Discussing AI, Threat Detection, and the Need for Simpler Mechanisms for Reporting Suspicious Activities

In this interview, the Field CTO of SlashNext, Stephen Kowski, talks about users receiving multiple threat alerts, impeding the identification of real threats. And the resourcefulness of automated tools that can handle the task, thereby preventing damage.  

Kowski elaborated how AI streamlines the process by identifying and blocking threats arising from emails, links, attachments, messages, etc., regardless of the number of alerts. He offered advice for good password hygiene and suggested opting for a master password. 

Read the complete interview for more information about impersonation and the method often used by the Black Basta ransomware group, BEC, multi-channel 3D phishing attacks, deepfakes, vishing, and more.

Vishwa: Please tell us about your journey to SlashNext and the areas of business that you focus on as the field CTO.

Stephen: I started as an email admin at a Fortune 150 company and then joined its cybersecurity team to hunt phishing and malware. I noticed users getting tired of so many warnings and beginning to ignore real attacks. 

That pushed me to vendors like SlashNext, where I advocate for automated tools that block threats before they reach inboxes.

As Field CTO, I bridge customers, product, marketing, and engineering—sharing feedback, explaining our tech, and making sure our solutions deliver real protection.

Vishwa: How is AI positively impacting email and messaging security with new and innovative solutions? 

Stephen: AI is making it much harder for bad actors to sneak in harmful emails or messages by spotting tricky threats that humans might miss. 

It can scan messages super fast, learn from new scams, and block dangerous links or attachments before they reach anyone’s inbox. This keeps people safer without slowing them down.

Vishwa: What is your advice to people who struggle with maintaining password hygiene?

Stephen: Use a password manager so you don’t have to remember every password — just one strong master password. Make sure each account has a unique password, and turn on two-factor authentication wherever you can. 

That way, even if someone guesses one password, they can’t get into your other accounts.

Vishwa: Being a double-edged sword, AI is also leveraged for cyber attacks. Could you shed light on how AI is used in cybercrimes that make the development and implementation of AI-based cybersecurity solutions more difficult?

Stephen: Bad actors use AI to create fake emails or messages that sound just like real people, making scams harder to spot. They can also automate attacks to target lots of people at once and quickly change tactics if they get blocked. 

This means security tools need to keep learning and adapting just as fast as the attackers do.

Vishwa: Please share instances of multi-channel/ 3D phishing attacks that you have come across. How are adversaries utilizing the features of 3D phishing to win the trust and dupe targets? What signs should users be looking for to identify 3D phishing attempts? 

Stephen: The classic multi-channel 3D phishing attacks typically begin with a BEC reconnaissance email urgently impersonating a leader asking for your mobile number, which moves the attack to a mobile device with text messaging, where attackers continue the social engineering attack without email security tools interfering. 

The Black Basta ransomware gang has advanced this technique by flooding inboxes with hundreds of legitimate ‘thank you for signing up’ notifications as a smokescreen, then contacting targets via Microsoft Teams or phone calls offering to "fix" the problem. 

This social engineering tactic aims to trick users into installing malicious files by creating a false sense of legitimacy across multiple communication channels.

Vishwa: What is your observation around the development of threats like social engineering, vishing, deepfakes, and others? 

Stephen: Scams are getting more personal and realistic, with attackers using voice calls, video fakes, and clever tricks to fool people. 

Deepfakes can make it look or sound like a trusted person is asking for sensitive information. People need to be extra careful and question unexpected requests, even if they seem to come from someone they know.

Vishwa: What can organizations do to prevent their employees from falling for scams initiated over email, SMS, and messaging apps like Slack, Microsoft Teams, Signal, and web browsers?

Stephen: Organizations should use tools that scan and block suspicious links and files across all channels, not just email. Regular training helps employees recognize scams and know what to do if they spot something strange. 

It’s also smart to have a simple way for people to report anything suspicious right away.

Vishwa: Please share about the solutions offered by SlashNext and its major milestones so far. What is the vision of the company for the next 5 years?

Stephen: Our long-term vision is to continue to put a bubble around the user, stopping attacks wherever a user might get phished. We want to focus on stopping threats before they reach users, using AI to detect scams across email, messaging, and web apps. 

The goal is to stay ahead of attackers by constantly updating protection and making it easy for organizations to keep their people safe everywhere they communicate. 

In the next five years, expect even smarter, faster protection that works seamlessly no matter where or how people connect.