A few months ago, I wrote about the Phishing Renaissance and how AI hasn't invented new attack types so much as perfected the classics. Credential theft, vendor impersonation, executive fraud. Same playbook, exponentially better execution.
Then we commissioned Osterman Research to see if the data backed up what we were seeing across our customer base. And of course... it did. 88% of organizations hit by trust-exploiting attacks in the past 12 months. More than a third saw attackers successfully impersonate trusted vendors. And 60% said they lack confidence in their ability to counter deepfake attacks, even with training programs in place.
Sixty percent. With training programs already in place.
That tells you the problem isn't awareness. The tooling hasn't kept up.
"Legacy email protections won't help organizations defend against AI-powered phishing attacks. Secure email gateways (SEGs) and email security solutions designed to look for malicious links, weaponized attachments, and account impersonations are too blunt an instrument to recognize the subtle indicators of modern and still emerging AI-powered attacks."
Osterman Research, Rebuilding Trust in Digital Communications, Page 15
Our CEO, Eyal Benishti, made the case in his post on restoring trust in business communications: when identity itself becomes the attack vector, reactive detection isn't enough. You need to get ahead of it.
That's exactly what the Winter '26 release is built to do.
Look, every email security solution on the market does the same thing: waits for an attack and reacts.
Speed varies. The model doesn't.
That's the problem when every attack is unique, every lure is personalized, and every campaign is built from scratch, autonomously. Welcome to Phishing 3.0.
We built three AI agents to break the cycle.
One anticipates. One investigates. One educates.
Here's the important distinction. Our Adaptive AI already learns from attacks across 17,000+ organizations. That's broad, general protection. Our Red Teaming Agent trains it on attacks designed specifically for yours. General plus personalized. That's the model.
Two additional capabilities round out this release.
Email Encryption brings outbound protection into the platform. Most organizations have some form of encryption policy, but the enforcement is either too aggressive (block everything that triggers a keyword) or too passive (hope employees remember to click the "encrypt" button). Our Adaptive AI reads the context of outbound messages and applies encryption surgically, based on what's actually in the message and where it's going. Sensitive content gets encrypted automatically. Everything else flows normally.
Deepfake Protection Enhancements extend our integrated Microsoft Teams protection with voice analysis and zero-touch enrollment. We're still the only email security vendor with built-in deepfake protection, and we're building on that lead. Most standalone deepfake tools rely heavily on artifact detection, looking for visual or audio glitches that give away a synthetic source. That works until the generation quality improves (and it improves fast). We layer behavioral and biometric analysis on top of identity verification, so protection doesn't degrade as the fakes get better. This release adds audio baselining so impersonation attempts get caught even when cameras are off, and automatic profile learning eliminates enrollment friction so protection scales with your organization.
This release reflects where we're going, not just what ships today. We'll be adding capabilities monthly, and the three-agent architecture gives us a foundation to keep pushing preemptive security forward.
If you want to dig deeper into how the agents work together, visit our agents page for the full breakdown.
And if you're heading to RSA Conference later this month, come find us. We'll have live demos running so you can take a test drive for yourself. I promise it's more interesting than another booth with a spinning prize wheel.
See you there.