Update: Republished on April 10 with a report into a new attack designed to defeat existing security techniques and to deliver high-value outcomes.
Gmail needs a rethink, as do Outlook, Apple Mail, and other email platforms. The driver for this is AI — and not in a good way. Symantec, Cofense and most recently Hoxhunt warn that unbeatable AI attacks are now inevitable, as the best known large language models (LLMs) design, develop and even execute attacks. But Gmail users also face a more immediate decision, given a critical problem with its most recent updates.
Hoxhunt says “AI agents can now out-phish elite human red teams, at scale,” which means mass customization as spear phishing attacks tailored to a particular victim become the norm. Google, Microsoft and others say they catch “more than 99%” of the spam, phishing and malware targeting inboxes. And yet millions of messages still get through before today’s trickle of AI attacks becomes an unstoppable tidal wave.
And it isn’t just AI making email threats more potent and hard to detect, such is the non-stop procession of security and captcha-style verifications, that attackers are now turning these against us, finding ways to exploit this for their own purposes.
That’s the latest warning from Cofense, which has just reported on a novel and crafty new technique that “levels up their credential phishing tactics using Precision-Validated Phishing, a technique that leverages real-time email validation to ensure only high-value targets receive the phishing attempt.”
This is why I’ve argued email needs a fundamental change, not evolutionary add-ons. A change to better replicate the immediacy and brevity of the messaging platforms pulling users away from email, both in and out of the workplace. A change to leverage private and secure on-device filtering and threat defense. And a change with security built in, not added on. Again, as we now expect from other comms platforms.
Email can’t be adjusted to fit, it needs that rethink. And while many of Gmail’s recent innovations are welcomed — enhanced sender authentication, cloud-based AI filtering, and (in development) shielded addresses, its two most recent updates show the challenge in building on what we have today.
This month, Google confirmed it is “making end-to-end encrypted emails easy to use for all organizations” which use Gmail. This delivers the table stakes security we rely on with voice and video comms and with messaging. But it’s harder with email’s wide open architecture. That’s why this change is coming first to enterprises.
Ars Technica and others have qualified the excitement that quickly followed Google’s game-changiung announcement: “Gmail unveils end-to-end encrypted messages. Only thing is: It’s not true E2EE.” The reason being that the keys protecting the secure email traffic sit within the client-side infrastructure, not within the actual “end.”
As Ars Technica warns, “the new feature is of potential value to organizations that must comply with onerous regulations mandating end-to-end encryption. It most definitely isn’t suitable for consumers or anyone who wants sole control over the messages they send. Privacy advocates, take note.”
True end-to-end encryption (E2EE) sits within the client itself, managing key exchange between sender and recipient. The only way to deliver E2EE email is a walled garden such as Proton, which relies on manually password protecting emails sent outside.
With Meta’s third-party chats and GSMA’s RCS E2EE update, we will see (almost) full E2EE between different walled gardens. RCS “will be the first large-scale messaging service to support interoperable E2EE between client implementations from different providers.” There is no direct read across to email of course. But it moves the bar.
Gmail is secured with Workspace’s Client Side Encryption (CSE), which keeps an “organization’s data private with end-to-end encryption that Google servers and third parties can’t decrypt, giving [an] organization greater control over access to its data. CSE is especially beneficial for organizations that store sensitive or regulated data, like IP, healthcare records, or financial data,” not person-to-person comms.
And this brings us to the second innovation. AI-based relevancy search. Ten days before Gmail’s quasi E2EE, Google announced “Gmail is rolling out a smarter search feature powered by AI to show you the most relevant results, faster… Search results now factor in elements like recency, most-clicked emails and frequent contacts. With this update, emails you’re looking for are far more likely to be at the top of your search results.”
Using this is in itself a decision for users, given it lets AI loose on your data. On which, Google told me “our priority is respecting our users’ privacy while giving them choice and control over their data. To that end, this particular tool is one of the ‘smart features’ that users can control in their personalization settings.”
E2EE and AI search don’t work together, because they’re both wraps around a legacy comms architecture rather than one built for the world we live in today. Google confirmed to me that E2EE messages “are completely excluded” from AI search. “We do not have the key to decrypt, so we literally cannot read the message.”
That’s as it should be, but you can see the problem from a user perspective. Two new headline features don’t work together. Email is a fundamentally insecure platform to which we’re adding AI, and that AI comes with new privacy expectations that email can’t deliver. This is why so much enterprise and personal comms has moved from email to messaging. Cue that rethink and the decision you need to make.
And as you make that decision, whether to opt for privacy and security or AI, you now need to keep in mind the changing threat landscape. Per Cofense’s warning, new “precision-validated phishing” is one such new tactic to watch for. This is designed to frustrate those charged with keeping our inboxes safe from attacks, which is done by studying new techniques, probing at the attack ecosystems themselves, watching how they work and looking for better ways to stop them.
“The real-time validation process introduces multiple challenges for defenders,” Cofense says. “Cybersecurity teams traditionally rely on controlled phishing analysis by submitting fake credentials to observe attacker behavior and infrastructure. With precision-validated phishing, these tactics become ineffective since any unrecognized email is rejected before phishing content is delivered.”
Put simply, when a phishing webpage is clicked on — which would normally come via an email in your Gmail or other inbox, the attack asks for the person’s email address. They can then check this against their database to rule out fake credentials that might imply a security analyst, and then the malicious phishing login is displayed. If the email doesn’t match one that’s expected, the page redirects to something more benign.
“Traditional credential phishing often involves mass email distribution,” Cofense says, “casting a wide net to capture as many victims as possible. In contrast, precision-validated phishing operates selectively, only engaging with email addresses that attackers have verified as active, legitimate, and often high-value.”
When added to the large-scale AI attacks now on the rise, the need for a redesign of the core platforms we use has never been greater.