An Executive's Inbox Was Silently Plundered for Five Months. Here's What That Tells Us About AI-Assisted Attacks
A stock exchange executive had their Outlook mailbox compromised for five months without anyone noticing. Five months. That's not a brief intrusion — that's an attacker making themselves comfortable, reading emails, learning routines, and almost certainly exfiltrating anything useful. The kind of access that turns a single vulnerability into a long-term intelligence operation.
What makes cases like this increasingly common is the role AI now plays on the offensive side of the equation. Finding exploitable gaps in software used to require significant human expertise and time. Now, AI models can scan codebases, identify logic flaws, and surface attack vectors faster than most security teams can patch them. The threat landscape has quietly shifted, and a lot of organisations haven't caught up.
So what should technically literate people actually do about it? Here's a grounded look at the practical steps that matter.
Patch faster than your attackers can act
This sounds obvious until you look at how long most organisations take to apply patches. Weeks, sometimes months. AI-assisted discovery means vulnerabilities can be weaponised faster than ever, which compresses the window between disclosure and exploitation to something uncomfortably short. Automated patch management isn't optional anymore — it's baseline hygiene.
Treat privileged accounts as high-value targets
Executive mailboxes are gold. They contain board communications, deal flow, sensitive personnel matters, regulatory filings. Attackers know this. Multi-factor authentication, conditional access policies, and strict limits on which applications can connect to email accounts should be non-negotiable for anyone at director level and above. If your C-suite is still using legacy authentication protocols, that's a fire waiting to start.
Monitor for anomalous access, not just intrusion attempts
The five-month dwell time in this case is a damning indictment of detection capabilities. Modern attackers don't trigger alarms — they blend in. Monitoring needs to focus on behavioural anomalies: logins from unusual locations, access at odd hours, bulk email reads, unexpected mail forwarding rules being created. The latter is a classic persistence technique and embarrassingly easy to catch if you're looking.
Audit your OAuth and third-party application permissions
A lot of persistent email access isn't achieved through brute force — it's through OAuth tokens granted to third-party apps, which survive password resets and often go unreviewed for years. Regular audits of what applications have access to your mail environment, and what permissions they hold, will surface more problems than most organisations expect.
Run adversarial testing with AI in scope
If attackers are using AI to find vulnerabilities, your red team should be doing the same. Traditional penetration testing schedules are too slow and too narrow. Continuous attack surface monitoring and AI-assisted vulnerability scanning should be part of your security programme — not as a replacement for human testers, but running alongside them.
None of this is revolutionary. What's changed is the urgency. AI has made the offensive side faster, cheaper, and more accessible to a broader range of threat actors. The organisations that respond by accelerating their own defences will fare considerably better than those still treating security as a compliance checkbox.