TL;DR

AI-generated voice and video deepfakes have already caused documented business losses exceeding $25 million in single incidents, and the technology required to create them is now available for free or under $50/month. Business leaders must treat AI-enabled social engineering as a board-level risk: adopt out-of-band verification protocols, deploy deepfake detection tooling, and establish AI governance frameworks before—not after—an incident occurs.

The $25 Million Video Call: Deepfake Social Engineering Has Arrived

In February 2024, a finance employee at the multinational engineering firm Arup's Hong Kong office joined what appeared to be a routine video conference with the company's CFO and other senior colleagues. The faces and voices were convincing. The instructions were clear: authorize a series of wire transfers. The employee complied, transferring approximately HK$200 million (US$25.6 million) across 15 transactions before anyone realized every person on that call—except the victim—was a deepfake generated from publicly available corporate videos and audio recordings.

This was not an isolated event. In 2019, the CEO of a UK energy company received a phone call from what he believed was his parent company's German chief executive, instructing him to transfer €220,000 (US$243,000) to a Hungarian supplier. The voice was a synthetic clone. The CEO later described the deepfake voice as remarkably authentic—it matched the accent, the tone, and the rhythm of the real person perfectly.

The cost of entry for attackers has collapsed. Open-source voice cloning tools like XTTS and Coqui TTS can replicate someone's voice from as little as three seconds of audio scraped from a LinkedIn video, a podcast, or a conference recording. Video deepfake generation that once required Hollywood-grade budgets can now be produced on a consumer GPU in minutes. The question for business leaders is no longer whether your organization will be targeted—it is when, and whether your controls will hold.

Practical recommendation: Implement mandatory out-of-band verification for any financial transaction or credential change above a defined threshold. The instruction should come through a video call? Call the requester back on a number from your internal directory—not caller ID. This single control would have stopped both incidents above.

Beyond Voice Cloning: The Full Spectrum of AI-Enabled Fraud

Deepfake voice fraud dominates headlines, but the threat surface extends further:

Deepfake recruitment operations. In June 2024, the FBI warned that criminals were using deepfake video and stolen identities to apply for remote IT and programming positions. The goal: gain access to company networks, source code, and customer data through legitimate employment channels. The deepfakes were convincing enough to pass multiple rounds of video interviews, with candidates lip-syncing to AI-generated responses while someone else fed answers in real time.

Deepfake extortion. Attackers generate compromising synthetic images or video of executives, employees, or their family members, then threaten to release the material unless payment is made. The material never existed—it is entirely fabricated—but the social and reputational pressure is real, and victims have paid.

AI-enhanced phishing at scale. Large language models enable attackers to generate thousands of highly personalized, grammatically perfect phishing emails tailored to specific employees, scraped from their LinkedIn profiles, recent posts, and company announcements. The telltale signs of phishing—awkward phrasing, generic greetings, spelling errors—are gone. A 2024 IBM Security study found that AI-assisted phishing campaigns achieved significantly higher click-through rates than human-authored ones, while requiring a fraction of the time to produce.

Practical recommendation: Layer detection tools alongside human awareness training. Solutions from providers like Pindrop (voice authentication and deepfake detection for call centres), Reality Defender (real-time deepfake detection for video and audio), and Hive Moderation (AI-generated content classification) can flag synthetic media before it reaches decision-makers. Budget approximately AUD $15,000–$50,000 annually for mid-market deployments depending on integration scope.

Prompt Injection and AI Agent Security: The Threat Inside Your Tools

As businesses deploy AI assistants, autonomous agents, and LLM-powered customer service chatbots, a new attack vector has emerged that most organizations have never heard of: prompt injection.

Prompt injection is the AI equivalent of SQL injection. An attacker embeds hidden instructions in content that an AI system processes—a webpage, a PDF, an email body, or even an image caption. When the AI ingests that content, it follows the attacker's instructions instead of the user's. In a business context, this could mean: an AI assistant with access to internal documents leaking confidential data after reading a malicious email, an autonomous procurement agent ordering equipment from an attacker-controlled supplier after processing a poisoned catalogue entry, or a customer service chatbot being manipulated into offering unauthorized refunds or exposing account details.

The OWASP Top 10 for Large Language Model Applications ranks prompt injection as the number one security risk for LLM systems—above data poisoning, above supply chain vulnerabilities, above model theft. Yet most organizations deploying AI tools have zero controls in place for it.

Practical recommendation: Treat any AI system that processes untrusted input (emails, web content, customer messages, uploaded files) as a high-risk integration. Implement strict permission boundaries so that even if an AI agent is compromised via prompt injection, it cannot execute financial transactions, access systems beyond its task scope, or exfiltrate data. Never grant AI agents standing administrative privileges. Segment their access as aggressively as you would a contractor's.

Model Theft and Intellectual Property Risk

When you feed proprietary data, customer records, or trade secrets into a third-party AI platform, where does that data go? Model theft and data leakage represent an underappreciated category of AI risk. Attackers can extract training data from models through carefully crafted queries—a technique called model inversion. They can clone proprietary models by observing their outputs. And in some cases, the AI provider itself may retain and reuse your inputs.

Samsung learned this the hard way in 2023 when engineers pasted proprietary source code and internal meeting notes into ChatGPT, inadvertently exposing confidential intellectual property to OpenAI's systems. The company subsequently banned the use of consumer generative AI tools across all divisions.

Practical recommendation: Establish a data classification policy for AI tools before deployment. Proprietary source code, customer PII, financial data, and strategic plans should never be processed through consumer-grade AI services. Negotiate enterprise agreements with zero data retention clauses, or deploy models on infrastructure you control.

The Governance Framework: What Business Leaders Actually Need

Technology controls alone will not prevent AI-enabled attacks. Organizations need governance frameworks that address AI risk at the board level. The NIST AI Risk Management Framework (AI RMF) provides a practical foundation organized around four functions: Govern, Map, Measure, and Manage. The Australian Cyber Security Centre (ACSC) has also published guidance on the secure deployment of AI systems specifically for Australian organizations.

A minimum viable AI governance programme should include:

  1. An AI usage policy defining what tools are approved, what data may be processed, and who is accountable.
  2. Out-of-band verification protocols for financial transactions, credential changes, and executive communications—designed specifically to counter deepfake social engineering.
  3. Incident response playbooks that account for deepfake extortion, AI-assisted phishing, and prompt injection—not just traditional malware and ransomware.
  4. Employee awareness training updated to include AI-specific threats: voice cloning, synthetic video, and the reality that "I saw them on a video call" is no longer proof of identity.
  5. Vendor risk assessments for any AI tool that processes company data, evaluating data retention, model training practices, and breach notification terms.

The cost of implementing these controls is modest compared to the alternative. A single deepfake CEO fraud incident can exceed AUD $500,000 in losses; the 2024 IBM Cost of a Data Breach Report pegged the average breach at AUD $5.9 million globally.

FAQ

Can deepfake detection tools reliably identify AI-generated voice and video? Current detection tools from providers like Pindrop and Reality Defender achieve 85–95% accuracy on known deepfake variants. However, this is an arms race—each generation of detection tools triggers new evasion techniques. Detection should complement, not replace, out-of-band verification and human judgement. Never rely on detection alone to authorize a financial transaction.

How much audio does an attacker need to clone someone's voice? As little as three seconds of clean audio can produce a passable clone using open-source tools. Professional-grade cloning requires 30 seconds to a minute for near-indistinguishable results. Given that executives regularly post video content, speak at conferences, and appear in corporate promotional material, most business leaders already have sufficient source material publicly available online.

What should we do if an employee reports a suspected deepfake extortion attempt? Do not pay. Treat it as a security incident: preserve all communications, notify law enforcement (in Australia, report to ReportCyber at cyber.gov.au), engage your incident response team, and verify whether any actual compromising material exists. In the vast majority of cases, the material is entirely synthetic and no real footage exists. Paying marks the organization as a willing target for repeated attempts.

Is our customer service chatbot vulnerable to prompt injection? If your chatbot processes user-supplied text, images, or documents and has any access to internal systems (databases, APIs, file storage, transaction capabilities), then yes—it is vulnerable. Conduct a prompt injection penetration test: have a security professional attempt to override the system instructions, extract training data, or trigger unauthorized actions. The results are often sobering.

Conclusion

AI has fundamentally changed the economics of social engineering. What once required a skilled human operator crafting bespoke attacks can now be automated, personalized, and scaled with tools that are free or nearly free. The $25 million Arup incident is not a worst-case scenario—it is an early signal of what is coming as the technology improves and proliferates.

The organizations that weather this shift will be the ones that treat AI-enabled fraud as an operational risk requiring specific controls, not a hypothetical concern for the IT team to monitor. Start with out-of-band verification for financial transactions. Add deepfake awareness to your security training. Establish an AI usage policy before your employees adopt tools on their own. And build prompt injection testing into your security assessments.

Visit consult.lil.business for a free cybersecurity assessment. We will evaluate your organization's exposure to AI-enabled social engineering, review your AI tool usage and governance posture, and provide a prioritized roadmap of controls—backed by real-world threat intelligence and tailored to your industry.

References

  1. NIST AI Risk Management Framework (AI RMF 1.0) — The US National Institute of Standards and Technology framework for managing AI-related risks across the Govern, Map, Measure, and Manage functions.
  2. OWASP Top 10 for Large Language Model Applications — The Open Worldwide Application Security Project's ranked list of critical security risks for LLM-powered systems, with prompt injection ranked as the number one threat.
  3. IBM Cost of a Data Breach Report — Annual benchmark study quantifying the financial impact of data breaches across industries, including the rising cost of AI-assisted attacks.
  4. Sumsub Fraud Report 2024 — Industry analysis of fraud trends including the surge in deepfake-enabled identity fraud and synthetic media abuse across regulated industries.
  5. Mandiant: Deepfake Disinformation Research — Threat intelligence analysis of state-sponsored deepfake campaigns and the operational techniques used to create and distribute synthetic media at scale.

Verifier warning: verifier could not run (PluginLlmTrustError).

Your Work Phone Just Became an Unlocked Door — How to Check if It's Been Fixed

Explained Like You're 10

TL;DR

  • Google just fixed 129 security holes in Android phones — including one that hackers are already using right now [1]
  • If your staff use Android phones to check work email or access business systems, an unpatched phone is like leaving the back door to your business unlocked
  • Checking and fixing this takes about 2 minutes per phone

The Hole in Your Phone

Imagine every phone has thousands of tiny windows. Most are nailed shut. Every so often, someone finds a window that isn't — and before it gets fixed, they can squeeze through it to get inside.

That's what a security vulnerability is.

In March 2026, Google found — and fixed — 129 of these unlocked windows in Android phones [1]. That's a lot at once.

Two of them are the most serious:

The one already being used by hackers: There's a flaw in the graphics chip used by many Android phones (made by a company called Qualcomm). Hackers have already figured out how to use this flaw to get inside certain phones [1][2]. Google has confirmed real attacks are happening right now.

The one that needs no tapping or clicking: There's a second flaw so serious that a hacker could break into a phone just because it's connected to the internet — no dodgy link, no suspicious attachment, nothing. Just "phone exists on the internet, phone gets hacked" [1].

Why Your Work Phone Is Your Business's Problem

Here is the part that surprises a lot of business owners.

When Sarah from your team uses her personal Android phone to check her work email or log into your accounting software — her phone is now a door into your business.

It's like if your staff member kept the office Wi-Fi password on a sticky note in their wallet. If someone steals the wallet, they can get into your office. In the same way, if a hacker gets into a phone that's logged into your business systems, they can reach your business data.

Most businesses are really careful about keeping their office computers updated. Very few think about the phones.

The 2-Minute Check

Here is how to check if any phone is protected.

On any Android phone:

  1. Open Settings
  2. Scroll down to About Phone
  3. Tap Android Version (or Software Information on Samsung)
  4. Look for Android Security Patch Level

If the date shown is March 2026 or later — protected.

If it shows February 2026 or earlier — still at risk. (Update needed)

How to Update

On Android: Settings → System → System Update → Check for Updates

If an update is available, install it. Takes 10–15 minutes and a restart.

If no update is available yet: Some phone brands are slower to release Google's patches. If a work phone can't get the March update and it has access to your business systems — it's worth temporarily removing that access until it can be updated. This sounds strict, but it's the same thinking as "don't leave the front door unlocked just because the locksmith is busy."

The Bigger Picture for Your Business

Your business probably has a rule about keeping computers updated. This month is a good reminder that phones need the same treatment.

Here's a simple rule that works well for small businesses:

If a device accesses business systems, it needs to be running the latest security update — or it doesn't get access.

You don't need expensive software for this. You just need to check once a month, the same way you might check the locks before you leave the office.

The Australian Signals Directorate (Australia's cyber safety agency) consistently highlights outdated mobile software as one of the most common ways businesses get compromised [4].

FAQ

If your phone manufacturer has stopped releasing security updates (usually after 3–5 years for most brands), your phone will never get this fix. If that phone is accessing your business email or systems, consider replacing it — or using a different device for business that can receive updates. Google Pixel phones receive 7 years of updates now, which makes them a solid business choice.

No — this is specific to Android phones. iPhones have their own separate security updates, which Apple releases quickly. The same principle applies though: keep your iPhone updated too.

Focus on the ones that access the most sensitive systems first — whoever handles finance, customer data, or admin access. A quick message asking them to screenshot their security patch level screen takes 5 minutes for your whole team.

It's not that Android suddenly became a lot more vulnerable — it's that Google bunches up patches and releases them monthly. Some of these fixes were in development for months. The number looks scary but most are low-severity issues that would be hard to exploit in practice. The two we highlighted are the ones that genuinely need urgent attention.

Once a month is enough. Google releases security updates monthly. Set a reminder on the first Monday of each month to quickly confirm all work-accessed devices are current.

References

[1] Google, "Android Security Bulletin—March 2026," Android Open Source Project, Mar. 2026. [Online]. Available: https://source.android.com/docs/security/bulletin/2026/2026-03-01

[2] The Hacker News, "Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited," The Hacker News, Mar. 3, 2026. [Online]. Available: https://thehackernews.com/2026/03/google-confirms-cve-2026-21385-in.html

[3] Qualcomm, "March 2026 Security Bulletin," Qualcomm Technologies, Mar. 2026. [Online]. Available: https://docs.qualcomm.com/securitybulletin/march-2026-bulletin.html

[4] Australian Signals Directorate, "ASD Annual Cyber Threat Report 2023-24," Australian Signals Directorate, 2024. [Online]. Available: https://www.cyber.gov.au/about-us/view-all-content/reports-and-statistics/asd-cyber-threat-report-july-2023-june-2024

[5] NIST, "SP 800-124 Rev. 2: Guidelines for Managing the Security of Mobile Devices in the Enterprise," National Institute of Standards and Technology, 2023. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/800-124/rev-2/final

[6] CISA, "Mobile Device Best Practices," Cybersecurity and Infrastructure Security Agency, 2024. [Online]. Available: https://www.cisa.gov/resources-tools/resources/mobile-device-best-practices

[7] IBM Security, "Cost of a Data Breach Report 2025," IBM, 2025. [Online]. Available: https://www.ibm.com/reports/data-breach

[8] Verizon, "2025 Data Breach Investigations Report," Verizon Business, 2025. [Online]. Available: https://www.verizon.com/business/resources/reports/dbir/

Want someone to check whether your business's phones and devices are properly secured? Book a free 30-minute review with lilMONSTER — we'll look at what's accessible and give you a simple checklist to fix the gaps.

Ready to strengthen your security?

Talk to lilMONSTER. We assess your risks, build the tools, and stay with you after the engagement ends. No clipboard-and-leave consulting.

Get a Free Consultation