AI Is Worsening Firms’ Cybersecurity 'Fog of War'

The rapid democratization of generative AI has turned a once‑expensive capability into a commodity, allowing threat actors to craft convincing deep‑fakes in minutes. At the BNY INSITE panel, Paul Caulfield showed a synthetic video of himself to illustrate how easily a high‑net‑worth client’s voice and likeness can be forged. This demonstration underscores a broader shift: AI is no longer a defensive tool for cybersecurity teams but a dual‑use technology that amplifies social engineering attacks across the financial services sector.

Moody’s recent warning that frontier AI will intensify cyber‑risk for banks aligns with the wave of data breaches disclosed by firms such as LPL Financial, Cetera, and Ameriprise. Hackers are leveraging models like Anthropic’s Mythos to automate credential harvesting, generate personalized phishing content, and exfiltrate terabytes of personal information for resale. The cost advantage means even smaller advisory shops, previously overlooked, now face sophisticated, AI‑driven assaults that can bypass traditional perimeter defenses, widening the gap between attack sophistication and incident response.

In response, industry leaders are urging a shift from reactive patching to proactive governance. Caulfield’s five‑question checklist—identifying response contacts, describing the breach, assessing severity, estimating recovery time, and preventing recurrence—offers a pragmatic roadmap. Complementary measures such as “human PIN codes,” shared secret phrases, and continuous AI‑driven monitoring can add layers of verification against deep‑fake impersonation. As regulators tighten disclosure requirements, firms that embed these practices into their cyber‑risk frameworks will better protect client data and maintain trust in an increasingly AI‑saturated threat landscape.