Dispelling the Generative AI fear: how Cloudflare secures inboxes against AI-enhanced phishing

Email remains the largest attack vector for cybercriminals attempting to compromise organizations, with phishing attacks continuing to be prevalent due to their ubiquity in business communication. The advent of large language models (LLMs) has led to new applications of generative AI capabilities, including creating more authentic phishing content. LLMs can enhance phishing emails by translating and revising them into more superficially convincing messages or by writing personalized, organizationally-authentic messages using harvested data from compromised accounts. Business Email Compromise (BEC) attacks are particularly devastating financially and benefit from LLMs to make their messages sound more authentic. However, these AI-generated emails still rely on users performing an action that can't be easily spoofed, and they contain other signals like sender reputation and metadata. With the right mitigation strategy and tools in place, organizations can reliably stop LLM-enhanced attacks.