Page 95 - Cyber Defense eMagazine September 2025
P. 95
revolutionized the speed and complexity of digital information reconnaissance and deepfake-enabled
smish, vish and phish attacks. Attackers are using AI to create deepfakes, mirroring voices and writing
styles to deceive help desks, support systems and employees elsewhere in the enterprise. Common
attacks include posing as a senior leader and ordering a junior employee to purchase gift cards to help
close a deal. With AI’s ability to scrape vast amounts of information about not only CISOs and other key
personnel in the enterprise but their families and acquaintances, the success rate of these attacks has
dramatically increased. Historically, digging up enough information to fuel an attack would require a team
of hackers; now, AI agents can achieve this autonomously and efficiently.
The standard narrative of hackers breaching security through AI tools only presents a part of the picture,
which prevents CISOs from understanding the true, multifaceted ways that AI could contribute to
breaches. To effectively mitigate risks, CISOs must adopt a holistic perspective and see not just what the
bad guys are doing with AI but what the good guys in retail organizations are doing and should be doing
to integrate AI into their systems and use it to strengthen cybersecurity.
Clarifying the nature of the threat
You don’t need a hacker or an external attack for AI to pose a cybersecurity threat to a retail organization.
When CISOs view GenAI only as a tool for extracting sensitive data, they overlook the possibility that AI
can also inadvertently expose sensitive data, which can do as much harm to operations as an attack.
Misconfigured AI systems can leak proprietary information, affecting consumer trust and competitive
advantage. For instance, without proper restrictions, consumers could ask a retailer’s propriety chatbots
to compare the company’s product line with competing products, turning a potential sale into a win for
the competition.
In addition to harming businesses through offering insights into competitor products, AI chatbots set up
with improper security guidelines could access and reveal confidential information about an organization
or its personnel. Imagine a scenario where an organization-wide AI system connects previously disparate
data sources, such as human resources data about salaries and so forth, across the entire organization,
including a public-facing chatbot. All it takes is one curious online shopper writing a simple prompt for
employee X’s compensation to go public.
Harnessing AI for cyber defense
Retail organizations must think defensively about deploying AI. If you’re not already on this AI journey,
it’s essential to start, or risk being left behind. The scenarios described above underscore the necessity
of robust AI deployment strategies. The silver lining to the AI threat to cybersecurity is that while AI can
make data more vulnerable, it also has great potential to strengthen cybersecurity. By leveraging AI for
threat detection, anomaly monitoring and streamlined reporting, retail organizations can enhance their
cyber defense strategies. AI can automate routine tasks, optimize threat hunting and facilitate efficient
security operations.
Cyber Defense eMagazine – September 2025 Edition 95
Copyright © 2025, Cyber Defense Magazine. All rights reserved worldwide.
