New AI Tool from Hornetsecurity Helps Hosts Catch Outbound Mistakes in M365 Ecosystem

Hornetsecurity just released a new AI Cyber Assistant for Microsoft 365 that’s designed to simplify monitoring within the M365 ecosystem, including Hornetsecurity’s Email Security Analyst and Teams Protection for end users.

Using plain language, the assistant alerts users to suspicious activity in emails. The tool is fully multitenant and designed for hosts managing multiple customers.

It’s yet another example of bringing in the end user to the technical aspects of hosting with no deep technical knowledge required. Just like the rise of no-to-low-coding tools, simple language and automation are desired among the masses.

It comes at a good time: A recent industry report by Zivver shows that 66% of IT leaders say outbound email mistakes cause more data loss than inbound attacks. Hornetsecurity is also leveraging its recent partnering with AWS for more secure email communications.

And since Microsoft 365 has been hit extra hard lately — 88% of IT leaders are concerned about their Microsoft security, says Egress — that’s a problem for hosts offering M365 email services as part of their stack.

As part of its broader Microsoft 365 suite, the AI Cyber Assistant reviews reported messages using automated threat analysis and false positive reduction, weeding out harmless reports while giving users personalized feedback.

“Our new AI-powered Email Security Analyst automates responses to user queries about potential threats, alleviating the workload on SOC and service desk teams, while educating end users on the nature of attacks,” said Daniel Hofmann, CEO of Hornetsecurity.

That feedback loop is what the company calls “a vital factor in human firewall development.” Andy Syrewicze, Security Evangelist at Hornetsecurity, said it in simpler words — lightheartedly describing it as “trying to prevent end users from doing silly things.”

“We always talk about inbound email security, but very rarely do we look at it from the other direction, how to protect what’s leaving the organization,” Syrewicze said in an exclusive interview with HostingAdvice.

For example, somebody’s machine could become infected and used in a spam campaign or send emails to an external contact they don’t know, which may contain personally identifiable information.

In fact, reports show that the leading causes of data loss are tied to basic human error (supported by these findings from two previously cited studies):

• 90% of organizations have experienced email security incidents that are often triggered by basic human error
• 33% of employees admit to sending the wrong file
• 30% say they make email errors weekly
• 73% of employees are aware of email security policies, but only 52% actually follow them
• 64% have received email security training, yet over one-third in large organizations still find it ineffective
• Only 34% of email-related incidents are formally reported

The recipient validation is a feature that makes sure clients are connecting with people they know and that outgoing communicaiton doesn’t contain personal information.

“We’re calling that out to not only prevent the communication, but to train the end user for future communications,” Syrewicze said.

Microsoft Teams is also being exploited, especially as new tenants allow external chats by default, said Syrewicze:

“You have this business tool that people are used to using in their day-to-day lives, talking with their coworkers and talking about business issues and processes. Now, threat actors can use that to get to those end users and appear as a trusted entity within this application at the end user trust.”

Even with spam filters or phishing detection, Microsoft Teams has increasingly been on cyberattackers’ radars, especially over the past year, when multiple cybersecurity incidents have hit the megagiant hyperscaler:

• Hackers exploit trusted M365 domains or tenant misconfigurations to bypass security filters, making attacks more convincing and harder to detect
• Highly sophisticated phishing campaigns now leverage Microsoft’s own infrastructure, impersonating real tenants or Power Platform alerts
• In healthcare, 43% of email breaches in 2024 involved Microsoft 365 accounts, largely due to misconfigured authentication systems like DMARC

Hosts reselling or managing Microsoft 365 have seen their fair share of security no-nos. They also know that they have to deal with answering support tickets and cleaning up after misconfigured tenants (when something within the setup is insecure or incorrect, like external sharing being enabled by default).

What’s convenient is that Hornetsecurity’s Email Security Analyst is designed for hosting environments. Syrewicze has been there himself, having worked in managed services and data center operations. This latest release, he says, is built with that experience in mind.

“I spent a lot of time in managed services, so I feel the pain of this particular audience,” said Syrewicze. “All of our solutions are designed to be multi-tenant out of the gate, and after a short, quick onboarding wizard, really, the entire solution is manageable through a single pane of glass.”

It’s a great advantage for hosts managing SMB tenants in M365. The entire feature doesn’t just prevent security issues via M365 internally — it also trains end users so the attack window shrinks over time.

“AI is a buzzword — but Blue Team can use it too,” Syrewicze said. “We’re not replacing people. We’re giving them a better chance to stay secure without expecting perfection from every user.”