GenAI cyber attacks have arrived

In September 2024, an email claiming to be from Dmytro Kuleba, Ukraine’s foreign minister, landed in the inbox of Senator Benjamin L. Cardin, chairman of the Senate Foreign Relations Committee. The email requested a Zoom call, and given the senator’s critical role in foreign policy, his office arranged the meeting. When the video call began, the person on screen looked and sounded just like Kuleba, and the conversation initially seemed normal.

But things took a strange turn. The caller started asking unusual, politically charged questions about missile strikes on Russian territory and the upcoming U.S. elections—topics that seemed out of character. Suspicious, Senator Cardin ended the call and reported the incident to the State Department. Investigators later confirmed the caller was not Kuleba at all but a deepfake—an advanced digital forgery designed to manipulate and extract sensitive information.‍

Incredible increase in deepfake & GenAI cyber attacks

Since the launch of ChatGPT, phishing attacks have grown by 4,171%. Now, anyone can run a sophisticated cyber attack in minutes. They can attack over email, SMS, phone calls, or even video zoom calls using GenAI scripts and deepfakes. In the last year alone, we have seen over 100K estimated deepfake attacks in the USA alone. In October of 2024, the CEO of a major cybersecurity provider, Wiz, announced that his company had experienced numerous CEO deepfake attacks.  Also in 2024, a deepfake attacker used the voice and likeness of an executive on a zoom call to scam the company out of $25 million dollars. 

Behind the scenes, security teams are seeing a massive influx of GenAI attacks, and are deeply concerned by the growing threat. 

‍CISOs are most afraid of GenAI attacks

In an Adaptive Security study from December 2024, we surveyed 181 CISOs at leading US companies. Our survey found AI-Powered social engineering as the #1 concern among those surveyed, with the average respondent scoring their concern as an 8.6 out of 10. A security leader for one of the largest entertainment venues in the world said “The AI-generated attacks that we've seen are much higher in sophistication and harder for our employees to detect.” Another security leader for one of the largest semiconductor companies said “deepfakes are happening now, and its dangerous.”

‍From AI-powered marketing to cybersecurity

In September 2016, I co-founded Attentive, the leader in AI-powered SMS and email marketing. For seven years, I served as the CEO of Attentive, and helped grow the business to over 1,000 US full-time employees, $500M in annual revenue, and over 8K customers. 

While at Attentive, I experienced many cyber attacks first hand. In one memorable incident, a new Attentive employee was scammed into making a significant fraudulent business purchase when the attacker impersonated me via text message. When I brought the issue to their manager, the manager was also scammed by the same attacker. Neither employee was ready for the next generation of attack, and I couldn’t believe there wasn't a better way to stop these attacks.  

‍Protecting companies from the next generation of attack

Most security training content is outdated, boring, and irrelevant. 77% of employees admit that they would often “zone out” during security training. Compliance admins force their teams to “check the box” with meaningless training. Few companies are ready for GenAI-powered attacks. 

Today, Adaptive estimates that up to 60% of employees will fail a GenAI-powered attack.  

In early 2024, we launched Adaptive to significantly reduce the risk of AI-powered attacks. We currently offer two products: Adaptive Phishing and Adaptive Training. 

Adaptive Phishing generates GenAI cyber attacks over email, SMS, chat, and voice. Businesses can customize these attacks to utilize features like deepfakes of their executive team, open source intelligence of their company, and known attack vectors.

Adaptive Training educates employees on new and emerging security threats like deepfakes, smishing, and social media attacks. Material is broken down into engaging 3-7 minute modules, optimized for mobile and desktop viewing. Content is automatically personalized for every business. 

Today, Adaptive is growing fast working with leading businesses including one of the largest bank payment managers in the USA, massive hedge funds and venture capital firms, regional and national banks, leading tech and software companies, and critical health systems. 

Adaptive’s mission is to protect people from AI-powered cyber attacks. Over the next decade, we will work tirelessly to stay one step ahead of attackers with enhanced features, new products, and scale to every business globally.