need to.

Last year Abnormal Security achieved a $4 billion valuation. 

Another competitor is cloud email security provider Avanan, which offers an API-based solution with natural language processing and image recognition that it claims can identify phishing emails with a 99.2% reduction rate. Check Point acquired Avanan for approximately $300 million in 2021. 

Harr argues that the key differentiator between SlashNext and its competitors is the accuracy of its zero-hour threat detection.

“SlashNext is the only company to combine natural language processing, computer vision, machine learning, deep contextualisation and relationship graphs, … file attachment inspection and sender impersonation analysis into one solution for the best, most accurate zero-hour threat detection in the industry,” Harr said.