13 ways attackers use generative AI to exploit your systems
13 ways attackers use generative AI to exploit your systems
Publish Date: 2026-02-23 03:00:00
Source Domain: www.csoonline.com
“AI can defeat CAPTCHA systems and analyse voice biometrics to compromise authentication,” according to cybersecurity vendor Dispersive. “This capability underscores the need for organizations to adopt more advanced, layered security measures.”
Leveraging deepfakes for social engineering
AI-generated deepfakes are being abused to exploit channels many employees more implicitly trust, such as voice and video, instead of relying on less convincing email-based attacks.
The problem is becoming more severe with the wider availability of AI technologies capable of creating more convincing deepfakes, according to Alex Lisle, CTO of deepfake detection platform Reality Defender.
“There was a recent case involving a cybersecurity company that relied on visual verification for credential resets,” Lisle says. “Their process required a manager to join a Zoom call with IT to confirm an employee’s identity before a password reset.”
Lisle explains: “Attackers are now leveraging deepfakes to impersonate those managers on live video calls to authorize these resets.”
In the most high-profile example to date, a finance worker at design and engineering company Arup was tricked into authorizing a fraudulent HK$200 million ($25.6 million) transaction after attending a videoconference call during which fraudsters used deepfake technology to impersonate its UK-based CFO.
Impersonating brands in malicious ad campaigns
Cybercriminals have begun using gen AI tools to deliver brand impersonation campaigns delivered via ads and content platforms, rather than traditional phishing or malware.
“Attackers now use gen AI to mass-produce realistic ad copy, creatives, and fake support pages, then distribute them across search ads, social ads, and AI-generated content, targeting high-intent queries like ‘brand login’ or ‘brand support,’” explains Shlomi Beer, co-founder and CEO at ImpersonAlly, a security startup that specializes in…
