IEEE Senior Member, Kayne McGladrey said that “AI-generated phishing removes all the traditional warning signs that training programs teach people to look for.” Typical training tells people to watch for bad grammar, weird formatting or implausible scenarios. “However, AI can now create emails that are grammatically perfect, properly formatted and believable. It can even personalize attacks using information scraped from social media or data breaches.”
Today’s cybersecurity landscape has reached a critical inflection point. Cyber Risk programs that focus on isolated technical flaws do not adequately protect businesses against today’s complex threats. Treating cyber threats as business risks—measured by impact on revenue, regulatory exposure, and operational continuity—creates a decision framework that executives can act on. This shift moves security from a compliance checkbox to a strategic lever that influences budget allocation and risk appetite.
When third-party AI vendors experience security breaches or compliance violations, the impact cascades through their supply chain and customers. A single vendor incident can compromise dozens of organizations simultaneously. The interconnected nature of AI supply chains means vulnerabilities propagate through multiple ecosystem layers.
That’s an excellent point. Hyperproof CISO in residence Kayne McGladrey observed, “The zero trust concept itself isn’t broken – it’s more about how it’s being implemented in practice.”
Kayne McGladrey, CISO in residence at Hyperproof, added that intellectual property theft is another risk for organizations, as a malicious actor may seek to access a digital twin to find a way to gain a competitive advantage over another company.
In the following Q&A, I discuss these and other issues with Kayne McGladrey, IEEE senior member and field CISO at Hyperproof, who has more than 20 years of experience in building effective cybersecurity programs for organizations of all types, including Fortune 500 and Global 100 companies. But today Kayne is keen on water, addressing the developments, needs, and requirements regarding cybersecurity for those who steward the nation’s critical infrastructure.
As far as attacks by state espionage services, McGladrey said airlines aren’t the only target within the travel industry. An attack on the reservation system of Marriott’s Starwood brands in 2018, which exposed nearly 500 million customer records, is believed to have been perpetrated by China. Generally, espionage attacks aren’t geared toward credit card fraud and personal account takeovers the way criminal cyberattacks can be, McGladrey said, but there’s always a chance a government hacker will moonlight on the dark web.
The privacy risks associated with agentic AI are orders of magnitude greater than those we encounter today.
“Agentic AI requires comprehensive data integration that’s fundamentally different from today’s siloed approach, meaning the risk multiplies instead of simply adding up,” IEEE Senior Member Kayne McGladrey said.
Learn AI vendor risk management from my interview at BlackHat 2025. CISO guidance on AI standards, governance, and compliance strategies.
AI integration is one of the most significant breakthroughs changing cybersecurity in 2025. What are some of the advantages and challenges?
“Agentic AI requires comprehensive data integration that’s fundamentally different from today’s siloed approach, meaning the risk multiplies instead of simply adding up,” IEEE Senior Member Kayne McGladrey said.
The current crop of consumer algorithms processes data for specific purposes, and they usually ask for permission.
“Agentic AI proactively gathers information across multiple domains and makes autonomous decisions about how to use it,” McGladrey said. “Today’s systems typically require user approval for actions, but agentic AI is designed to operate independently with minimal human oversight, creating new categories of liability exposure.”
“Because the attack blends in with just normal, legitimate activity, it’s quite hard to detect what’s unusual and what’s atypical,” Kayne McGladrey, a senior member of the Institute of Electrical and Electronics Engineers, told Axios.