Like Outlook, Apple Mail, and other email services, the Gmail app from Google also requires a rethink. AI is the cause of this, and not in a positive way. Since the most well-known large language models (LLMs) are already capable of designing, developing, and even carrying out attacks, Symantec, Cofense, and, most recently, Hoxhunt warn that unbeatable AI attacks are now unavoidable. However, users of Gmail must make a decision more quickly because of a serious issue with its most recent modifications.
3 billion Google users will need to choose their privacy settings
As spear phishing assaults customized for a specific victim become more common, Hoxhunt claims that AI agents can now out-phish elite human red teams on a large scale. According to Google and Microsoft, among other companies, they intercept over 99 percent of spam and malware whose purpose is to attack email inboxes. Millions of messages still manage to get through before the current wave of AI attacks turns into an unstoppable tsunami.
Not only is AI making email threats more powerful and difficult to identify, but attackers are now using the constant parade of security and captcha-style verifications against us, figuring out how to take advantage of this to improve their operations. Moreover, the latest warning comes from Cofense, which recently revealed a clever and innovative new method that uses precision-validated phishing to up their credential phishing tactics. This method uses real-time email validation to make sure that only high-value targets are phished. Thus, some experts stated that rather than evolutionary add-ons, email needed a fundamental reform.
An improvement to more accurately mimic the instantaneity and conciseness of messaging apps that are displacing email among users both inside and outside of the office. The implementation of secure and private on-device threat defense and filtering, and a modification that incorporates security rather than adds it. Once more, as we now anticipate from other communication platforms. Email requires a rethink because it cannot be modified to fit. Furthermore, even if many of Gmail’s recent innovations—such as cloud-based AI screening, increased sender authentication, and shielded addresses—are welcome, the company’s two most recent changes highlight how difficult it is to improve upon what we now have.
It was reported last month that Google will make end-to-end encrypted emails easy for all organizations that use Gmail. The table-stakes security that we depend on for text, phone, and video communications is provided by this. But because of its open architecture, email makes it more difficult. Businesses will be the first to experience this change as a result. Following Google’s game-changing news that Gmail would be introducing end-to-end encrypted messages, there was a lot of excitement, but Ars Technica and others have qualified it. Email security is not E2EE since the keys that secure email traffic are stored on the client-side infrastructure rather than at the end.
True end-to-end encryption might be an important update to consider
The client itself is where true end-to-end encryption (E2EE) controls the key exchange between the sender and the recipient. Only walled gardens offer E2EE email and manually password-protect outbound email, like Proton. GSMA’s RCS E2EE update and Meta’s third-party chats will allow for (almost) complete E2EE between various walled gardens. RCS is the first large-scale messaging service to support interoperable E2EE between client implementations from different vendors. Naturally, there isn’t a straight read-through to email. However, it raises the bar.
Gmail is protected by Workspace’s Client-Side Encryption (CSE), which provides data privacy through end-to-end encryption that Google servers and third parties cannot decrypt. This function is especially useful for enterprises that store sensitive or regulated data, rather than personal communications. Google has added an AI-based relevancy search tool to Gmail, which allows users to identify relevant emails faster and more efficiently. The functionality now examines factors such as recency, most-clicked emails, and frequent contacts, ensuring that emails show at the top of search results.
By doing this, Google prioritizes respecting users’ privacy while providing them with choice and control over their data. This tool is one of the “smart features” that users can control in their personalization settings, allowing AI to access their data without compromising their privacy. Nonetheless, bear in mind that E2EE and AI search are not compatible due to their legacy communication architecture, which is not designed for modern usage. Google has confirmed that due to the lack of decryption keys, E2EE messages are not included in AI search.
