AI Risks 101
AI changed the game, and attackers know it. They are writing phishing emails in your CEO's voice, cloning colleagues' voices from a 3-second clip, and fabricating video calls from scratch. This module covers the four ways AI has shifted the threat landscape — and why your judgment is still the strongest defense.
AI changed the game. Attackers know it.
This isn't hypothetical. Attackers are actively using AI right now to write phishing emails that sound exactly like your boss, fabricate video calls with your CFO, and trick people into revealing information by impersonating services you trust.
Two things are true at once:
- AI is powerful and useful. We're not trying to ban it.
- AI creates new security risks — both in how attackers use it against you, and in how public AI tools handle your data.
The four ways attackers are using AI
| Attack type | What it looks like |
|---|---|
| Personalized phishing | Emails tailored to you — your projects, your boss's tone, real context scraped from your LinkedIn. |
| Voice cloning | A call or voicemail that sounds exactly like your manager. Only 3 seconds of audio required. |
| Deepfake video | A video call where every person on screen — including your CFO — is AI-generated. |
| Prompt injection | Hidden instructions inside content you paste into an AI tool, getting the AI to act on the attacker's behalf. |
What a deepfake attack actually looks like
In 2024, a finance employee at a multinational firm joined what appeared to be a routine video call with their CFO and several colleagues. The CFO gave detailed instructions to wire $25 million across several accounts for a confidential deal. The employee completed the transfer.
Every person on the call — every face, every voice — was an AI-generated deepfake. The employee was the only real human on the call.
The defense that would have stopped it: a 30-second call to the real CFO on a number already on file.
Real incident: CEO impersonation, $1.5M
An attacker used AI to clone a CEO's writing style and emailed the finance team requesting an urgent wire transfer. The email matched the CEO's tone perfectly. It referenced a real acquisition the company was working on. The finance team processed the transfer.
The information used to build the cover story? All public: LinkedIn posts, press releases, company announcements.
The lesson: AI lets attackers research your company for free and faster than any human could. The tell is never the writing anymore. It's the request.
AI can also be confidently wrong
Even without an attacker involved, AI creates risk when you trust it blindly. It can sound authoritative and still invent facts, policies, and sources that do not exist. "Don't Let AI Be Your Weakness" begins with remembering that confidence is not the same as correctness.
Your data leaves your control when you paste it
When you submit something to a public AI tool, it may be stored, reviewed by humans, or used to train future models. Treat anything you paste into a public AI as something that could leave your control entirely.
The good news: you're the human firewall
AI-based attacks are sophisticated, but they are not unbeatable. Attackers are betting on one thing: that you will not stop and think critically. This course gives you the habits to stop them.
AI is powerful. Your judgment plus AI is stronger. The human firewall still matters — and that's you.
Knowledge check
You paste a draft of an internal document into a free public AI tool to clean up the wording. Why is that a risk?
In the 2024 $25M deepfake incident, what would have stopped the transfer?