TL;DR

AI is no longer just a productivity tool—it is a new attack surface. Business leaders must now defend against AI-powered phishing, deepfake social engineering, prompt injection, model theft, and data poisoning, while building governance frameworks that keep pace with adoption. Protecting your AI investments means treating models, training data, and AI agents as critical assets with their own security controls.

1. AI Is Changing the Threat Landscape

The shift from traditional software to AI-driven systems has introduced attacks that target the model itself, not just the infrastructure around it. Criminals can now generate highly convincing phishing emails at scale, clone voices and faces for fraud, trick AI agents into leaking data, and steal or corrupt the models your business relies on. For boards and executives, the question is no longer whether AI security matters, but whether your organisation has visibility into where AI is being used and what could go wrong.

The risks fall into two broad categories: attacks that use AI against your people and processes, and attacks that target your AI systems directly. Both can result in financial loss, regulatory exposure, and irreversible damage to customer trust.

2. AI-Powered Phishing and Deepfake Social Engineering

Generative AI has made phishing cheaper, faster, and harder to detect. Attackers use large language models to craft personalised emails in multiple languages, mimicking tone and context scraped from LinkedIn, company websites, and leaked data. Voice cloning tools can reproduce a CEO's speech patterns from a few seconds of audio, and video deepfakes are increasingly used in fraudulent wire-transfer requests and identity verification bypasses.

A 2024 report from cybersecurity vendor Egress found that AI-generated phishing emails were already bypassing traditional detection tools at high rates, while the FBI's Internet Crime Complaint Center has consistently reported business email compromise losses running into the billions annually. Real-world cases include finance staff tricked by deepfake video calls into authorising large transfers, and fraudsters using cloned voices to request emergency payments.

Practical recommendations

  • Deploy AI-aware email security such as Abnormal Security, Proofpoint, or Microsoft Defender with behavioural anomaly detection.
  • Require out-of-band verification for any payment, credential reset, or sensitive access request, regardless of how authentic the voice or video appears.
  • Train staff specifically on AI-generated social engineering, not just generic phishing awareness.
  • Add liveness detection and multi-factor identity verification for high-risk actions.

3. Prompt Injection and AI Agent Security

Prompt injection happens when an attacker embeds malicious instructions inside input data that an AI model processes. This can force a chatbot to reveal system prompts, bypass safety filters, or execute unintended actions. The risk escalates when AI agents are connected to real systems—email, calendars, databases, code repositories, or customer relationship management tools.

A widely discussed example is the indirect prompt injection attack, where malicious content hidden in a web page or document is retrieved by an AI agent and used to manipulate its behaviour. Researchers have demonstrated attacks where a browsing assistant is tricked into sending emails, leaking passwords, or running code. As organisations deploy autonomous agents that can act on behalf of users, the blast radius grows.

Practical recommendations

  • Isolate AI agents behind least-privilege access controls and never give them broad administrative permissions.
  • Use output validation and sandboxing so agents cannot take destructive actions without human approval.
  • Implement prompt filtering, input sanitisation, and system prompt hardening.
  • Monitor agent logs and behaviour for anomalous actions, just as you would for human users.
  • For custom applications, review resources like the OWASP Top 10 for Large Language Model Applications.

4. Model Theft and Intellectual Property Risks

AI models represent significant investment in data collection, training compute, and engineering expertise. Model theft can occur through insider exfiltration, cloud misconfiguration, or model extraction attacks, where an attacker repeatedly queries a deployed model to reconstruct a copy of it. Stolen models can be resold, used to build competing products, or reverse-engineered to expose weaknesses and training data.

In 2023 and 2024, researchers demonstrated that proprietary language and image models could be extracted through extensive API queries at a fraction of the original training cost. Trade secret law provides limited protection if the model weights are leaked or independently reproduced. For businesses building custom AI, the loss goes beyond the model itself: it can include embedded customer data, business logic, and competitive advantage.

Practical recommendations

  • Apply rate limiting, query logging, and anomaly detection to model APIs.
  • Use model watermarking and attribution techniques where appropriate.
  • Encrypt model weights at rest and in transit, and restrict access using role-based controls.
  • Include AI IP protections in employment and vendor contracts, with clear ownership and confidentiality terms.
  • Maintain an inventory of AI assets, including third-party models, fine-tuned variants, and training datasets.

5. Data Poisoning and Supply Chain Attacks

Data poisoning attacks corrupt the data used to train or fine-tune AI models, causing the model to behave incorrectly or produce biased, harmful, or exploitable outputs. This is especially dangerous when models are trained on scraped web data, open datasets, or user-generated content without rigorous validation. Backdoor attacks can make a model behave normally until a specific trigger appears, making detection difficult.

The supply chain risk extends to pre-trained models, third-party embeddings, and open-source libraries. A compromised model or dataset uploaded to a public repository can become a trusted dependency inside enterprise applications. Organisations using Retrieval-Augmented Generation (RAG) face additional poisoning risks if the documents fed into vector databases are tampered with.

Practical recommendations

  • Validate and sanitise all training data, with provenance tracking and version control.
  • Use adversarial testing, red-teaming, and output monitoring to detect anomalous model behaviour.
  • Pin model and dependency versions, scan for known vulnerabilities, and verify checksums.
  • Treat third-party AI services as part of your supply chain risk assessment.
  • Apply the MITRE ATLAS framework to map AI-specific threats and mitigations.

6. Governance Frameworks for AI Security

Technology controls are necessary but insufficient. Business leaders need governance that defines who owns AI risk, how models are approved, and what oversight applies before AI systems touch customer data or business-critical processes. Frameworks such as the NIST AI Risk Management Framework, the Australian Cyber Security Centre's guidance on secure AI, and ISO/IEC 42001 provide structured approaches to managing AI security, privacy, and reliability.

Key governance elements include an AI risk register, model inventory, acceptable-use policy, human-in-the-loop requirements for high-risk decisions, incident response playbooks tailored to AI, and regular red-teaming. Boards should receive clear reporting on AI risk posture just as they do for cybersecurity and financial risk.

Practical recommendations

  • Adopt the NIST AI RMF functions: govern, map, measure, and manage.
  • Assign an AI risk owner accountable for model inventory, risk assessments, and incident response.
  • Document AI use cases, data sources, model providers, and potential failure modes.
  • Establish a cross-functional review process involving security, legal, privacy, and domain experts.
  • Align AI governance with existing privacy, cyber, and procurement policies.

FAQ

Q: Is AI security really different from normal cybersecurity? A: Yes. Traditional cyber defences focus on networks, endpoints, and identities. AI introduces new targets: the model weights, training data, prompts, and agent behaviours. These require additional controls such as prompt filtering, model extraction protection, data provenance, and adversarial testing.

Q: How much should we budget for AI security? A: Costs vary by size and AI maturity, but organisations should plan for additional spend on model monitoring, agent governance, red-teaming, and staff training. As a rough guide, businesses already investing heavily in AI should allocate at least 10–20% of that AI budget to security and risk management, including tooling, specialist reviews, and ongoing assurance.

Q: Can small businesses be targeted for model theft or data poisoning? A: Yes. Smaller organisations often use third-party AI tools, fine-tuned models, or cloud APIs that can be misconfigured or overexposed. Attackers also target smaller vendors as a path into larger partners. Supply chain poisoning affects organisations of every size.

Q: What is the first step to improving AI security? A: Start with visibility. Create an inventory of where AI is used in your organisation, what data it touches, and who owns each use case. You cannot protect what you do not know exists.

Conclusion

AI is delivering real business value, but it is also expanding the attack surface in ways that most organisations are not yet prepared for. Leaders who treat AI security as a board-level issue—covering phishing, deepfakes, prompt injection, model theft, data poisoning, and governance—will protect both their investments and their reputation.

Start by mapping your AI footprint, hardening your highest-risk use cases, and giving someone clear accountability for AI risk. For Australian businesses ready to assess where they stand, visit consult.lil.business for a free cybersecurity assessment and a practical roadmap to secure your AI investments.

References

  1. NIST AI Risk Management Framework
  2. Australian Cyber Security Centre — Engaging with AI
  3. OWASP Top 10 for Large Language Model Applications
  4. MITRE ATLAS — Adversarial Threat Landscape for Artificial-Intelligence Systems

Verifier warning: verifier could not run (PluginLlmTrustError).

TL;DR

  • Some bad people use AI to pretend to be computer workers and get hired by companies
  • They use robot voices, fake photos, and computer-generated resumes
  • They don't actually do the work—they steal secrets
  • Companies need new ways to check if people are who they say they are

What's Happening?

Imagine this: Someone sends a job application to a company. They have a nice photo, a good resume, and they do great in the interview. The company hires them.

But there's a problem: That person doesn't really exist.

A group of bad people used AI (artificial intelligence) to create a fake person, trick the company, and get hired. Then they use their job to steal secrets and money.

This is happening RIGHT NOW with computer programming jobs.

Who's Doing This?

Microsoft (a really big computer company) found out that some people from North Korea are doing this [1]. They use special names:

  • Jasper Sleet
  • Coral Sleet (used to be called Storm-1877)

They're like teams of tricksters using computers to fake being workers.

How Do They Trick Companies?

Step 1: Creating a Fake Person

They use AI to make everything up:

  • Fake names - The computer suggests names that sound real
  • Fake photos - Computer-generated pictures that look like real people
  • Fake resumes - Computer-written work history that looks perfect for the job
  • Fake emails - Email addresses that match the fake name

It's like playing dress-up, but with computers instead of clothes.

Step 2: Tricking the Interview

When it's time for a video call, they use special tricks:

  • Robot voices - Computers that change their voice to sound like someone else
  • Chat helper - AI that helps them answer questions during the interview
  • Maybe pre-recorded videos - Sometimes they just play a video instead of talking live

The company thinks they're talking to a real person. But they're actually talking to a trickster using computer tools.

Step 3: Getting Hired (and Stealing)

Once they're "hired":

  • They get paid salary money (which goes to the bad people)
  • ️ They get access to company computers and secrets
  • They steal important information
  • They sell passwords or secrets to other bad people

They might do a little work—using AI to help them write computer code so they don't get caught. But the real goal is stealing, not working. [1]

Why Can't Companies Tell They're Fake?

Good question! Here's why regular background checks don't work:

  • Background check passes - Fake people have no criminal history because they don't exist!
  • References check - Fake references from computer-made people
  • Skills test passes - AI helps them answer technical questions
  • Looks normal on video - Computer voices and fake photos look real

It's like a really, really good costume.

Signs Someone Might Be Fake

Microsoft found some clues that can give away fake workers [1]:

Weird Things in Their Computer Code

  • Using emojis as checkmarks () inside code
  • Writing comments that sound like they're explaining themselves too much
  • Using way too many complicated words for simple things
  • Code that's more complicated than it needs to be

Weird Things About Their "Life"

  • Hardly any photos or posts on social media before a certain date
  • The same face shows up with slightly different names
  • Jobs or schools that are hard to check really exist
  • Generic stories that could be about anyone

Weird Things When Working

  • Working at strange hours
  • Asking for access to things they don't really need
  • Moving files around for no clear reason
  • Doing very little real work

How Companies Can Stay Safe

Good companies are fighting back with new rules:

Better Checking

  • Multiple video calls - Not just one interview, but lots of talking
  • Real work tests - Watch them actually do work, not just answer questions
  • Meeting in person - Sometimes you just have to see someone face-to-face
  • Checking their whole internet life - Seeing if they exist in more than one place online

Watching for Weird Stuff

  • Strange computer access - Looking at files they shouldn't need
  • Weird hours - Working at 3am when nobody else is awake
  • Moving data around - Sending files to places they shouldn't go

Being Extra Careful

  • Not giving too much power - Only giving access to what they really need
  • Checking on contractors too - Not just full-time workers, but anyone with access
  • Using computers to watch computers - AI helpers that look for fake workers

What Does This Mean for Us?

This might sound scary, but here's the good news:

Smart people are figuring this out - Companies like Microsoft are finding these tricks Better rules are being made - New ways to check if people are real Good AI is fighting bad AI - Using computer helpers to catch the tricksters

And for us regular people:

  • Learn about internet safety - Knowing tricks helps you avoid them
  • Build real relationships - Fake people can't do friendship or teamwork well
  • Ask questions - If something seems weird, it's okay to ask why

FAQ for Curious Kids

They try! But the fake people are really good at tricking. It's like when someone wears a really good Halloween costume—you can't tell who's underneath until they take it off.

Yes! Microsoft found thousands of fake accounts and stopped them [1]. But the bad people keep trying new tricks.

Maybe. That's why companies are being extra careful now. It's like locking doors—not because you expect burglars, but because you want to be safe.

No, AI is just a tool. Think of it like a hammer. You can use a hammer to build a birdhouse OR break a window. AI can help bad people do bad things, but it also helps good people catch them!

TELL A GROWNUP. Don't try to figure it out yourself. If someone online seems weird or too good to be true, that's a grownup problem to solve.

Remember

The internet has good people and bad people, just like the real world. The difference is:

  • Real world - You can see people's faces
  • Online world - People can hide who they really are

That's why we need to be extra careful and use smart rules to stay safe. ️

Want to learn more about staying safe online? Ask your parents or teachers about internet safety, or check out resources from CISA—they're the experts on keeping computers safe!

Sources

  1. Microsoft Security Blog. "AI as tradecraft: How threat actors operationalize AI." https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/

  2. Microsoft Security Blog. "Jasper Sleet: North Korean remote IT workers' evolving tactics to infiltrate organizations." https://www.microsoft.com/security/blog/2025/06/30/jasper-sleet-north-korean-remote-it-workers-evolving-tactics-to-infiltrate-organizations/

  3. CISA. "Cybersecurity for Kids." https://www.cisa.gov/news-events/news/cisa-launches-cybersecurity-awareness-month-kids

  4. FBI. "North Korean IT Workers Warning." https://www.fbi.gov/ic3/alertr/north-korean

Ready to strengthen your security?

Talk to lilMONSTER. We assess your risks, build the tools, and stay with you after the engagement ends. No clipboard-and-leave consulting.

Get a Free Consultation