Security has always relied on signal.
A suspicious link, a known domain or a recognizable pattern. Something that stands out enough to be flagged, analyzed and blocked. That model worked when attacks were constrained by effort. When creating a convincing phishing email required time, skill, and some level of reuse. Patterns existed because attackers needed them to scale.
Now, AI has removed the effort required to generate attacks. Messages can be created instantly, tailored to a specific person, role and moment. They don’t need to reuse templates or to follow known structures when every interaction can be unique.
Detection systems are designed to recognize what they’ve seen before. Even advanced behavioral models rely on some form of repetition or deviation from a baseline. When every message is new, and when it closely mirrors legitimate communication, there is no clear signal to isolate, because nothing looks wrong.
Messages start arriving that pass authentication, align with existing workflows and feel consistent with how business is conducted. They don’t trigger alerts because they don’t match the conditions those systems are looking for.
The problem is that security tools are working against a version of the threat that no longer exists. Layering more tools on top of this model doesn’t solve the issue. It reinforces the same dependency on signal, just across more systems. The result is complexity but without the clarity.
What’s needed now is a shift in how detection is approached. Recognition alone is no longer enough; security needs to move toward reasoning. Understanding the context of an interaction, how it fits within expected behavior and whether the intent behind it aligns with legitimate activity.
This is a different problem to solve, one that requires visibility beyond the initial email and the ability to evaluate how an interaction evolves once a user engages. The question is no longer whether an email looks suspicious, but rather whether anything in your environment can identify risk when nothing appears out of place.
