How AI is supercharging social engineering - and what businesses can do about it (www.techradar.com)

AI is dramatically improving the quality, scale and agility of social engineering attacks: LLMs now produce polished, context-aware phishing that removes classic red flags, and deepfake audio/video can clone a CEO’s voice or face in minutes — techniques already used to steal tens of millions. LevelBlue’s report finds 59% of organizations say distinguishing real from fake interactions is harder, yet only ~20% have comprehensive staff education and just 32% engaged external training last year. Attackers combine LLM-written messages, persona creation from social/breach data, dynamic vector switching (email probes that pivot to voice/video), adversarial prompt-chaining, and traditional vectors like credential theft and supply-chain compromises, turning social engineering from a “people” issue into a systemic business risk. Mitigation requires shifting governance, testing and tooling. Treat AI-enabled social engineering as a board-level risk, run red-team simulations that replicate chained AI attacks (email → voice → deepfake), and adopt layered defenses: deepfake and voice-anomaly detectors, behavioral analytics, zero‑trust controls and structured human verification (out‑of‑band challenge‑response). Regular “red-team-as-a-service” benchmarking and modular, quarterly training tied to live threat data will keep staff judgment aligned with evolving tactics. In short: technology can surface anomalies, but resilience relies on combining AI-driven detection with human verification and continuous, executive-backed training.