Proofpoint joins AWS Security Hub Extended for email AI

Proofpoint has integrated its Proofpoint Collaboration Protection product with the Extended plan in AWS Security Hub, adding an email and collaboration security option to Amazon Web Services' curated marketplace of third-party security tools.

The integration brings Proofpoint's threat protection for email, messaging and collaboration services into AWS Security Hub's Extended plan. AWS Security Hub aggregates security findings and tools for customers running workloads on AWS.

For customers, the integration is designed to simplify procurement and operations. The AWS Security Hub Extended plan uses a single-vendor purchasing model that combines contracting, billing and support. Customers buying Proofpoint Collaboration Protection through the plan can use one contract, receive one bill and access consolidated support.

Security hub extended

AWS Security Hub Extended plan groups AWS detection services with selected partner products across categories including endpoint security, identity, security operations and artificial intelligence. AWS positions the plan as a curated set of enterprise security solutions with simplified purchasing and deployment. It is available in all commercial AWS regions.

Proofpoint Collaboration Protection focuses on threats delivered through workplace communications. It covers email, messaging and collaboration tools, aiming to stop attacks before they lead to account compromise or fraud.

The product also includes controls for spam and "grey mail"-legitimate but unwanted bulk messages such as newsletters and marketing communications. It provides an interface for managing these message types alongside security threats.

The service also includes user coaching, with real-time prompts intended to improve employee awareness when they encounter suspicious messages. This reflects a wider industry shift toward models that combine technical filtering with user-facing nudges and reporting workflows.

AI detection

Proofpoint says its collaboration security offering uses its Nexus AI detection stack, which combines threat intelligence, machine learning, relationship graphs, large language models and computer vision.

In practice, the system analyses messages and related signals to detect social engineering and impersonation attempts. The approach aligns with the market's growing focus on AI-assisted content analysis, as attackers increasingly use generative AI to refine phishing lures and evade traditional filters.

Proofpoint says the product addresses threats including phishing, business email compromise, ransomware, email bombing, callback phishing and other social engineering techniques. It also cited hidden prompt injection as an AI-driven risk, as organisations experiment with generative AI features embedded in communications and productivity tools.

Proofpoint also made a performance claim, saying the system delivers 99.999% efficacy against sophisticated threats, including phishing attacks and business email compromise.

Channel and buying

The integration also underscores the importance of cloud marketplaces as a route to market for security vendors. Many large organisations prefer to buy security tools through existing cloud purchasing frameworks, particularly when those tools attach to cloud workloads or integrate with cloud-native services.

Under the AWS Security Hub Extended plan model, customers receive a package of partner tools alongside AWS services. The commercial structure is intended to reduce friction for security teams that would otherwise manage multiple procurement processes and separate vendor support arrangements.

The announcement also highlights the increased emphasis on collaboration platforms as a primary attack surface. Attackers have expanded their focus from email alone to include chat platforms and file-sharing tools. Many organisations now treat collaboration security as a separate control set, particularly where third-party apps and automated workflows broaden access to sensitive data.

Tom Corn, Executive Vice President and General Manager, Threat Protection Group at Proofpoint, said the integration supports broader detection and response across environments.

"AWS Security Hub Extended delivers what enterprises need most: unified detection and response across their entire attack surface, with proven cybersecurity protection at scale. The integration makes it easier for organizations to protect their people, defend their data, and govern AI with security built for how people work today. We're strengthening defense-in-depth while reducing complexity, helping customers improve their security posture faster and drive more consistent, resilient outcomes across their cloud environments."

Proofpoint says it works with more than 80 of the Fortune 100 and more than 10,000 large enterprises, alongside smaller organisations. The company has been expanding its emphasis on human-centric security, blending traditional email protection with controls aimed at collaboration tools and emerging AI-driven workflows.

The Extended plan integration is available now across commercial AWS regions, with Proofpoint Collaboration Protection offered as part of the curated set of security solutions.