Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In late 2022, AI exploded into the mainstream with OpenAI’s ChatGPT, starting an AI-fuelled shift in both everyday life and the cyber threat landscape. Just as quickly as everyday users rushed to adopt the technology, so did threat actors. From generating phishing pretexts to writing malware and crafting deepfakes, AI systems have become both a new tool and a new target.

Executives everywhere are under pressure to deploy AI fast — but our recent roundtable on AI risk, hosted by TEISS, revealed a growing concern: AI adoption is outpacing governance, and organisations are taking on more risk than they realise. While most enterprises have mature technical controls, many are missing visibility into how AI is being used — and by whom.

Despite having modern DLP and CASB tools in place, they lacked the behavioural insights and real-time context needed to guide employee use of GenAI tools. Shadow AI use was growing, and SecOps lacked clear visibility into which incidents required intervention.

When a fast-scaling digital bank began seeing widespread employee adoption of generative AI tools like ChatGPT and Gemini, their security team faced a growing dilemma: how do you protect sensitive data without shutting down innovation?

It seems like Artificial Intelligence (AI) has suddenly appeared in everything, everywhere, all at once. What feels like “five minutes ago”, there was “pre-AI life”, and now we have AI assistants that speak like real people, apps that create images, music, and video from nothing, and AI agents that do work for us.

This research explores an unconventional malware delivery vector, demonstrating how trusted creative software tools can be repurposed to deliver payloads in ways that bypass common defences, user expectations, and AI-based analysis. The work concludes with the creation of a successful Proof-of-Concept (PoC) for code execution and AV/EDR evasion using the open-source 3D software suite Blender.

For decades now we’ve been locked in this game of cat-and-mouse where attackers develop a new technique and defenders catch up, or defenders introduce a new control and attackers adapt. From the evolution of network security to identity and access control, many of our technical controls have matured into strong and reliable defences. Yet as we continue to see in the media, attackers continue to get in, compromising even the most mature and secure of environments, in seemingly simple way.

Security Operations Centre (SOC) teams have never had it easy - but today, the complexity of defending against cyber threats has taken on an entirely new dimension. You’ve secured endpoints, networks, and cloud infrastructure. But the biggest threats are at the human layer, where visibility is lacking and most breaches begin.

In April 2025, Marks & Spencer, the Co-op Group, and Harrods were all targeted by cyber-attacks that caused disruption across their services. Although attribution is still being confirmed, indicators strongly link these attacks to Scattered Spider, a group known for aggressive, human-centric tactics and high-profile breaches. This post is not an incident breakdown for each retailer.

The cyber security perimeter has evolved many times over the years, and we’re now at a point in time where it is shifted once again. We have reached an era where defence is no longer just about protecting our networks, endpoints, cloud systems or SaaS applications, but about protecting our people. Attackers now target employees directly, relying on their ability to exploit human behaviour to gain access, rather than technical vulnerabilities.