Full Report
Proofpoint’s annual survey of 1,453 security professionals shows that organizations hit by an AI incident saw threats appear across every collaboration channel, not just the inbox.
Analysis Summary
# Incident Report: Multi-Channel AI-Mediated Threats
## Executive Summary
A global survey of 1,453 security professionals reveals that AI-related security incidents are no longer confined to email, increasingly spreading across SaaS applications, AI assistants, and collaboration platforms. Approximately 42% of surveyed organizations experienced an AI-related incident, highlighting a significant shift as attackers leverage AI to automate credential theft and the execution of untrusted code across the enterprise collaboration stack. The lack of cross-channel visibility remains a critical vulnerability for most organizations.
## Incident Details
- **Discovery Date:** January 2026 (Survey period)
- **Incident Date:** Ongoing/Multi-incident analysis (covering previous 12 months)
- **Affected Organization:** 42% of 1,453 surveyed organizations
- **Sector:** Cross-sector (Global distribution)
- **Geography:** US, UK, France, Germany, Italy, Spain, UAE, Australia, Brazil, India, Japan, and Singapore.
## Timeline of Events
### Initial Access
- **Date/Time:** Variable (Current threat landscape)
- **Vector:** Phishing, Social Engineering, and Malicious Files.
- **Details:** Email remains the primary entry point (67%), but attackers are increasingly using secondary channels like Slack, Teams, and file-sharing platforms to initiate breaches.
### Lateral Movement
- Attackers move from compromised email accounts into SaaS/Cloud apps (57%) and AI assistants/agents (53%). The movement often leverages the interconnected nature of modern AI tools used for chat summarization and customer support.
### Data Exfiltration/Impact
- **Mishandling of Sensitive Data:** Users and AI agents interacting with malicious prompts result in data leakage.
- **Credential Loss:** Attackers utilize AI-mediated drafting and summarization to harvest credentials across collaboration tools.
### Detection & Response
- **Detection:** Discovered predominantly through manual investigation or siloed security alerts.
- **Response actions:** High reliance on manual correlation; 41% of organizations reported extreme difficulty correlating these threats across multiple platforms.
## Attack Methodology
- **Initial Access:** Phishing (Email), Impersonated IT support (Teams), and Malicious Prompt Engineering.
- **Persistence:** Maintaining access through compromised SaaS sessions and cloud-integrated AI assistants.
- **Privilege Escalation:** Exploiting AI agent permissions used for customer or technical support.
- **Defense Evasion:** Using AI to generate unique, non-signature-based content that bypasses traditional email filters.
- **Credential Access:** Prompt engineering and social engineering via collaboration apps (e.g., Slack/Teams).
- **Discovery:** AI-driven reconnaissance of internal documentation via chat summarizers.
- **Lateral Movement:** Shifting from email to SaaS apps and collaboration tools.
- **Collection:** Gathering data through automated chat summarization and file-sharing interceptions.
- **Exfiltration:** Exfiltrating data through AI-assistant outputs or unsanctioned cloud app interfaces.
- **Impact:** Operational disruption, execution of untrusted code ("SNOW" malware suite identified in related Team-based attacks), and data compromise.
## Impact Assessment
- **Financial:** High (Linked to tool sprawl management and incident recovery costs).
- **Data Breach:** High risk; involving sensitive customer support logs and internal chat history.
- **Operational:** Significant disruption due to "tool sprawl" (95% find managing multiple security tools challenging).
- **Reputational:** Increased risk as threats move to customer-facing AI support agents.
## Indicators of Compromise
- **Network indicators:** Traffic to [hxxp]://unrecognized-ai-agent-endpoints[.]com; unauthorized API calls to Slack/Teams integrations.
- **File indicators:** "SNOW" malware suite (custom three-part suite used in Teams impersonation).
- **Behavioral indicators:** Unusual chat summarization patterns, AI agents requesting elevated permissions, or customer support bots drafting uncharacteristic outbound messages.
## Response Actions
- **Containment measures:** Isolation of compromised SaaS accounts; disabling untrusted AI integrations.
- **Eradication steps:** Revoking OAuth tokens for suspicious third-party apps and AI agents.
- **Recovery actions:** Transitioning toward a "collaboration firewall" model to unify security visibility.
## Lessons Learned
- **Visibility Gap:** Only 33% of organizations feel prepared to investigate AI-specific incidents.
- **Tool Fragmentation:** Managing disparate security tools creates "blind spots" that attackers exploit as they move between email and Slack/Teams.
- **AI Amplification:** AI is not necessarily creating new threat types but is drastically amplifying existing risks like credential theft and untrusted code execution.
## Recommendations
- **Unified Security Architecture:** Move toward a unified platform to correlate threats across email, SaaS, and collaboration tools.
- **AI Agent Governance:** Implement strict permission protocols for AI assistants used in customer support or internal summarization.
- **Cross-Channel Monitoring:** Deploy a "collaboration firewall" to monitor and filter communications beyond the email inbox.
- **Enhanced Training:** Update security awareness training to include "prompt engineering" awareness and verification of IT support on collaboration platforms.