Blog

“I’ve seen working concepts where the AI will get tricked into not only finding the wrong object, but getting the credit card information from you and sending that credit card information off to whoever’s hosting the fake scam object, and taking your bank account and collecting those credentials too, because it’s got access to all of that,” McGladrey said.

“While there’s no real regulation for cloud providers in the U.S., IEEE Senior Member Kayne McGladrey noted that the European Union does have rules on the books under the Digital Operational Resilience Act (DORA), which directly regulates cloud providers serving financial entities in the EU and their ICT providers.”

IEEE Senior Member, Kayne McGladrey said that “AI-generated phishing removes all the traditional warning signs that training programs teach people to look for.” Typical training tells people to watch for bad grammar, weird formatting or implausible scenarios. “However, AI can now create emails that are grammatically perfect, properly formatted and believable. It can even personalize attacks using information scraped from social media or data breaches.”

Today’s cybersecurity landscape has reached a critical inflection point. Cyber Risk programs that focus on isolated technical flaws do not adequately protect businesses against today’s complex threats. Treating cyber threats as business risks—measured by impact on revenue, regulatory exposure, and operational continuity—creates a decision framework that executives can act on. This shift moves security from a compliance checkbox to a strategic lever that influences budget allocation and risk appetite.

When third-party AI vendors experience security breaches or compliance violations, the impact cascades through their supply chain and customers. A single vendor incident can compromise dozens of organizations simultaneously. The interconnected nature of AI supply chains means vulnerabilities propagate through multiple ecosystem layers.

That’s an excellent point. Hyperproof CISO in residence Kayne McGladrey observed, “The zero trust concept itself isn’t broken – it’s more about how it’s being implemented in practice.”

Kayne McGladrey, CISO in residence at Hyperproof, added that intellectual property theft is another risk for organizations, as a malicious actor may seek to access a digital twin to find a way to gain a competitive advantage over another company.

In the following Q&A, I discuss these and other issues with Kayne McGladrey, IEEE senior member and field CISO at Hyperproof, who has more than 20 years of experience in building effective cybersecurity programs for organizations of all types, including Fortune 500 and Global 100 companies. But today Kayne is keen on water, addressing the developments, needs, and requirements regarding cybersecurity for those who steward the nation’s critical infrastructure.

As far as attacks by state espionage services, McGladrey said airlines aren’t the only target within the travel industry. An attack on the reservation system of Marriott’s Starwood brands in 2018, which exposed nearly 500 million customer records, is believed to have been perpetrated by China. Generally, espionage attacks aren’t geared toward credit card fraud and personal account takeovers the way criminal cyberattacks can be, McGladrey said, but there’s always a chance a government hacker will moonlight on the dark web.

The privacy risks associated with agentic AI are orders of magnitude greater than those we encounter today.

“Agentic AI requires comprehensive data integration that’s fundamentally different from today’s siloed approach, meaning the risk multiplies instead of simply adding up,” IEEE Senior Member Kayne McGladrey said.