Phishers aren’t just after your employees—they’re after your analysts’ sanity.
Every time someone dutifully hits the “Report Phish” button, a security operations center (SOC) analyst somewhere sighs. The flood of user-reported emails has become an Informational Denial-of-Service (IDoS) attack on human attention: near-zero cost for attackers, pricey hours for defenders.
Industry tallies show 66 % of SOC teams can’t keep up with incoming alerts, and the asymmetry is brutal. A single attacker can spin up thousands of decoy messages; each one still demands minutes—sometimes hours—of analyst time to clear.
The old guard’s answer was rule-based automation. Whitelist a domain, watch crooks spoof it tomorrow. Deduplicate on subject lines, they tweak a character. These predictable blind spots let the one carefully crafted spear-phish—aimed at a privileged user—slip through while analysts chase ghosts.
Start-ups now pitch agentic AI triage that promises sub-five-minute, decision-ready investigations with auditable reasoning chains instead of black-box verdicts.
“When a phishing investigation takes 12 hours instead of five minutes, the outcome can shift from a contained incident to a breach.”
Nice pitch, but the real test is whether these models survive a weekend spam tsunami without catching fire. If investigative speed buckles under volume, the phishers still win—and they still pay nothing to keep the noise coming.
Source: Thehackernews | Arxiv