Cybersecurity company Barracuda on Wednesday unveiled Barracuda Integrated Email Protection, a new cloud-based email security platform designed to help organizations defend against increasingly sophisticated AI-powered attacks.
The announcement comes alongside new findings from Barracuda Research, which examined how modern attackers use artificial intelligence, phishing techniques, and authentication-bypass methods to compromise business environments at unprecedented speed.
According to the company, today’s email threats often continue evolving long after a message reaches a user’s inbox, making traditional point-in-time security tools less effective.
“Email is no longer a human-centric communication platform; it’s an operational fabric where humans and AI interact, making it a much bigger target and amplifying the speed, scale and impact of attacks when threats go undetected,” said Rohit Ghai, Chief Executive Officer at Barracuda, in the company announcement.
Five minutes from email to compromise
As part of its latest Red Team exercise, Barracuda simulated a multi-stage cyberattack using commonly available tools and AI-generated content.
Researchers found that attackers could move from an initial phishing email to endpoint compromise and long-term persistence in as little as five minutes.
The attack chain began with an AI-generated phishing email that mimicked a legitimate Microsoft SharePoint notification. After the victim clicked the malicious link, attackers used an adversary-in-the-middle technique to capture login credentials and session tokens.
The simulation then introduced a ClickFix scam, a growing tactic that tricks users into running malicious commands disguised as troubleshooting steps. Once executed, the attack established persistence on the endpoint, giving attackers a foothold for future activity.
The report warns that modern phishing campaigns are becoming increasingly convincing because AI tools can generate realistic, error-free messages that closely resemble legitimate business communications.
New protection focuses on the entire attack lifecycle
Barracuda says its new Integrated Email Protection platform was built to address threats that evolve after email delivery.
Powered by AI and integrated into the company’s BarracudaONE platform, the solution continuously monitors and evaluates activity across email, identity, network, application, and data environments. Among the new capabilities are automated threat investigation and remediation, post-delivery message clawback, unified quarantine management, and tenant-wide response actions designed to reduce manual security work.
The platform also includes Bailey, Barracuda’s AI assistant, which provides explanations of security decisions and helps administrators understand verdicts from Microsoft 365, Google Workspace, and Barracuda security tools.
Growing risk beyond the inbox
Barracuda’s research highlights how email attacks increasingly serve as the starting point for broader compromises.
According to the company, one in seven compromised accounts is now used to launch additional attacks against other users or systems. The company expects this figure to rise as threat actors continue adopting AI-powered automation.
The findings show that attackers are no longer relying solely on malware attachments or suspicious links. Instead, they are combining social engineering, AI-generated content, and authentication bypass techniques to evade traditional defenses.
Recommendations for organizations
To reduce exposure to these threats, Barracuda recommends that organizations adopt phishing-resistant multifactor authentication, strengthen email authentication controls such as DMARC, SPF, and DKIM, monitor suspicious login activity, and limit access to risky system tools.
The company also advises businesses to move toward continuous, automated security monitoring rather than relying solely on user awareness training or email filtering technologies.
Barracuda said its new platform can be deployed through an API-based architecture without requiring changes to existing mail flow, allowing Microsoft 365 and Google Workspace customers to add protection with minimal disruption.