SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Shield protecting email envelope from digital threats with ai abstract shapes
#
Advanced Persistent Threat Protection
#
Email Security
#
DLP

Proofpoint launches new defences as AI email attacks surge

Thu, 25th Sep 2025
Author image
By Jed Nykolle Harme, Editor

Cyber attackers are embedding malicious prompts in emails to manipulate AI assistants, increasing risks of data loss and system compromise for businesses adopting such tools.

As the integration of AI assistants such as Microsoft Copilot and Google Gemini becomes more widespread in workplaces, organisations are facing a new set of threats. Attackers are now employing so-called "prompt injection" attacks, delivering crafted texts through email to mislead AI models into leaking sensitive information or carrying out unintended actions.

The threat is not theoretical, especially in markets like Singapore, where 91% of Chief Information Security Officers reported a material data loss in the past year. This figure represents a nearly threefold increase from the previous year, illustrating the escalating scope and severity of attacks leveraging AI capabilities.

New security measures

To address these emerging challenges, Proofpoint has announced a suite of technologies and tools designed to secure what it terms the "agentic workspace"-environments where humans and AI agents collaborate closely. These solutions focus on four key areas: protecting AI assistants from direct targeting, strengthening data loss prevention measures, establishing governance over generative AI and agents, and deploying AI-powered security automation.

"The agentic workspace is here and one of the most profound shifts in terms of how work gets done. Protecting the agentic workspace is the next evolution of human-centric security, extending beyond people to safeguard AI agents and the points where they collaborate and share data. Our mission is to ensure our customers can confidently embrace AI, knowing we will protect them and their data against emerging threats," said Sumit Dhawan, CEO of Proofpoint. 

One notable feature is the pre-emptive blocking of AI-specific email exploits. As malicious prompts concealed in emails can manipulate both users and AI systems, Proofpoint's Prime Threat Protection seeks to intercept these messages, minimising risks before they reach users' inboxes.

Comprehensive data oversight

Proofpoint is also introducing Data Security Complete and AI Data Governance to provide unified protection for information assets. Data Security Complete enables organisations to identify, classify, and control sensitive data throughout their ecosystem. Through autonomous custom classifiers, the system can automatically distinguish and track data with minimal human input, supporting a consolidated view of risk that includes possible exfiltration and configuration issues. The solution integrates data loss prevention, insider threat measures, and data lineage management within a single platform.

AI Data Governance aims to offer oversight over both approved and unauthorised uses of AI, allowing policies to be implemented that detect and prevent exfiltration or privacy breaches. Automated workflows assist security teams and content owners in maintaining compliance and visibility.

Securing organisational AI agents

Beyond protecting people, Proofpoint is focusing on the activities of AI agents set up by organisations. The Secure Agent Gateway, built using Model Context Protocol, is designed to monitor and control AI agent interactions with sensitive data. The system enforces usage policies, monitors activity, and ensures data sharing is tightly regulated, working in concert with Data Security Complete to secure information flows between both human and AI participants.

Support for security operations teams

The company has also introduced Proofpoint Satori Agents and Satori MCP Access, tools aimed at streamlining and scaling security operations. Satori Agents automate tasks such as managing data loss alerts and resolving user-submitted email threats, which can reduce workload and alert fatigue for security teams. Satori MCP Access allows external agents, such as CrowdStrike Charlotte and Microsoft Copilot, to interact with Proofpoint's agents for collaborative security management. Model Context Protocol enables integration between different security solutions.

"The rise of the agentic workspace is reshaping cybersecurity at its core. By uniting collaboration and data security, we are redefining how organizations secure work in the age of AI. Proofpoint is the first to deliver a solution that enables organizations to find where their data is, understand what it is, and protect what both people and agents do with it, giving them the confidence to innovate, collaborate, and scale safely with AI woven into their most critical workflows," said Ryan Kalember, Chief Strategy Officer at Proofpoint. 

The new technologies are scheduled for phased rollout, with AI exploit detection via email planned by the end of 2025. Data Security Complete is available initially, with subsequent features and products entering phased availability throughout 2025 and into 2026.

Related stories
Proofpoint buys Acuvity to secure AI agents at work
Okta unveils tools to detect & govern shadow AI risks
Arctic Wolf unveils Aurora managed endpoint tools for MSPs
Gartner warns misconfigured AI could halt G20 power
Okta warns of North Korean fraud in remote tech hiring

Top stories

AI-driven ransomware attacks surge, most go unreported
OPSWAT names Jan Miller CTO to lead new Technology Centre
eBPF report shows efficiency, security gains at scale
Securing the digital classroom: A layered cybersecurity approach for K-12 schools
LummaStealer returns post-takedown with ClickFix ruse