IRONSCALES adds AI agents to counter next‑gen phishing

IRONSCALES has introduced three artificial intelligence agents designed to detect and respond to more convincing phishing campaigns, alongside new outbound email encryption and expanded deepfake protection for Microsoft Teams.

The Winter 2026 Release centres on an "agentic architecture" built around Red Teaming, Phishing SOC and Phishing Simulation agents. The update also includes leadership appointments: Steven Malone as Chief Strategy Officer and Amit Bluman as Senior Vice President of Research & Development.

Phishing focus

The update targets the rise in AI-assisted social engineering, including messages that mimic executives, suppliers and partners. IRONSCALES describes the shift as moving from purely reactive controls to earlier identification of likely attack paths.

Research cited from Osterman Research found that 88% of organisations experienced at least one security incident in the past 12 months that undermined trust in digital communications. More than 80% reported heightened attacker interest in exploiting trusted channels, and nearly one in five security leaders said awareness training alone is no longer effective against AI-enhanced threats.

"Phishing 3.0 is flawless impersonation at scale. Attackers use AI to research organizations, craft personalized lures, and bypass pattern-based detection on the first attempt. No malicious payloads, just pure social engineering," said Eyal Benishti, CEO of IRONSCALES.

"Legacy solutions weren't built for this. But our new agents enable the shift from reactive to preemptive email security, allowing CISOs and their teams to stay ahead," Benishti said.

Three agents

The Red Teaming Agent conducts open-source intelligence reconnaissance across sources such as social media, press releases and job postings, IRONSCALES said. It maps exposure and uses the findings to adjust detection before an attack arrives. The company describes this as a way to model organisation-specific lures rather than rely on generic threat intelligence.

The Phishing SOC Agent automates investigation of suspicious emails and produces a security assessment with a verdict, evidence and reasoning, according to IRONSCALES. The output is intended for cases such as executive escalations and supplier impersonation that require more detail than a simple risk score.

The Phishing Simulation Agent generates personalised phishing simulations based on open-source intelligence. IRONSCALES said it can tailor content to a user's role and language, assess likely vulnerability, and then generate targeted test messages.

"Security teams are stretched thin," said Audian Paxson, principal technical strategist at IRONSCALES.

"The Osterman data confirms what CISOs already know: the threat has outpaced the tooling. These agents don't replace your team - they augment what your team can do. You get preemptive threat modeling, forensic-depth investigation on demand, and simulations calibrated to the actual attacks targeting your people. No additional headcount required," Paxson said.

Outbound encryption

IRONSCALES has also added integrated email encryption for outbound messages. It applies protection in two ways: policy-based encryption for sensitive or regulated content, and user-initiated encryption for messages that need extra protection.

The release includes centralised management features for security teams, along with controls intended to support governance, risk and compliance requirements. IRONSCALES also said the combined inbound and outbound email security offering is aimed at managed service providers.

Teams deepfakes

IRONSCALES expanded its deepfake protection for Microsoft Teams, focusing on voice-based impersonation and simpler rollout. The company said the updated capability learns employee voice patterns from normal meeting participation and can flag suspected impersonation attempts even when cameras are off.

Automatic profile learning is also part of the update. IRONSCALES said identity profiles can build passively as users join Teams meetings, reducing reliance on manual enrolment. Manual uploads remain available for organisations that want to ускорить deployment.

Benishti said customer feedback drove the deployment changes.

"The biggest question we heard from customers about deepfake protection was, 'how do I actually roll this out at scale?' Automatic profile learning answers that. Your employees don't have to do anything different. The system learns as they work," Benishti said.

IRONSCALES said it protects more than 17,000 organisations globally and is based in Atlanta. The release and leadership hires signal continued investment in countering phishing and impersonation attacks spanning email, account compromise and real-time collaboration tools.