In practice, hacking people often proves easier than directly attacking systems. The vast majority of cyberattacks, therefore, begin with human interaction. That is why the focus of security strategies is shifting increasingly towards human-centric security. AI is playing an increasingly dominant role in this approach to security.
During the Proofpoint Protect 2025 conference in Nashville, we heard more about this from CTO, Engineering, Michael Frendo, and Chief AI & Data Officer Daniel Rapp. Proofpoint has actually built its AI strategy around three pillars, enabling the platform to benefit from the technology across the board. The company aims to provide the best threat detection to protect people and data within organizations effectively. To this end, Proofpoint launched a series of AI models called Nexus during last year’s Protect conference. Since these Nexus models run within the human-centric security platform, they are constantly updated to provide the latest protection.
Threat detection as a foundation
Proofpoint has been utilizing machine learning models in its solutions since its founding in 2002. However, the effectiveness of models has increased significantly in recent years, according to Frendo and Rapp. The advent of generative AI has had a particular impact on this. The company now achieves a detection efficiency of 99.99 percent. As a result, the majority of attack attempts can be detected at the basic level.
To achieve this, the company uses a phased approach to email security. Simple detection methods first filter out known threats. More complex AI models then come into play for refined analysis. This approach prevents emails from being held unnecessarily long for inspection. “We have different AI models that detect specific things, such as context models and sentiment models,” says Frendo. The focus is on effective detection within short processing times.
In addition, threat detection is expanding to other communication channels. Originally, Proofpoint was primarily concerned with email security, but with threat actors shifting to platforms such as WhatsApp, Teams, and Slack, additional protection is also needed there. Proofpoint is therefore applying its knowledge from the email domain to these new attack vectors. The models can also do their work there.
SOC reinforcement with Satori
The second pillar of Proofpoint’s AI strategy is somewhat newer and focuses on supporting Security Operations Center (SOC) analysts. To this end, the security company launched Satori, a series of AI agents, during Proofpoint Protect 2025. These are intended to serve as a “force multiplier” for security teams under increasing pressure. The name Satori refers to the Japanese Zen concept of sudden insight, which in turn ties in with what the agents want to achieve: providing SOC analysts with quick clarity and overview in the chaos of security threats.
Satori utilizes agentic AI to assist analysts in processing the increasing number of security alerts. The number of threats has quadrupled in recent years, further increasing the pressure on SOC teams. The system is deliberately deployed as a “supervised agent.” All recommended actions require human approval before they are executed. Frendo and Rapp emphasize that Proofpoint is taking a cautious approach with these AI agents. They perform relatively difficult tasks for agents. The intention is to make more Satori agents available, allowing the SOC to work more autonomously.
Readour background story for more information about what Satori agents can do.
Proofpoint is also collaborating with partners such as Microsoft and CrowdStrike. Satori’s capabilities are being integrated into Security Copilot and Fusion SOAR. These collaborations aim to enhance the effectiveness of security operations.
Securing AI implementations
The third and final pillar of Proofpoint’s approach involves helping companies securely implement AI technology. To this end, Proofpoint is introducing the Security Agent Gateway and tools to prevent data exposure. “AI technology is moving very quickly and is not inherently secure,” warns Frendo. Prompt injection and other attack techniques pose real risks to organizations that use AI.
Proofpoint expects more interactions between agentic systems than between humans within 18 months. This explosive growth in automated communication creates new security challenges. The company is therefore implementing strict AI security mechanisms. Actions are never performed automatically, audit functions record all actions, and a kill switch makes it possible to stop processes immediately.
Continuous adaptation required
Proofpoint emphasizes that cybersecurity is a dynamic playing field. The company adapts its product several times a day to respond to new threats. The Nexus models are updated an average of 2.5 times per week. According to Proofpoint, this continuous adaptation poses a unique technical problem. The gentlemen indicate that they have never worked on a product that undergoes such frequent changes.
The combination of threat intelligence, operational systems, and AI advances should provide users with a more powerful security platform. Proofpoint states that it invests more in AI than many of its competitors, with a significant portion of its development capacity dedicated to AI applications.
Finally, the company is working on further integration between its various product lines. Data collected from email security is also used for data protection. This synergy should enable a more comprehensive security strategy for customers.