Secure Both Sides of the Inbox with AI-Driven Email Trust and Protection

Email remains the oldest digital workplace tool, yet it continues to be the most abused. With the emergence of AI, distinguishing between a genuine and a fake email has become increasingly difficult as attackers easily create a sense of urgency and familiarity. In a recent panel discussion, industry experts Lena Kannappan , Pavan Kushwaha, Karthik Kanakarajan, and Anand Thangaraju explored the “AI versus AI” landscape—pitting AI in the attack against AI in the defense— to uncover the truth about granular, infrastructural email security.

The Shift to Intent-Based Email Security

Traditional email security often relies on sender reputation, malicious payloads, and domain-based approaches like SPF and DMARC. However, Lena Kannappan, CISO at Healthcare Triangle Inc., advocates for a move toward intent-based email security. This technological shift analyzes behavioral patterns, communication context, and anomalies to determine the underlying reason a message was sent.

Lena Kannappan highlights that this approach is vital for the detection of zero-day attacks and sophisticated social engineering. In a healthcare setting, intent-based security is critical for protecting Protected Health Information (PHI) and Electronic Health Records (EHR) from ransomware, which is a significant threat to the industry. By identifying impersonation patterns, this technology prevents disruptions to clinical workflows that could otherwise lead to patient safety issues. While Lena notes that challenges remain in integrating these newer tools with existing SOC environments, she views this as the necessary road map for mid-to-large-scale hospitals.

Reshaping Domain Protection with Real-Time DMARC

Many security teams struggle with the frustration of traditional DMARC reports arriving 24 to 48 hours late, often containing only aggregated data. Pava Kushwaha , CEO of Threatcop, explains that a major drawback of the traditional protocol is its inability to uncover the specific email ID a hacker used for email spoofing.

Real-time DMARC reshapes this landscape by providing visibility within 56 to 70 seconds. According to Pavan, this allows organizations to:

• Uncover the exact email ID used to spoof VIP users and employees.
• Correlate the specific channels from which these spoofing attempts originate.
• Integrate with existing solutions to automatically block users involved in account takeovers.
• Maintain control and stop malicious emails even if they are delivered from external SMTP servers like SendGrid or AWS.

Strengthening Identity and Integrated Governance

As inbound filtering becomes stronger, attackers often shift their focus toward compromised internal identities and trusted infrastructure. Karthik Kanakarajan, Associate Director at Cognizant, notes that roughly 85% of generative AI-based phishing attacks are now AI-generated, making traditional scanning insufficient.

He emphasizes that security teams must rethink the ownership between email security, identity, and domain governance. Karthik recommends a collaborative, zero-trust approach that includes:

• Role-Based Access Control (RBAC) and Privileged Access Management (PAM) to ensure admin accounts are separated and strictly authenticated.
• LLM content filtering within email security tools to detect AI-generated threats.
• Utilizing BIMI to provide verified brand logos and checkmarks, which acts as a game-changer for verified communication.
• Ensuring that email security data feeds directly into SIEM (Security Information and Event Management) platforms for continuous monitoring.

The Role of AI in Decision-Making

A critical point of debate for CISOs is whether to fully trust AI-driven decisions or maintain manual intervention. Anand Thangaraju, CISO at Eulse, expresses his belief that security should ideally be fully automated—comparable to the “invisible” security built into an iPhone. He suggests that the goal is a system where humans do not make individual security decisions but instead “nudge” the system to react and adapt.

However, the panelists agreed on a tiered strategy for trusting AI:

• Automate Low-Impact Tasks: Anand Thangaraju recommends happily automating “low-hanging fruit” that carries minimal risk to infrastructure or reputation.
• Governance and Intent Monitoring: Anand Thangaraju warns that because AI systems themselves can be attacked, humans must maintain a governance layer to monitor the “intent” of the AI agents.
• Human-in-the-Middle: Lena Kannappan argues that for high-stakes sectors like healthcare, a “human-in-the-middle” approach remains essential to ensure safety.
• Residual Risk Analysis: Karthik Kanakarajan concludes that the level of automation should depend on the residual risk and the criticality of the specific threat actor involved.

Conclusion

Ultimately, the panel concluded that legacy infrastructure is no longer sufficient against autonomous, AI-driven attacks. Security must evolve as fast as AI, moving toward real-time, behavior-based analysis to secure both sides of the inbox.