A New Paradigm for Phishing: Menlo Security and Google Gemini Unite to Fight AI with AI

The cyber threat landscape is in a state of constant evolution. Threat actors are no longer relying on simple, recognizable attack methods. Instead, they are leveraging AI to create sophisticated, never-before-seen social engineering and brand impersonation attacks that are highly effective at evading traditional, signature-based security tools. These "zero-hour" phishing campaigns operate in every language and across the globe, leaving organizations vulnerable to threats like fake CAPTCHA pages, tech support scams, and advanced phishing that bypass conventional security.

The problem is clear: if attackers are using AI to create threats, we need to use AI to defend against them.

Menlo Security and Google have come together to meet this challenge head-on. By integrating Menlo HEAT Shield AI with the advanced generative AI analysis of Google Gemini, we are delivering an unparalleled, multi-layered defense that is redefining browser security.

The Power of a Multi-Layered, AI-Driven Defense

Traditional security solutions often fall short because they operate on a limited set of data. They look for known malicious URLs or signatures, but they can't detect a novel attack in real-time. The unique partnership between Menlo and Google is a paradigm shift, moving beyond these limitations to a proactive, AI-driven defense that stops threats before they can cause harm.

Menlo Security HEAT Shield AI, now including Generative AI Analysis from Google Gemini, delivers expanded protection against never-before-seen social engineering and & brand impersonation attacks that target users via the browser. 
‍

Examples include:

• Fake CAPTCHA / verification pages, such as the recent Clickfix technique, in which users themselves are fooled into executing malicious scripts under the guise of making needed repairs or modifications
• Remote technical support scams, also known as scareware
• Websites impersonating government agencies and well-known brands for nefarious purposes
• Clickjacking that attempts to manipulate a website user's activity by concealing hyperlinks beneath legitimate content
• Sophisticated phishing attacks leveraging advanced toolkits to evade traditional filters and multi-factor authentication (MFA) protections
• QR code phishing attempts

This enhanced security is delivered right inside the browser you already know, so there's no need for costly and time-consuming applications or clients. Security teams get improved threat prevention and richer threat intelligence while end users get a seamless browsing experience.
‍

‍

Here's how this powerful integration works in action:

1. Initial Analysis with HEAT Shield AI: When a user requests a web page, HEAT Shield AI performs an immediate analysis using computer vision, a Menlo AI model developed, and examines the heuristics of the DOM of the traffic.
2. Augmentation with Google Gemini: If the initial analysis doesn't provide a definitive verdict, the system sends a multimodal request to the Google Vertex AI Gemini API. This request includes a golden text prompt with specific instructions, page URL (sanitized to remove any query parameters), an image screenshot of the requested page, and a serialized XML DOM.
3. Advanced Classification: The Gemini AI model processes the prompt and attached artifacts, and returns a structured response, to classify the page with the highest possible accuracy. It returns a structured verdict: benign, fraudulent, or phishing.
4. Enforcement: Based on Gemini's verdict, the pre-configured HEAT Shield policy is enforced instantly, which can include logging the event or blocking the page entirely.

This entire process happens in milliseconds, ensuring real-time protection against even the most sophisticated attacks, from fake login pages to QR code phishing attempts. It provides a safe and seamless browsing experience for the end user while giving security teams peace of mind.

‍

Accelerating Enterprise Security with AI-powered Threat Intelligence

Beyond real-time protection, this integration also provides security teams with rich, AI-driven threat intelligence. By analyzing billions of web sessions annually, the combined technology generates detailed insights into evasive attacks that traditional tools often miss.

This visibility into attackers' tactics, techniques, and procedures (TTPs) is invaluable for security analysts and threat hunters. It can be integrated into existing SIEM or SOC platforms, empowering security teams to improve their incident response and stay one step ahead of the bad guys.

By leveraging the power of Google Gemini, Menlo Security has created a unique solution that is re-defining the relationship between security and the user's browser. This collaboration is a testament to how intelligent, cloud-driven integrations can continue to secure the enterprise workspace in a world of ever-evolving threats.

Secure the Browser, Defend the Enterprise

The integration of Menlo Security HEAT Shield AI and Google Gemini is a major step forward in browser security, directly confronting the growing threat of advanced phishing and social engineering attacks. Menlo Security HEAT Shield AI has long provided protection against these zero-hour phishing attacks by closing the security gap that traditional network security tools leave open.  With the integration of Google's Vertex AI Gemini models, Menlo and Google are taking threat prevention capabilities a significant step further. This new integration allows Menlo HEAT Shield AI to leverage the power of Gemini models to meet the AI-driven arms race head-on, delivering a new level of real-time, in-browser threat detection with even greater accuracy.

To learn more about how Menlo Security and Google have come together to meet this challenge head-on, visit our Press Release or and explore our solution page to learn about the technology.