Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

OpenAI, the people behind ChatGPT, have launched an updated AI video- and audio-generation system with fascinating, and terrifying, implications for the spread of deepfakes.

The conversation about AI in cybersecurity is missing the point. While the industry has been focused on the emergence of AI-generated phishing emails, perhaps a far more profound shift has been somewhat ignored. Your workforce is no longer just human. It's a hybrid team of people, AI agents, copilots, assistants and digital partners. This creates a new and complex attack surface. The next great security challenge isn't just protecting a human from a machine.

Fighting voice-based phishing needs to be a big part of your human risk management (HRM) plan. KnowBe4 and the HRM industry have been warning about voice-based social engineering and phishing for decades. Some of the biggest and most notable hacks have long been based on it. Stories have often been told of brazen calls that resulted in big hacks.

Employees who multitask are significantly more vulnerable to phishing attacks, according to a study from the University at Albany published in the European Journal of Information Systems. “In real-world settings, users are frequently engaged in other digital tasks when a suspicious message appears, requiring them to momentarily interrupt their workflow,” the researchers write.

If you’re wondering what keeps business leaders up at night, the latest Aon Global Risk Management Survey has a clear answer: cyber attacks and data breaches. Once again, they top the list as the risk to organizations worldwide — and the problem isn’t getting any smaller. In fact, Aon’s Cyber Risk Report shows incidents jumped 22% in 2025 alone.

The cybersecurity landscape is undergoing its most dramatic transformation since the dawn of the internet. AI has become integral to business operations. Goldman Sachs estimates that agentic AI/AI agents will account for approximately 60% of software market value by 2030, and Gartner predicts that 40% of enterprise applications will integrate task-specific AI agents by 2026, up from less than 5% today.

Microsoft warns that a recent phishing campaign used AI technology to obfuscate its payload and evade security filters. “Appearing to be aided by a large language model (LLM), the activity obfuscated its behavior within an SVG file, leveraging business terminology and a synthetic structure to disguise its malicious intent,” the researchers write.

A new report has found that nearly 40% of security leaders believe their organizations are least prepared for phishing and other social engineering attacks, Help Net Security reports. According to the report from VikingCloud, these concerns are driven by the increasing use of AI tools to assist in cyberattacks. “Generative or agentic AI-driven phishing attacks (51%) are leadership teams’ top concern when it comes to new cyberattack techniques,” the report says.

A survey by Gartner found that 62% of organizations have been hit by a deepfake attack in the past twelve months, Infosecurity Magazine reports. Akif Khan, senior director at Gartner Research, told Infosecurity Magazine that deepfakes are currently being used in social engineering attacks to impersonate executives and trick employees into transferring money. “That’s trickier because social engineering is a perpetually reliable thing for attackers to use,” Khan said.

In our previous blog post, we discussed the behavioral science behind why people click on malicious links. So far in this series, we’ve established that our old security playbooks are broken and that we’re dealing with the complex psychology of the human brain. Trying to tackle that all at once can feel like herding cats. What we need is a simple, memorable mental map to bring structure to the chaos. Let’s go DEEP.