When Aparna Pappu, vice president and general manager of Google Workspace, spoke at Google I/O on May 10, presented a vision for artificial intelligence that helps users wade through their inbox. Pappu showed how AI can whisper summaries of long email threads into your ear, pull relevant data from local files while dancing through unread messages together, and dive to the ground while suggesting insertable text. Welcome to the inbox of the future.
While the details of how it will arrive remain unclear, generative AI is poised to fundamentally change the way people communicate through email. It was a key part of what we used to secure Gmail, Pappu tells WIRED.
A few wrong clicks on a suspicious email can compromise your security, so how does machine learning help deflect phishing attacks? Neil Kumaran, product lead at Google who focuses on security, explains that machine learning can examine the phrasing of incoming emails and compare it to past attacks. It can also flag unusual message patterns and sniff out any weirdness emanating from the metadata.
Machine learning can do more than flag dangerous messages as soon as they appear. Kumaran points out that it can also be used to track people responsible for phishing attacks. He says, Upon account creation, we do assessments. Let’s understand, does it seem that this account will be used for malicious purposes? In case of a successful phishing attack on your Google account, artificial intelligence is also involved in the recovery process. The company uses machine learning to help decide which login attempts are legitimate.
How do we extract intelligence from user reports to identify attacks that we may not be aware of, or at least begin to model the impact on our users? asks Kumaran. Google’s answer, like the answer to many questions in 2023, is more AI. This AI instance isn’t a flirtatious chatbot teasing you with long, late-night exchanges; he’s a burly bouncer who kicks shakers with his algorithmic arms crossed.
On the other hand, what’s instigating even more phishing attacks on your inbox? I’ll give you a guess. First letter A, last letter I. For years, security experts have warned about the potential for AI-powered phishing attacks to overwhelm your inbox. It’s very, very difficult to detect AI with the naked eye, whether by dialect or by URL, says Patrick Harr, CEO of SlashNext, a messaging security company. Just like when people use AI-generated images and videos to create sufficiently convincing deepfakes, attackers can use AI-generated text to personalize phishing attempts in a way that is difficult for users to detect.
Several companies focused on email security are working on models and using machine learning techniques in an effort to further secure your inbox. We take the incoming body of data and do what’s called supervised learning, says Hatem Naguib, CEO of Barracuda Networks, an IT security firm. In supervised learning, someone adds labels to a piece of email data. Which messages are likely to be safe? What are suspects? This data is mined to help a company report phishing attacks with machine learning.
It’s a valuable aspect of phishing detection, but attackers continue to look for ways to bypass protections. Last year a persistent scam about a concocted Yeti Cooler gift slipped through filters with an unexpected type of HTML anchor.
Cybercriminals will remain intent on hacking into your online accounts, especially your business email. Those using AI may be better able to translate their phishing attacks into multiple languages, and chatbot-style applications can automate parts of the messages back and forth with potential victims.
Despite all possible AI-enabled phishing attacks, Aparna Pappu remains optimistic about the continued development of better and more refined security protections. You’ve lowered the cost of what it takes to potentially attract someone, she says. But, on the other hand, thanks to these technologies we have developed greater detection capabilities.
#protects #attacks #mailbox