AI-Powered Phishing Has Overwhelmed Legacy Email Security: What the Osterman Research Report Means for Organizations Managing Sensitive Data

Your email security gateway is not protecting you. It is giving you a false sense of security while AI-powered attacks walk through the front door.

That is the central finding of a new research report from Osterman Research, commissioned by IRONSCALES, titled Restoring Trust in Business Communications. The study surveyed 128 cybersecurity decision-makers and delivers a verdict that should force every organization managing sensitive client data — accounting firms, financial services, legal practices, healthcare providers — to rethink their entire approach to secure communications.

Eighty-eight percent of organizations experienced at least one security incident that undermined trust in digital communications over the past 12 months. Not a hypothetical risk. Not a projected vulnerability. A documented incident rate that confirms what many security professionals already suspect: the detect-and-block model of email security has failed.

5 Key Takeaways

1. AI-Powered Phishing Has Broken the Detect-and-Block Model. Osterman Research found that 88% of organizations experienced at least one security incident that undermined trust in digital communications in the past 12 months. AI-generated phishing now produces messages with perfect grammar, contextually relevant content, and convincing impersonation that legacy email security tools were never designed to catch. The detection model does not work when there is nothing detectably wrong with the message.
2. Deepfake Attacks Are Here — and Security Teams Are Not Ready. Sixty percent of cybersecurity decision-makers lack confidence in their ability to counter deepfake attacks. Attackers combine AI-generated email with deepfake voice and video of executives to authorize wire transfers and bypass verification protocols. Security awareness training is proving ineffective, with 38% rating it moderately effective or worse against deepfake audio and 39% against deepfake video.
3. Finance Teams Are the Top Target — and the Least Prepared. Fifty-nine percent of organizations rate finance departments as high or extreme priority targets. That same 59% express high concern about finance teams’ readiness to defend against trust-based attacks. Business Email Compromise costs an average of $125,000 per incident, and the attacks grow more sophisticated every quarter.
4. The Threat Curve Has Reset — and the Worst Is Still Coming. Organizations are already being breached at alarming rates, yet respondents believe AI-enhanced attacks have not reached full maturity. Twenty-eight percent say AI-generated phishing is just getting started. The current 88% breach rate represents the floor, not the ceiling.
5. Organizations Are Ready to Replace Their Entire Stack. Seventy percent of organizations consider detecting deepfake audio impersonation extremely important. Sixty-eight percent are willing to change email security vendors entirely. Seventy percent are willing to replace their entire security technology stack.

The Threat Curve Just Got Reset

“The threat curve just got reset,” said Michael Sampson, Principal Analyst at Osterman Research. “Even ‘solved’ attack types like phishing and business email compromise have become immature again. BEC attacks from 2025 bear little resemblance to those from 2020 — they’re now hyper-personalized, multi-channel, and can be launched autonomously at scale.”

AI has eliminated every signal that employees and security systems relied on to identify malicious emails. Grammar errors are gone. Suspicious sender addresses are gone. Generic language is gone. AI-generated phishing produces messages with perfect syntax, contextually relevant content drawn from public sources like LinkedIn and company websites, and personalization that mimics legitimate business communication down to tone and formatting.

Traditional email security tools — Proofpoint, Mimecast, Barracuda, Microsoft 365 Advanced Threat Protection — operate on a detect-and-block model. They analyze incoming email using signature databases, reputation scoring, sandboxing, and machine learning to identify malicious content before it reaches the inbox. When the distinguishing features between phishing and legitimate email disappear, the detection model collapses.

And the sophistication is accelerating. Twenty-eight percent of respondents say AI-generated phishing is just getting started. Twenty-five percent say deepfake audio attacks are in early stages. The 88% breach rate organizations experience today is happening before these attack vectors reach full maturity.

Deepfakes Have Weaponized Trust

AI-powered attacks are no longer limited to email. Threat actors combine phishing emails with deepfake voice calls and video to create multi-channel impersonation attacks that defeat every traditional verification method.

An employee receives an email from the CEO requesting an urgent wire transfer. The email looks legitimate. The employee calls the CEO to verify. The voice on the other end is an AI-generated deepfake. The wire transfer goes through. The money is gone. This is not hypothetical. It is happening. And 60% of cybersecurity decision-makers lack confidence in their ability to counter it.

Security awareness training is proving inadequate. Nearly one in five security leaders consider training ineffective against AI-enhanced threats. Thirty-eight percent rated training as only moderately effective or worse for detecting deepfake audio, 39% for deepfake video, and 43% for AI-generated phishing. You cannot train humans to detect attacks designed to be indistinguishable from legitimate communications.

Finance Teams: Highest-Value Target, Lowest Confidence

Fifty-nine percent of organizations rate finance teams as high or extreme priority targets for threat actors. That same 59% express high concern about those teams’ readiness to defend against trust-based attacks. Business Email Compromise targeting finance departments costs an average of $125,000 per incident according to FBI IC3 data — before regulatory fines, legal costs, and reputational damage.

Vendor impersonation is growing rapidly. More than 33% of organizations saw threat actors masquerade as trusted vendors to steal funds or information in the past year, with 13% reporting major increases year over year. For accounting firms, financial services companies, and legal practices, one successful attack against a firm managing client financial data can destroy decades of relationship building. The convergence of high-value targets and low defensive confidence is precisely the gap attackers exploit.

Why Legacy Email Security Cannot Be Fixed

Email was never designed for security. SMTP allows sender spoofing, lacks built-in authentication, and transmits data over channels that can be intercepted. Every email security tool is a patch on a protocol that was never built for the task.

Detection requires a signal to detect. When AI generates phishing emails that are grammatically perfect and structurally identical to legitimate email, there is no signal. Signature-based detection, reputation analysis, and behavioral analysis all depend on identifying anomalies. AI-generated attacks produce no anomalies.

Reactive architectures cannot outrun proactive attackers. AI enables threat actors to generate unique, polymorphic variations of each attack and deploy them at scale faster than any vendor can update detection models.

Sampson put it directly: “Legacy email protections are too blunt an instrument to recognize the subtle indicators of modern AI-powered attacks.”

From Detect-and-Block to Verify-and-Control

The answer requires a fundamental rethinking of how organizations handle sensitive communications. Instead of trying to detect malicious content in an inherently insecure channel, organizations need a communications architecture that eliminates the attack vector entirely — built on identity verification and access control rather than content inspection.

Authenticated communications only. Every message requires verified sender identity through multi-factor authentication and digital signatures. Executive impersonation — the number one AI phishing tactic — becomes impossible.

Out-of-band verification. High-risk transactions require multi-party approval through independent verification channels. Even with compromised credentials, attackers cannot complete fraudulent transactions.

End-to-end encrypted communications. Sensitive data moves through a private, encrypted network using TLS 1.3 and FIPS 140-3 validated cryptography — never through SMTP protocols.

Granular access controls. Data access operates on a need-to-know basis with time-limited permissions, device restrictions, and geolocation controls.

Complete audit trails. Every action is logged for compliance evidence, anomaly detection, and forensic investigation.

What This Means for Firms Managing Sensitive Client Data

Accounting and CPA firms face AI-powered phishing targeting tax season — fake IRS communications, client impersonation, W-2 theft. A secure client portal with authenticated, encrypted channels eliminates email as the attack vector. Client identity verification through MFA, approval workflows for high-risk requests, and complete audit trails provide documentation for professional liability protection and IRS Publication 4557 compliance.

Financial services firms face AI-powered CEO fraud and customer impersonation with regulatory exposure under GDPR, DORA, NIS2, and PCI DSS. Verified customer communications, multi-party approval workflows, and built-in compliance controls address multiple frameworks from one platform.

Legal and professional services firms face attorney impersonation and privileged information theft. Encrypted, authenticated communications preserve attorney-client privilege. Information barriers enforce ethical walls. Audit trails document chain of custody for litigation and regulatory investigations.

Healthcare organizations face patient impersonation, provider fraud, and HIPAA violations from email breaches. HIPAA-compliant encrypted channels, patient identity verification through MFA, and secure provider communications eliminate email as the PHI transmission vector.

Kiteworks: Zero-Trust Communications That Eliminate the Attack Vector

This is the problem the Kiteworks Private Data Network is built to solve.

Kiteworks does not try to detect AI-powered phishing in email. It provides a fundamentally different communications architecture that eliminates the attack vector entirely. Instead of scanning for malicious content in an inherently insecure protocol, Kiteworks verifies identity and controls access before any communication occurs.

Secure email gateways from Proofpoint, Mimecast, and Barracuda rely on detecting malicious content — an approach that fails when AI-generated attacks produce no detectable anomalies. Microsoft 365 Advanced Threat Protection remains locked in the detect-and-block model. Security awareness training depends on human judgment against attacks designed to be indistinguishable from legitimate communications. Kiteworks replaces all three with a verify-and-control architecture where all unauthenticated communications are blocked by design.

For CISOs, it is the zero-trust communications architecture that eliminates impersonation attacks. For CFOs, it is the control framework that prevents $125,000 BEC incidents before they start. For compliance officers, it is the audit trail that satisfies regulators when 82% of organizations report heightened threat actor interest in exploiting trusted communications.

The Window Is Closing

AI-powered attacks have breached 88% of organizations. The attacks have not reached full maturity. Deepfake capabilities are still in early stages. Legacy email security tools cannot keep pace, and security awareness training cannot compensate for threats designed to be invisible.

Organizations that move to a zero-trust communications architecture now will eliminate the email attack vector, protect sensitive client data, and preserve the client trust their businesses depend on. Organizations that wait will discover their gap through the next AI-powered attack their legacy tools cannot stop.

Email can no longer be trusted for sensitive business communications. The question is whether your organization will adopt a secure alternative before the next attack finds the gap your current tools cannot close.

To learn how Kiteworks can help, schedule a custom demo today.

Additional Resources

• Blog Post Zero Trust Architecture: Never Trust, Always Verify
• Video Microsoft GCC High: Disadvantages Driving Defense Contractors Toward Smarter Advantages
• Blog Post How to Secure Classified Data Once DSPM Flags It
• Blog Post Building Trust in Generative AI with a Zero Trust Approach
• Video The Definitive Guide to Secure Sensitive Data Storage for IT Leaders