Cisco’s head of security thinks that we’re headed into an AI phishing nightmare

Cybersecurity attacks are an increasingly costly nightmare for companies, and AI will only make it easier for victims to fall for their most common form: phishing scams.

Generative AI tools like ChatGPT are capable of producing written work that humans have difficulty detecting. And as these tools evolve, phishing attackers may use the technology to send email traps disguised as work messages that even some of the most cautious people may have trouble discerning as fake. 

“It’s going to get harder for humans to distinguish between legitimate activity versus a malicious attack,” says Jeetu Patel, Cisco’s executive vice president and general manager of security and collaboration.

Assailants using AI to make their attacks even more sophisticated could be a problem for HR, as the bulk of attacks people fall for are about work, or from someone pretending to be from their HR department. According to security software company KnowBe4’s third-quarter global phishing report, 61% of its failed phishing tests contained messages from HR or about employee performance.

People have mostly stopped falling for the stereotypical phishing scams like the Nigerian prince or someone offering a lucrative investment opportunity, where the offer is too good to be true and the email itself riddled with typos. But Patel worries people will have difficulty distinguishing A.I.-written phishing emails purporting to be from a friend or colleague.

For example, an attacker could use AI to send a fake email from a coworker about going to the same basketball game the night before and sending over a cloud drive link purporting to have pictures from the game. That’s because generative AI bots can be trained to mimic a specific person’s writing style.

“That’s a much harder activity for being able to tell whether or not it’s a legitimate activity or a malicious attack,” says Patel. “I think you’re gonna see much, much more of that.”

While the thought of employees having to watch out for even more email scam attacks may be worrying (and expensive) for HR and business leaders, Patel is also hopeful that the advancement of A.I. technology will beef up companies’ cybersecurity defense systems.

“We might have a data advantage, which will allow us not just to detect an attack and respond to it, but predict an attack before it happens and prevent it from happening,” he says. “That data advantage is going to be pretty big.”

Paige McGlauflin
paige.mcglauflin@fortune.com
@paidion

Around the Table

A round-up of the most important HR headlines.

- Remote workers were 35% more likely to be fired in 2023 compared to their hybrid and in-person counterparts—and they’re also the most likely to quit. —Wall Street Journal

- Legal attacks by Elon Musk and others could “raise havoc” and weaken the growing labor movement. —The Guardian

- Tech giant Salesforce announced it will be laying off 700 workers. —Wall Street Journal

Watercooler

Everything you need to know from Fortune.

Unfair deal. Following a slew of harsh criticism about Gen Z’s work ethic, the young generation is clapping back. They say that despite being well-educated and working long hours, their salaries don’t stretch as far as previous generations. —Orianna Rosa Royle

Hot water. Walgreens will pay a $275,000 fine to settle allegations of poor working conditions and bad service after abruptly closing some of its Vermont stores temporarily during the pandemic. —The Associated Press

Blue jean blues. Levi Strauss & Co plans to cut up 15% of its global corporate workforce, attributing the layoff to a weak wholesale business forecast. —Olivia Rockeman, Bloomberg

Hiring revolution. Massachusetts Gov. Maura Healey signed an executive order to scrap degree requirements from most government job listings, encouraging companies to use a skills-based approach instead. —Jane Thier