Cyber experts warn: AI tools alone can't secure email against evolving threats

Email is perhaps the oldest digital tool in business, and still one of the riskiest. That was the consensus at Tuesday’s Gulf News Cyber Forum 2025,  at the Taj Exotica Resort & Spa, Palm Jumeirah, where cybersecurity heads from leading UAE enterprises agreed that even with advanced AI-enabled detection tools, email remains the top entry point for attackers.

Moderating the session, Faisal Khan, Associate Director of Information Security & Compliance at Dubai World Trade Centre, opened by noting that the threat landscape is changing rapidly. From phishing and credential theft to AI-generated spoofing and deep fake social engineering. “Attacks are evolving faster than traditional controls,” he said, urging organizations to rethink their email security posture.

For Jeevan Badigari, Head of Cybersecurity at Arada, the biggest vulnerability is not the technology but the human layer. Email, he explained, is unique because it relies on trust between individuals, not systems. “When a message appears to come from a CEO, partner, or financial authority, people assume it’s genuine. And that’s what attackers exploit,” he said. Badigari argued for continuous, culture-driven training that becomes “second nature,” rather than occasional awareness campaigns.

Attackers are also more polished, said Sukesh Govindan, CEO of TENX Properties, noting how AI has eliminated many of the red flags users used to rely on. “Grammar mistakes and crude messages are disappearing. Deep fakes and AI-crafted emails make social engineering harder to detect,” he warned. Technology is critical, he said, but “having the right tools is like having a good car; it’s useless if the driver lacks training.”

From a defensive standpoint, organizations must shift from traditional, signature-based email filters to behavioral analytics and AI-powered threat modeling, said Parthasarathy Muthukrishnan, Head of InfoSec at Deem Finance. “Legacy gateways can’t keep up,” he said. Modern solutions should detect anomalies such as urgent financial requests from unfamiliar domains, and “empower users to take the right action.”

But even the strongest controls must account for user experience, added Binoy Balakrishnan, Head of Information Security at AW Rostamani Group. “Security needs multi-layer defenses. But if they slow people down, productivity suffers,” he said. Clear communication and face-to-face briefings help users understand protection measures and build confidence.

As the panel concluded, one message was unanimous: email remains a battle that organizations cannot win with tools alone. Human judgment, contextual understanding, and continuous learning are now just as critical as the latest AI filters.