The physical infrastructure of digital operations within a contemporary data center.
IRONSCALES AI Email Security: New Agents and Threat Intelligence at RSAC 2026
IRONSCALES has announced the introduction of new AI email agents and a threat intelligence series at RSAC 2026. This strategic move aims to shift from reactive detection to preemptive security measures. The company seeks to counter increasingly sophisticated phishing campaigns with advanced IRONSCALES AI email security.
What Happened
Ahead of the RSA Conference in San Francisco, IRONSCALES detailed its latest offerings. The announcement includes a new threat intelligence initiative named the “Email Attack of the Day” series. Additionally, the company will provide live demonstrations of three AI agents from its Winter 2026 platform release. IRONSCALES is working to reposition itself as a preemptive security partner in the cybersecurity landscape.
Details From Sources
“Email Attack of the Day” Intelligence Series
The “Email Attack of the Day” intelligence series draws on anonymized threat data. This data comes from over 17,000 customer organizations. Its purpose is to surface real-world email attack patterns with technical context. This helps security teams recognize new tactics before they spread. IRONSCALES frames this series as a complement to its “Phishing 3.0” defenses. The company announced these developments.
Three AI Agents and Architecture
Three new AI agents are part of the Winter 2026 release. These are the Red Teaming, Phishing SOC, and Phishing Simulation agents. Each agent is purpose-built, not layered on a general-purpose large language model. Audian Paxson, principal technical strategist at IRONSCALES, noted this design choice is more efficient. It allows for encoding domain-specific expertise effectively.
Red Teaming Agent
The Red Teaming agent performs continuous reconnaissance. It generates tailored attack simulations based on an organization’s public footprint. This includes social media, executive communications, and org charts. These simulations feed into detection models. This hardens defenses against specific phishing campaigns.
Phishing SOC Agent
The Phishing SOC agent handles forensic investigation of suspicious emails. It aims to deliver a Level 2 analyst’s assessment in minutes. The agent examines five investigative tracks and produces a verdict quickly.
Phishing Simulation Agent
The Phishing Simulation agent uses reconnaissance data from the Red Teaming agent. It creates hyper-personalized training simulations. These target high-risk employees with scenarios from real OSINT data in their native language.
Additional Winter 2026 Release Features
The Winter 2026 release also introduces integrated email encryption. This feature is for outbound messages. It is designed for compliance requirements with both policy-based and user-initiated modes. Enhanced deepfake protection has been extended for Microsoft Teams, initially introduced in 2025. This enhanced voice detection passively learns employee voice patterns to flag impersonation attempts.
Why This Matters
These IRONSCALES AI email security innovations address a critical need. They emerge against a backdrop of increasing AI-powered security incidents and phishing attacks. Generative AI has lowered the effort needed to create sophisticated campaigns, shifting the economics of phishing. The RSAC 2026 cybersecurity agenda reflects anxiety around agentic AI. It also focuses on securing AI agents and deepfake detection. This focus highlights growing industry concerns.
Background Context
Historically, the inbox has been a “softest entry point” in enterprise security. Phishing campaigns have become more convincing and personalized. They are increasingly powered by generative AI. Traditional security tools often operated in a reactive cycle. This involved waiting for an attack, analyzing it, then responding.
Related Data or Statistics
- 88% of organizations reported falling victim to AI-powered security incidents within the past 12 months.
- KnowBe4’s 2025 Phishing Threat Trends Report found over 82% of phishing emails analyzed contained indicators of AI assistance.
- Hoxhunt analysis documented a 14-fold surge in AI-generated phishing over the 2025 holiday period.
- IBM security researchers demonstrated AI could build a phishing campaign as effective as human experts, needing five prompts instead of 16 hours of work.
- Deepfake-driven fraud increased over 700% year over year, according to Cyble’s 2025 Executive Threat Monitoring data.
- Gartner surveys indicate 62% of organizations experienced a deepfake attempt in the past year.
Future Implications (SPECULATIVE)
IRONSCALES’ underlying pitch suggests a closed-loop architecture for its email security agents. Reconnaissance data feeds detection models, detection insights inform training, and improved training enhances recognition. Eyal Benishti, IRONSCALES’ CEO, describes this approach as distinct from competitors. He highlights using OSINT-driven attack generation to improve detection first. The effectiveness of these AI-powered phishing defense solutions will ultimately depend on agent performance. This includes scaling across diverse customer environments. The email security market remains highly competitive.
Conclusion
IRONSCALES is making a strategic move towards preemptive IRONSCALES AI email security. The company’s introduction of new AI agents and a threat intelligence series marks this shift. Defenders continue to face an ongoing challenge in confronting the next wave of AI-powered phishing campaigns.
See Live Demonstrations at RSAC 2026
Attendees at RSAC 2026 can see the IRONSCALES platform demonstrated live. Visit Booth #4600 in the North Expo for more information.
FAQ Section
Q1: What did IRONSCALES announce at RSAC 2026?
A1: IRONSCALES announced a new “Email Attack of the Day” threat intelligence series and live demonstrations of three new AI email agents: Red Teaming, Phishing SOC, and Phishing Simulation.
Q2: What is the purpose of IRONSCALES’ new AI email agents?
A2: The agents are designed to provide preemptive defense against phishing, with Red Teaming generating tailored attack simulations, Phishing SOC investigating suspicious emails, and Phishing Simulation creating personalized training.
Q3: How is the “Email Attack of the Day” series intended to help security teams?
A3: It draws on anonymized threat data from over 17,000 customer organizations to surface real-world email attack patterns and provide technical context, helping teams recognize new tactics proactively.
Q4: What other features are part of the IRONSCALES Winter 2026 release?
A4: The Winter 2026 release also includes integrated email encryption for outbound messages and enhanced deepfake protection for Microsoft Teams.
Q5: Why is IRONSCALES focusing on preemptive defense?
A5: The focus is due to the increasing sophistication of AI-powered phishing campaigns, which generative AI has made faster and easier to create, making traditional reactive security methods less effective.
