How attackers are using AI to get ahead.

How are attackers exploiting tech in the era of large language models and generative AI (and how you can fight back).

Early in 2024, ARUP fell victim to a deepfake AI attack which convinced colleagues to surrender $25m over to hackers. This set the tone for a year in which we saw AI risks, including LLM/Bot manipulation, deepfakes and AI generated attacks skyrocket. Flash forward to 2025, the threat landscape has changed forever. AI isn’t going away, so it’s important to know how to get ahead of it. 

A recent study from Carnegie Mellon revealed AI models could recreate the exact conditions that led to the 2017 Equifax breach, a breach that exposed the sensitive data of over 148 million people. 

How attackers are using AI right now.

 

📈 Phishing emails have increased by 4,151%, with 60% of recipients engaging. Using generative AI to mimic your brand’s image, staff names, and tone of voice. 

🔊 Deepfake-related fraud is on the up. Just 30 seconds of audio can be used to impersonate your manager or CEO requesting bank transfers, credentials, or authorisation. 

Considerations for the board.

Cybersecurity has become a board-level responsibility.  A single breach can wipe out years of brand equity, investor confidence, and operational resilience. 

• Accountability: It’s increasingly expected Boards understand and govern AI-related cyber risk. Ignorance won’t shield you from scrutiny. 

• Big pound signs: The average global breach now costs businesses £3.2 million. Can you absorb that? 

• Visibility: Do you know what systems are exposed? Who has access? How well your teams are trained?
   

Look for security that scales with you.

AI-driven threats demand smart, scalable defence but building that in-house is costly and complex. At Intercity, we help you stay ahead with expert services like Tenant Hardening, vCISO, and SOC support. While we secure your systems, you stay free to scale with confidence and perform at your best. Here’s how we protect you: 

• Our scalable security stack 
  Lock down your cloud environments with precision from access controls to misconfigurations. 

• vCISO (Virtual Chief Information Security Officer) 
  Strategic security leadership, without the boardroom overhead. 

• SOC (Security operations centre) 
  24/7 monitoring, detection, and response so threats are found and stopped fast. 

• Security awareness training 
  Turn your team into a human firewall. We tailor it to the threats you're facing, not just tick-box training. 

Train your people to adopt a zero-trust approach.

AI can't hack what it can't fool. Empower your staff to spot the signs from fake emails to deepfake videos while adopting a zero-trust approach. That means verify everything from access requests, emails and password resets even if it looks legitimate.  

Know where your data is going.

Control how your business uses AI. Audit what tools are being used, and where sensitive data may be leaking into large language models (LLMs).

Review your systems regularly.

Don’t wait for an incident. Schedule ongoing reviews to spot exposure, redundancy, and risk across your tech stack.  

With 90% of companies still not doing enough to mitigate AI-driven risks, the real gap is in strategic thinking. The difference between being breached and staying resilient? 

Getting ahead of the risk is easier than you might think. There are accessible solutions and tools which can dramatically reduce risk quickly and cost-effectively. That includes running an assessment of your Microsoft 365 environment to ensure your estate is configured correctly, and that bolt ons and legacy tech is managed correctly. 

Let Intercity protect your business while you focus on growing it. Scalable. Cost-effective. Board-ready.