#245: Trust Under Pressure
Cybersecurity, Deepfakes, and the New Human Firewall
Trust has always been one of the invisible foundations of cybersecurity. Every email opened, every password entered, and every file shared depends on a basic assumption that the system, person, or message involved is genuine. For decades, cybercriminals relied on simple deception techniques such as fake websites, phishing emails, and malware disguised as useful software. However, the rise of artificial intelligence has transformed the scale and sophistication of cyberattacks.
Today, attackers can generate convincing voices, realistic videos, believable writing, and automated phishing campaigns in minutes. Deepfake technology and AI-enhanced scams are forcing organisations to rethink how trust operates in the digital world. Employees are no longer only defending against malicious software; they are defending against synthetic identities and manipulated reality.
This crisis has led many cybersecurity professionals to adopt new defensive models, particularly zero trust architecture. Instead of assuming that users or systems are trustworthy once they are inside a network, zero trust treats every request as potentially hostile until verified. The same principles are now being applied to artificial intelligence systems themselves.
At the same time, many organisations still struggle with one major weakness: human behaviour. Technical security tools can block many attacks, but employees without training remain vulnerable to manipulation. Non-specialist workers are increasingly becoming the primary targets of AI-powered attacks because they are often the easiest path into an organisation.
The future of cybersecurity will therefore depend on rebuilding trust carefully, verifying identity continuously, and teaching ordinary users how to recognise increasingly advanced threats.
Stay ahead of evolving threats: Get Dark Reading's expert cybersecurity intelligence delivered daily
Arm yourself with actionable threat intelligence, critical vulnerability alerts, and expert analysis delivered daily. Dark Reading’s award-winning team provides the insights you need to strengthen defenses and expand your cybersecurity expertise.
The Dark Reading daily newsletter covers:
• Real-world incident analysis and breach post-mortems with tactical takeaways
• Emerging attack techniques, exploit trends, and adversary TTPs
• Practical defense strategies for ransomware, supply chain attacks, and insider threats
• Strategic insights from security leaders on AI security, zero trust, and cloud-native protection
• Compliance updates and regulatory changes that impact your security program
The Growing Crisis of Trust in Cybersecurity
Cybersecurity has traditionally relied on a layered approach to defence. Firewalls, antivirus software, password systems, and network monitoring tools were designed to protect systems from unauthorised access. Yet these tools often assumed that trusted users inside a network were safe.
This assumption became dangerous as cybercriminals developed methods to bypass technical barriers by targeting people instead. Social engineering attacks exploit human psychology rather than software vulnerabilities. Attackers manipulate emotions such as fear, urgency, authority, or curiosity to convince victims to reveal sensitive information.
Artificial intelligence has dramatically increased the effectiveness of these attacks. AI systems can now analyse public information from social media, company websites, and leaked data to craft highly personalised phishing messages. Unlike traditional spam emails filled with spelling mistakes, AI-generated messages can appear professional, accurate, and context-aware.
Cybersecurity experts increasingly warn that the internet is entering a “post-authenticity” era. In this environment, seeing or hearing something online is no longer reliable proof that it is real. AI-generated images, cloned voices, and manipulated videos can imitate trusted individuals with alarming accuracy.
This erosion of trust affects more than individual organisations. Public confidence in online communication, financial systems, journalism, and even democratic institutions may weaken if people can no longer reliably distinguish between authentic and synthetic information.
For businesses, the consequences are severe. A successful AI-enhanced phishing attack can lead to stolen funds, ransomware infections, data breaches, or reputational damage. Companies must therefore move away from trust based on assumptions and toward trust based on continuous verification.
How Hugging Face eliminated .env files and automated secret rotation
With 200+ engineers and infrastructure spanning Kubernetes, Terraform, and CI/CD, Hugging Face needed secrets management devs would actually use. They chose Infisical. See how they set up CLI injection for local dev, Kubernetes Operator for automatic redeployments, and self-serve workflows.
Deepfakes and AI-Augmented Attacks
Deepfakes are synthetic media generated using artificial intelligence. These systems can create realistic audio, video, or images that imitate real people. Early deepfakes were often easy to identify because of unnatural movements or distorted facial expressions. Modern AI models, however, have improved rapidly.
Attackers now use deepfakes for fraud, impersonation, political manipulation, and corporate espionage. Voice cloning is especially dangerous because many organisations still rely on voice recognition or verbal confirmation for sensitive actions.
One of the most widely discussed cases occurred in 2024 when a finance employee at a multinational company in Hong Kong was tricked into transferring approximately 25 million US dollars after participating in a video conference call populated by AI-generated deepfakes of senior executives. The employee believed the meeting was genuine because the fake participants looked and sounded like real colleagues. In reality, cybercriminals had used publicly available footage and AI systems to imitate the organisation’s leadership team.
This incident demonstrated several important trends in modern cybercrime. First, attackers are increasingly combining traditional social engineering with advanced AI tools. Second, technical realism alone is enough to override human suspicion in many situations. Third, organisations that rely heavily on remote communication are particularly vulnerable.
Deepfakes are not limited to corporate fraud. Attackers have also used cloned voices to impersonate family members during emergency scams, convincing victims to transfer money quickly. Political deepfakes have spread misinformation during elections. Fake executive videos have manipulated stock markets and public opinion.
AI also enables large-scale automation of attacks. Cybercriminals can generate thousands of tailored phishing messages rapidly, adapting language and tone for different targets. AI chatbots can conduct fraudulent conversations in real time, increasing the sophistication of scams.
The barrier to entry has also fallen dramatically. Many deepfake and AI-generation tools are inexpensive or publicly available. Attackers no longer need advanced programming expertise to launch convincing campaigns.
This creates a dangerous imbalance. Defensive organisations often require extensive approval processes, training programmes, and infrastructure upgrades. Attackers, meanwhile, can experiment quickly with evolving AI tools.
The Shift Toward Zero Trust Architecture
In response to growing cyber threats, many organisations have adopted zero trust architecture. Zero trust is not a single product or software platform. Instead, it is a security philosophy built around the principle of “never trust, always verify.”
Traditional cybersecurity models assumed that users and devices inside a network perimeter could generally be trusted. Once an employee logged in successfully, they often received broad access to systems and data.
Zero trust rejects this assumption. Every user, device, application, and request must be verified continuously, regardless of location. Access is granted only to the specific resources required for a task.
The rise of remote work, cloud computing, and mobile devices accelerated the need for this approach. Modern organisations no longer operate within clearly defined network boundaries. Employees access systems from homes, cafés, airports, and personal devices.
A zero trust model usually includes several core principles:
Identity Verification: Users must prove their identity using strong authentication methods. Multi-factor authentication is one of the most common examples. Instead of relying only on passwords, systems may require a mobile confirmation code, biometric scan, or hardware security key.
Least Privilege Access: Employees receive access only to the information necessary for their role. This reduces the damage attackers can cause if they compromise an account.
Continuous Monitoring: Zero trust systems monitor behaviour constantly. If a user suddenly downloads massive amounts of data or logs in from unusual locations, the system may trigger additional verification or block access.
Device Security: The security status of devices is checked before access is granted. Unpatched or compromised devices may be isolated automatically.
Microsegmentation: Networks are divided into smaller sections so that attackers cannot move freely across systems after gaining entry.
These principles are particularly important in defending against AI-enhanced attacks. If a deepfake convinces an employee to reveal credentials, layered verification and limited permissions can still reduce the attacker’s ability to cause damage.
For more on zero trust, see the following:
Protecting your Identity with a Zero Trust Mindset
Statistics provided by the IBM Cost of a data breach report with collected information from 550 organizations impacted by data breaches states that:
#211: The Zero Trust Fund
Take a look back at our conference on Zero Trust, AI, and the developments in the business that are pushing these practices from "excellent practice" to "necessary, necessary, necessary".
Applying Zero Trust to Artificial Intelligence
As organisations integrate AI systems into daily operations, cybersecurity experts are increasingly applying zero trust principles directly to AI technologies.
AI systems create new attack surfaces. Large language models, automated assistants, and machine learning systems often process enormous quantities of sensitive data. If compromised, they can expose confidential information or generate misleading outputs.
One growing concern is prompt injection attacks. In these attacks, malicious users manipulate AI systems by providing carefully designed instructions that override safety controls or extract hidden information. Another threat involves data poisoning, where attackers deliberately corrupt training data to influence how AI systems behave.
Applying zero trust to AI means treating AI systems as potentially vulnerable rather than inherently trustworthy.
This approach includes several important strategies.
Verifying Data Sources: AI systems should only process data from trusted and validated sources. Organisations must monitor datasets carefully to detect tampering, corruption, or manipulation.
Restricting AI Permissions: AI applications should not receive unrestricted access to internal systems. Limiting permissions reduces the risk of automated misuse.
Monitoring AI Behaviour: Security teams should track how AI systems interact with users and networks. Unexpected outputs, unusual access requests, or abnormal decision patterns may indicate compromise.
Human Oversight: Critical decisions involving finance, healthcare, legal matters, or infrastructure should not rely entirely on AI-generated outputs. Human review remains essential.
Model Security Testing: Organisations increasingly conduct adversarial testing against AI systems to identify weaknesses before attackers exploit them.
Applying zero trust to AI is especially important because AI systems often appear authoritative. Employees may assume that machine-generated information is objective or reliable even when it is incorrect.
This creates a paradox. AI tools can strengthen cybersecurity by detecting anomalies and automating threat analysis, yet the same technology can also increase organisational risk if deployed carelessly.
Why Human Training Matters More Than Ever
Despite major advances in cybersecurity technology, humans remain one of the most common points of failure. Many cyberattacks succeed not because technical systems are weak, but because individuals are manipulated successfully. AI-enhanced attacks exploit human habits, emotions, and assumptions.
Traditional cybersecurity training often fails because it relies on long presentations, technical jargon, or infrequent compliance exercises. Non-specialist employees may view security training as confusing, irrelevant, or disconnected from their daily responsibilities.
Modern training programmes must therefore focus on practical behaviour rather than abstract theory. Employees do not need to become cybersecurity engineers. However, they do need enough awareness to recognise suspicious situations and respond safely. Training should begin with a clear explanation of how AI-enhanced attacks work. Employees should understand that emails, voices, videos, and online identities can now be fabricated convincingly.
For example, staff should know that:
A phone call from a manager may not be genuine.
A video conference participant could be a deepfake.
A polished email with perfect grammar can still be malicious.
AI chatbots may imitate customer support agents or colleagues.
The goal is not to create paranoia, but to encourage healthy verification habits.
Practical Cybersecurity Training for Non-Specialists
Effective cybersecurity training must be realistic, repeatable, and easy to apply under pressure. One of the most effective methods is scenario-based learning. Instead of memorising definitions, employees practise responding to simulated attacks. These exercises help workers build instinctive responses before real incidents occur.
For example, organisations may conduct simulated phishing campaigns to teach employees how to identify suspicious messages. Workers who click fake malicious links can receive immediate educational feedback.
Deepfake awareness training is becoming increasingly important as well. Employees should practise verifying unusual requests through secondary communication channels. If a senior executive requests an urgent financial transfer during a video call, staff should confirm the request independently using trusted procedures. Simple organisational habits can significantly reduce risk.
Clear escalation procedures are essential. Employees should know exactly who to contact if they suspect a cyberattack or fraudulent communication. Confusion during a crisis often benefits attackers.
Training should also emphasise emotional awareness. Many successful attacks rely on urgency or fear. Attackers pressure victims into acting quickly before they can think critically.
Workers should learn to pause and verify when encountering messages involving:
Emergency financial requests
Password resets
Confidential data transfers
Threats of punishment or account closure
Requests for secrecy
Cybersecurity culture also matters. Employees are more likely to report suspicious incidents if organisations avoid blaming or humiliating staff who make mistakes.
A blame-focused culture encourages silence. Workers may hide accidental clicks or suspicious interactions because they fear punishment. This delays incident response and increases organisational damage.
Instead, organisations should encourage rapid reporting and treat cybersecurity as a shared responsibility. Short, regular training sessions are generally more effective than annual seminars. Threats evolve quickly, especially in AI-related environments. Continuous learning helps employees stay aware of changing attack techniques.
The Role of Leadership and Governance
Trust within cybersecurity is not only a technical issue. It is also a leadership challenge.
Executives must recognise that cybersecurity is now deeply connected to organisational reputation, operational stability, and public confidence. AI-enhanced attacks can damage customer trust rapidly if organisations appear unprepared.
Leadership teams should establish clear policies for AI usage, identity verification, and incident response. Employees need consistent guidance about when and how AI tools may be used.
Governance frameworks should also address ethical concerns. AI-generated content creates risks involving misinformation, privacy violations, and impersonation. Many organisations now require internal disclosure when employees use AI-generated material in official communication. Transparent usage policies help preserve accountability.
Investment in cybersecurity training must also come from leadership. Training programmes often fail because organisations treat them as secondary priorities. In reality, cybersecurity awareness is now a core business skill. Every department, including finance, human resources, marketing, and customer support, faces exposure to AI-enhanced attacks.
Rebuilding Digital Trust
The cybersecurity landscape is entering a period of profound change. Artificial intelligence is simultaneously strengthening and weakening digital trust.
On one hand, AI improves threat detection, automates security monitoring, and increases defensive capabilities. On the other hand, it enables cybercriminals to create highly convincing attacks at unprecedented speed and scale.
Deepfakes and AI-generated deception challenge long-standing assumptions about authenticity. Organisations can no longer rely on visual evidence, familiar voices, or polished communication as proof of legitimacy. In this environment, trust must become evidence-based rather than assumption-based.
Zero trust architecture represents one of the most important strategic responses to this challenge. By continuously verifying users, devices, and systems, organisations reduce their dependence on fragile assumptions.
Applying zero trust principles to AI systems themselves is equally important. AI tools must be monitored, restricted, and validated carefully to prevent misuse or compromise.
However, technology alone cannot solve the problem. Human behaviour remains central to cybersecurity resilience. Non-specialist employees are increasingly operating on the front line of digital defence. Practical training, clear verification procedures, and supportive organisational culture are essential in helping ordinary users recognise AI-enhanced threats.
The future of cybersecurity will depend on balancing innovation with caution. AI systems will continue to evolve rapidly, and attackers will continue adapting their methods. Trust is therefore no longer something organisations can grant automatically. It must be earned continuously through verification, transparency, education, and resilient security design.
In the years ahead, the organisations most capable of protecting themselves will not necessarily be those with the most advanced technology. They will be the ones that combine strong technical controls with informed, alert, and adaptable human decision-making.
