Featured
Cyber Security
Enterprises At Risk: Matt Psencik Explains How AI Is Transforming The Cyberattack Landscape
Share
Since OpenAI’s ChatGPT launched in late 2022, generative AI (GenAI) has gone mainstream, with innovation accelerating far beyond natural language prompting. Tools like OpenAI’s Sora, Meta’s Movie Gen and Google’s Veo 3 generate hyper-realistic videos with object permanence, realistic physics and overall visual fidelity, blurring the line between “clearly AI-generated” and “convincingly real.” This creative leap underscores how quickly technology advances – but also how dangerous it can be when in the wrong hands.
Last year, global engineering firm Arup learned this firsthand when attackers used an AI-generated deepfake impersonating its CFO to steal $25 million from the organization. It’s a stark reminder that as GenAI evolves, businesses are at higher risk of sophisticated social engineering attacks, and our long-standing security verification methods aren’t enough to keep them safe.
How can enterprises prepare for AI-powered attacks that can so easily replicate human behavior in 2026? The answer comes down to data integrity and closing the readiness gap.
Attackers use hyper-realistic video generation, whether of public figures or familiar faces, to manipulate trust and create a false sense of urgency, pushing victims to share sensitive information or complete financial transactions. A Forrester study found that creating deepfakes is very simple; it only takes 10 minutes and $10-20 using an online deepfake generation service, and most don’t require any coding knowledge.
But deepfakes are just one example of AI-powered deception: phishing campaigns, identity theft and misinformation are all accelerated with access to AI. Threat actors can generate highly realistic, personalized content at scale. That same Forrester study also reported that when looking at a set of content, only 21.6% of individuals could identify the synthetic media correctly. AI-powered bots flood social media networks with disinformation and propaganda (and alarmingly, most users can’t tell the difference).
With faster attack cycles comes rapid exploitation of vulnerabilities, which can come at the hands of executives or employees alike. Because AI-generated content can impersonate individuals with near-perfect accuracy, traditional verification methods, like biometric authentication, are threatened. In a world where attackers can mimic legitimate behavior, enterprises need to ensure visibility and accuracy at every turn. That’s where real-time data becomes an organization’s biggest defense mechanism.
From powering real-time data loss prevention, to enforcing access policies, to accelerating decisions and outcomes with trustworthy real-time intelligence and automation, a wide range of AI is transforming how cyber experts support their security programs. Fighting (bad) AI with (good) AI is key, but its effectiveness depends on the data good AI is trained on. Ensuring that data is accurate, timely and protected from threat actor interference, such as a data poisoning attack, will make it a boon to defenses, not a distraction or another attack vector.
Unlike defenders, attackers are less concerned with the accuracy and integrity of their AI outputs. This puts additional strain on defenders: when models are fed on incomplete or stale data, they can miss emerging threats, generate incorrect assumptions or create blind spots.
Since AI is reflective, not inherently intelligent, it can’t intuitively adapt to new, quick-moving attack patterns or evolving social engineering tactics. It needs to be fed with consistent, reliable and real-time telemetry from across endpoints, users and networks to understand what “normal” looks like. Continuous validation and data collection of that telemetry data ensures that AI systems aren’t reliant on outdated signals, which is particularly important as attackers use AI to accelerate and scale their operations. Only by continuously feeding AI with real-time data can security teams keep AI-driven defenses resilient, responsive and precise in an evolving threat environment.
The attack surface is evolving from just exploiting systems to exploiting human trust. Organizations continue to invest a lot of time and money into monitoring their corporate assets, but too many ignore the personal devices that employees use to reach critical business systems. For example, if someone logs into Slack from a personal laptop that’s running a keylogger or malicious browser extension, then sensitive company information can be accessed without the organization ever finding out. Without controls in place to limit access to corporate-managed devices and without the visibility from tools like endpoint detection and response and data loss prevention, security teams remain unaware of the risks posed to their organization.
Testing and validation control need to have a larger role in security defenses. Right now, there’s an illusion of safety that comes with having standard security tools in place that just follow compliance exercises or audits. Tripwires, alarms and workflows that haven’t been tested often fail when they’re needed the most. They become a critical weakness in an accelerated threat landscape. Testing those systems end-to-end and ensuring that employees can abide by processes under duress should be a priority for security teams.
Building security readiness comes from a few key pillars: AI literacy, data discipline, real-time visibility and continuous validation. Together, these create an informed, flexible and trustworthy foundation for security.
But readiness is not one and done; it’s continuously evolving. As AI systems evolve, so do threat vectors and the attack surface, requiring constant re-evaluation of how defenses perform. Continuous validation of endpoint data ensures that security controls, detection models and response workflows function as intended under real-world conditions. Treating validation as an ongoing discipline is essential to AI-powered defenses.
GenAI has blurred reality itself, and the cybersecurity community must adapt to stay ahead of the curve. As AI continues to evolve, enterprises that succeed are the ones that question their defenses before threat actors have the chance to do so.
Last year, global engineering firm Arup learned this firsthand when attackers used an AI-generated deepfake impersonating its CFO to steal $25 million from the organization. It’s a stark reminder that as GenAI evolves, businesses are at higher risk of sophisticated social engineering attacks, and our long-standing security verification methods aren’t enough to keep them safe.
How can enterprises prepare for AI-powered attacks that can so easily replicate human behavior in 2026? The answer comes down to data integrity and closing the readiness gap.
How Attackers Weaponize AI
Attackers use hyper-realistic video generation, whether of public figures or familiar faces, to manipulate trust and create a false sense of urgency, pushing victims to share sensitive information or complete financial transactions. A Forrester study found that creating deepfakes is very simple; it only takes 10 minutes and $10-20 using an online deepfake generation service, and most don’t require any coding knowledge.
But deepfakes are just one example of AI-powered deception: phishing campaigns, identity theft and misinformation are all accelerated with access to AI. Threat actors can generate highly realistic, personalized content at scale. That same Forrester study also reported that when looking at a set of content, only 21.6% of individuals could identify the synthetic media correctly. AI-powered bots flood social media networks with disinformation and propaganda (and alarmingly, most users can’t tell the difference).
With faster attack cycles comes rapid exploitation of vulnerabilities, which can come at the hands of executives or employees alike. Because AI-generated content can impersonate individuals with near-perfect accuracy, traditional verification methods, like biometric authentication, are threatened. In a world where attackers can mimic legitimate behavior, enterprises need to ensure visibility and accuracy at every turn. That’s where real-time data becomes an organization’s biggest defense mechanism.
Prioritizing Data Integrity
From powering real-time data loss prevention, to enforcing access policies, to accelerating decisions and outcomes with trustworthy real-time intelligence and automation, a wide range of AI is transforming how cyber experts support their security programs. Fighting (bad) AI with (good) AI is key, but its effectiveness depends on the data good AI is trained on. Ensuring that data is accurate, timely and protected from threat actor interference, such as a data poisoning attack, will make it a boon to defenses, not a distraction or another attack vector.
Unlike defenders, attackers are less concerned with the accuracy and integrity of their AI outputs. This puts additional strain on defenders: when models are fed on incomplete or stale data, they can miss emerging threats, generate incorrect assumptions or create blind spots.
Since AI is reflective, not inherently intelligent, it can’t intuitively adapt to new, quick-moving attack patterns or evolving social engineering tactics. It needs to be fed with consistent, reliable and real-time telemetry from across endpoints, users and networks to understand what “normal” looks like. Continuous validation and data collection of that telemetry data ensures that AI systems aren’t reliant on outdated signals, which is particularly important as attackers use AI to accelerate and scale their operations. Only by continuously feeding AI with real-time data can security teams keep AI-driven defenses resilient, responsive and precise in an evolving threat environment.
Bridging The Readiness Gap
The attack surface is evolving from just exploiting systems to exploiting human trust. Organizations continue to invest a lot of time and money into monitoring their corporate assets, but too many ignore the personal devices that employees use to reach critical business systems. For example, if someone logs into Slack from a personal laptop that’s running a keylogger or malicious browser extension, then sensitive company information can be accessed without the organization ever finding out. Without controls in place to limit access to corporate-managed devices and without the visibility from tools like endpoint detection and response and data loss prevention, security teams remain unaware of the risks posed to their organization.
Testing and validation control need to have a larger role in security defenses. Right now, there’s an illusion of safety that comes with having standard security tools in place that just follow compliance exercises or audits. Tripwires, alarms and workflows that haven’t been tested often fail when they’re needed the most. They become a critical weakness in an accelerated threat landscape. Testing those systems end-to-end and ensuring that employees can abide by processes under duress should be a priority for security teams.
Building security readiness comes from a few key pillars: AI literacy, data discipline, real-time visibility and continuous validation. Together, these create an informed, flexible and trustworthy foundation for security.
But readiness is not one and done; it’s continuously evolving. As AI systems evolve, so do threat vectors and the attack surface, requiring constant re-evaluation of how defenses perform. Continuous validation of endpoint data ensures that security controls, detection models and response workflows function as intended under real-world conditions. Treating validation as an ongoing discipline is essential to AI-powered defenses.
GenAI has blurred reality itself, and the cybersecurity community must adapt to stay ahead of the curve. As AI continues to evolve, enterprises that succeed are the ones that question their defenses before threat actors have the chance to do so.
Fri, Jan 23, 2026
Liked what you read? That’s only the tip of the tech iceberg!
Explore our vast collection of tech articles including introductory guides, product reviews, trends and more, stay up to date with the latest news, relish thought-provoking interviews and the hottest AI blogs, and tickle your funny bone with hilarious tech memes!
Plus, get access to branded insights from industry-leading global brands through informative white papers, engaging case studies, in-depth reports, enlightening videos and exciting events and webinars.
Dive into TechDogs' treasure trove today and Know Your World of technology like never before!
Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. While we aim to provide valuable and helpful information, some content on TechDogs' site may not have been thoroughly reviewed for every detail or aspect. We encourage users to verify any information independently where necessary.
Trending C-Suite Scoops
Where Technology Is Headed In 2026: A Unified, Intelligent Platform Future
The Transformative Power Of AI On The Edge
Scaling AI Beyond Tools: Why Operating DNA Matters, Insights From Dell Technologies CTO Deepak Waghmare
Language, Relevancy And Personalization: How To Build Trust In Banking Comms
How CIOs Can Lead The Charge On AI, Data, And Business Innovation
Join Our Newsletter
Get weekly news, engaging articles, and career tips-all free!
By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.
Join The Discussion