Proofpoint, one of the world’s largest email security firms, has identified a new class of threats called AI-agent phishing. Instead of tricking people, attackers are now embedding malicious instructions directly inside emails, hidden from human view but readable by AI systems like Microsoft Copilot, Google Gemini, or any enterprise agent that processes email automatically. When we use agentic systems to act on our email (summarizing, scheduling, or drafting), they may unknowingly execute those hidden prompts sending confidential data, approving a fraudulent request, or even creating a backdoor for more attacks. Continue Reading →