IRONSCALES introduces AI email agents and threat intelligence at RSAC.

      The inbox has historically been the weakest point in enterprise security. As phishing attempts become increasingly sophisticated, personalized, and driven by generative AI, the defenses aimed at stopping them are caught in a reactive loop: waiting for an attack, analyzing it, and then responding. Atlanta-based email security provider, IRONSCALES, believes that this cycle is on the verge of being disrupted.

      In advance of this week’s RSA Conference in San Francisco, the company introduced a new threat intelligence initiative accompanied by live demonstrations of three AI agents included in its Winter 2026 platform release. These initiatives signify IRONSCALES' aim to transition from solely being a detection vendor to a more proactive security partner, one that anticipates attacks rather than simply cataloging them afterward.

      Details of the new intelligence series

      The “Email Attack of the Day” series, which IRONSCALES is launching at RSAC 2026, utilizes anonymized threat data from its network of over 17,000 customer organizations. The idea is simple: to highlight real-time email attack patterns as they arise, provide technical context, and equip security teams with insights to detect new tactics before they spread.

      While not a groundbreaking format—other vendors also routinely issue threat advisories and campaign analyses—IRONSCALES positions this series as a supportive element of its broader strategy, referred to as “Phishing 3.0” defenses. This approach integrates intelligence directly into adaptive detection rather than isolating it in a separate research domain.

      Overview of the three AI agents

      The highlight of the RSAC demonstrations will be the three AI agents introduced by IRONSCALES in its Winter 2026 release: Red Teaming, Phishing SOC, and Phishing Simulation. Each agent is tailored for specific functions rather than being built on a general-purpose large language model. Audian Paxson, the company’s principal technical strategist, noted that this design is more effective for embedding domain-specific knowledge.

      The Red Teaming agent conducts ongoing reconnaissance of an organization’s public presence, examining various elements from social media to executive communications and organizational charts. It then generates customized attack simulations and incorporates these into the platform’s detection models, aiming to fortify defenses against specific phishing schemes targeted at that organization.

      The Phishing SOC agent focuses on forensic analysis of questionable emails, reportedly delivering results akin to a Level 2 analyst's evaluation in mere minutes. It investigates five different tracks, producing a conclusion that would typically take human analysts hours. This efficiency is crucial for managed service providers overseeing multiple client environments.

      The third agent, Phishing Simulation, leverages reconnaissance data gathered by Red Teaming to create highly personalized training scenarios. Instead of using generic phishing templates, it targets the organization's most at-risk employees with real OSINT-derived scenarios in their native languages.

      The broader context: an escalation favoring attackers

      IRONSCALES is making these advancements in a context that has become significantly more adversarial. Research noted in the company’s announcements reveals that 88 percent of organizations experienced AI-enabled security incidents in the past year. KnowBe4’s 2025 Phishing Threat Trends Report indicated that over 82 percent of analyzed phishing emails showed signs of AI involvement. A study by Hoxhunt reported a 14-fold increase in AI-generated phishing during the 2025 holiday season alone.

      The financial landscape has changed as well. Crafting a convincing spear-phishing operation that once required considerable time and expertise can now be accomplished using generative AI in just a few minutes with minimal prompts. IBM security researchers demonstrated that AI could create a phishing campaign as effectively as one produced by human experts in significantly less time.

      RSA Conference 2026 reflects these concerns. The focus on Agentic AI—systems capable of executing multi-step operations—is prominent this year. Microsoft’s keynote addresses the security of AI agents at a corporate scale, while multiple vendors unveil tools for detecting deepfakes. The discussion has shifted decisively from whether AI will alter email security to the urgency of how swiftly defenders can close the gap.

      Encryption and deepfake safeguards enhance the release

      In addition to the AI agents, the Winter 2026 release features integrated email encryption for outgoing messages, which IRONSCALES designed to meet compliance needs without adding complications. This system employs two encryption modes: policy-based protection for regulated content and user-initiated encryption for sensitive transactions.

      The release further extends IRONSCALES’ deepfake protection for Microsoft Teams, initially introduced in 2025. The improved voice detection now passively learns employee voice patterns during regular meetings, identifying impersonation attempts even when cameras are off. This enhancement is significant given the more than 700 percent year-over-year increase in deepfake-driven fraud, according to Cyble’s 2025 Executive Threat Monitoring data, with Gartner surveys showing that 62 percent of organizations faced deepfake attempts in the past year.

      Moving from reactive to preemptive, theoretically

      IRONSCALES presents a closed-loop architecture: reconnaissance informs detection, detection feeds training