Cybersecurity, for many years, has functioned on an obvious assumption that attacks repeat themselves. For instance, if a phishing email works once, it will work again. Simply put, catch it, study it, write a signature, update the model — and block the next wave. What if there is no next wave? What happens when every malicious email is now uniquely written by AI, personalised at scale, and never seen before? In the recent episode of The Security Strategist podcast, host Richard Stiennon spoke with Alan LeFort, CEO of @StrongestLayer-p6q and Eric Sanchez, CISO at a Global Law Firm, about how generative AI is reshaping email security — and why many traditional defences may already be obsolete. Why is Email the Open Door to Attacks? Stiennon questions what many security leaders tacitly ask – If most enterprises run on Microsoft’s ecosystem, why does a separate email security market even exist? LeFort responds, stating that attackers are economically rational. They go where entry is cheapest and easiest. For decades, email has been that open door. However, the industry has changed. First came secure email gateways built on rules and regex. Then, machine learning systems are trained to distinguish “normal” from “abnormal.” Both improved detection rates and both reduced risk. But both depend on historical data. They need to have seen an attack before to stop it again. Generative AI is believed to have changed that. It enables attackers to create perfectly written, highly personalised phishing emails at near-zero cost. According to a study from the Harvard Kennedy School, AI-generated phishing achieved a 54% click rate among trained employees — more than four times the baseline. Even more concerning, the cost of crafting those emails dropped from roughly $15–$20 in labour to just a few cents. That economic shift is seismic. When every email can be unique, the pattern is difficult to spot, signatures are not updated, and a “previous attack” to learn from is nonexistent. Key Takeaways AI-generated attacks break detection models that rely on past patterns. Email remains the easiest and most economical entry point for attackers. Traditional tools force security teams into a reactive cycle. Effective AI defence must evaluate context, not just rules. Automation is now as critical as detection accuracy. Stopping the first and only attack is the new security standard. Chapters 00:00 Introduction to Cybersecurity and AI's Role 03:00 The Email Security Landscape and AI's Impact 05:49 Understanding Alert Fatigue and Its Consequences 08:52 Innovative Approaches to Email Security 11:48 The Necessity of AI in Modern Security 14:55 Future Priorities for Security Leaders 17:57 Conclusion and Key Takeaways #EmailSecurity #AICybersecurity #GenerativeAI #Phishing #B2BSecurity #EnterpriseSecurity #CyberAttack #SecurityStrategist #StrongestLayer #AlertFatigue #CISO #TechPodcast #InfoSec #cyberdefence Follow us for more B2B Tech Podcasts on @enterprisemanagement360 For more information, visit strongestlayer.com and em360tech.com. Follow: @EM360Tech on LinkedIn and X https://www.linkedin.com/company/em360/?originalSubdomain=uk StrongestLayer LinkedIn: https://www.linkedin.com/company/strongestlayer/ StrongestLayer X: @StrongestLayer-p6q https://x.com/strongestlayer

Can Your Observability Stack Handle 24/7 Agentic Query Volume?
21 views

Agentic AI is changing Cybersecurity in 2026
22 views

Coding Agents are an identity problem in 2026
20 views

Claude Mythos and the future of cybersecurity
29 views

AI Hype vs Reality: What Security Leaders Are Getting Wrong
23 views

Why Most Enterprise AI Investments Fail to Deliver ROI
25 views