IRONSCALES Debuts AI Email Security at RSAC

Enterprise email remains one of the most vulnerable attack surfaces, with phishing campaigns becoming more sophisticated and personalized through the use of generative AI. Traditional security tools have operated in a reactive loop: identify a threat, analyze it, and then respond. IRONSCALES, an email security provider, is introducing a new approach at the RSA Conference aimed at breaking that cycle. The company is showcasing a proactive strategy centered on specialized AI agents and a fresh threat intelligence initiative.

This strategic shift moves IRONSCALES beyond simple detection toward a model of preemptive security. The goal is to simulate and model potential attacks before they ever reach an inbox, rather than documenting them after a breach occurs.

A key component of this new direction is the “Email Attack of the Day” series launching at the conference. This intelligence feed leverages anonymized data from over 17,000 customer organisations within the IRONSCALES network. It functions by identifying emerging real-world email threats, publishing them with detailed technical analysis, and arming security teams with the knowledge to spot novel tactics early. While threat advisories are common in the industry, IRONSCALES positions this series as integral to its vision for Phishing 3.0 defences, where intelligence directly enhances adaptive detection systems instead of remaining in an isolated report.

The core of the demonstration focuses on three specialized AI agents released in the Winter 2026 platform update: Red Teaming, Phishing SOC, and Phishing Simulation. According to company strategist Audian Paxson, these are purpose-built AI agents, designed specifically for security tasks rather than being adaptations of a general-purpose large language model. This architecture is intended to more efficiently encode deep, domain-specific expertise.

The Red Teaming agent conducts ongoing reconnaissance on an organization’s digital footprint, scanning social media, executive communications, and organizational charts. It uses this data to generate customized attack simulations, which then train the platform’s detection models. This process aims to fortify defenses against highly targeted spear-phishing campaigns crafted for that specific entity.

When a suspicious email evades initial filters, the Phishing SOC agent takes over. It automates the forensic investigation, examining multiple investigative tracks to deliver a verdict equivalent to a Level 2 analyst’s assessment in minutes. For security teams and managed service providers handling high volumes of alerts, this automation can reclaim hours of manual work each day.

Completing the loop is the Phishing Simulation agent. It utilizes the reconnaissance data from the Red Teaming agent to create hyper-personalized training simulations. Instead of deploying generic phishing templates, it targets high-risk employees with scenarios based on real open-source intelligence and delivered in their native language, making security awareness training far more relevant and effective.

These developments arrive amid a rapidly escalating threat landscape. Recent industry data paints a stark picture: 88% of organizations report experiencing AI-powered security incidents in the past year, and over 82% of analysed phishing emails show signs of AI assistance. The economics of attack have shifted dramatically; generative AI can now produce a highly effective phishing campaign in minutes with a few prompts, a task that previously required skilled human effort over many hours.

The agenda at RSAC 2026 itself underscores this urgency, with a major focus on Agentic AI and securing autonomous systems. The industry conversation has clearly moved from debating AI’s impact to racing for defensive solutions.

Beyond the AI agents, the Winter 2026 release includes integrated email encryption for outbound messages, addressing compliance needs through both policy-based and user-initiated modes. It also enhances the company’s existing deepfake protection for Microsoft Teams. The improved voice detection can now learn individual voice patterns passively from regular meetings, identifying impersonation attempts even without video. This expansion is critical, as deepfake-driven fraud reportedly surged over 700% in one year, and a majority of organizations have faced a deepfake attack attempt.

IRONSCALES frames its entire approach as a closed-loop security architecture. Reconnaissance informs detection, detection findings guide training, and trained users improve overall threat recognition. CEO Eyal Benishti emphasizes that unlike some competitors who use external data primarily for training, IRONSCALES feeds it directly into improving its core detection capabilities first.

The practical impact of this distinction will hinge on the agents’ performance across diverse, real-world environments. The email security market is competitive, with many vendors now promising preemptive protection. However, the architecture of specialized agents feeding a shared model trained on data from thousands of organizations presents a concrete and testable strategy for turning theoretical preemption into a practical defense.