How attackers are using AI to get ahead.

How are attackers exploiting tech in the era of large language models and generative AI (and how you can fight back).

Early in 2024, ARUP fell victim to a deepfake AI attack which convinced colleagues to surrender $25m over to hackers. This set the tone for a year in which we saw AI risks, including LLM/Bot manipulation, deepfakes and AI generated attacks skyrocket. Flash forward to 2025, the threat landscape has changed forever. AI isn’t going away, so it’s important to know how to get ahead of it. 

How attackers are using AI right now.

 

📈 Phishing emails have increased by 4,151%, with 60% of recipients engaging. Using generative AI to mimic your brand’s image, staff names, and tone of voice. 

🔊 Deepfake-related fraud is on the up. Just 30 seconds of audio can be used to impersonate your manager or CEO requesting bank transfers, credentials, or authorisation. 

Considerations for the board.

Cybersecurity has become a board-level responsibility.  A single breach can wipe out years of brand equity, investor confidence, and operational resilience. 

• Accountability: It’s increasingly expected Boards understand and govern AI-related cyber risk. Ignorance won’t shield you from scrutiny. 

• Big pound signs: The average global breach now costs businesses £3.2 million. Can you absorb that? 

• Visibility: Do you know what systems are exposed? Who has access? How well your teams are trained?
   

Look for security that scales with you.

AI-driven threats demand smart, scalable defence but building that in-house is costly and complex. At Intercity, we help you stay ahead with expert services like Tenant Hardening, vCISO, and SOC support. While we secure your systems, you stay free to scale with confidence and perform at your best. Here’s how we protect you: 

• A comprehensive M365 Security Assessment: Lock down your environments with precision. 

• vCISO (Virtual Chief Information Security Officer) :Strategic security leadership, without the boardroom overhead. 

• SOC (Security operations centre): 24/7 monitoring, detection, and response so threats are found and stopped fast. 

• Security awareness training: Turn your team into a human firewall. 

Train your people to adopt a zero-trust approach.

AI can't hack what it can't fool. Empower your staff to spot the signs from fake emails to deepfake videos while adopting a zero-trust approach. That means verify everything from access requests, emails and password resets even if it looks legitimate.  

Know where your data is going.

Control how your business uses AI. Audit what tools are being used, and where sensitive data may be leaking into large language models (LLMs).

Review your systems regularly.

With 90% of companies still not doing enough to mitigate AI-driven risks, the smartest move to make right now is going back to basics. That includes ongoing reviews to spot exposure, redundancy, and risk across your tech stack.  

There are accessible solutions and tools which can dramatically reduce risk quickly and cost-effectively. That includes running an assessment of your Microsoft 365 environment to ensure your estate is configured correctly, and where needed, getting a strategic view of your risk.

Let Intercity protect your business while you focus on growing it. Scalable. Cost-effective. Board-ready.