IBM is warning that most companies still lack basic guardrails for artificial intelligence, leaving them vulnerable to deepfakes and AI-assisted scams.
IBM distinguished engineer Jeff Crume cites the firm’s 2025 Cost of a Data Breach to show that attackers using artificial intelligence were involved in 16% of all breaches.
“So that’s not an overwhelming number, but it’s a significant number. It’s big enough for us to really start paying attention to, and it’s not surprising.”
According to Crume, 35% of AI attacks weaponized deepfakes, which are generated video and audio imitations of a real person or even a fictitious person that are convincing enough to dupe a person into doing something they should not otherwise do.
“Maybe we pose as an executive in the company, we do a video call with an employee, and tell the employee they need to wire certain money over to this special account and do it right now because I’m your boss… And they do it and come to find out it wasn’t the boss they were talking to. It was a very realistic-looking deepfake of the boss.”
He also says that 37% of AI-assisted attacks were related to phishing. In an experiment, Crume says an IBM researcher took 16 hours to craft a convincing phishing email, but a chatbot did the same task in just five minutes.
“We sent both out, and it was virtually a dead heat in terms of slightly more people picked on the human-generated one versus the chatbot one, but look at the difference in efficiency. In other words, AI is going to keep getting better at wording these things and making them more and more convincing.”
While thieves are already using AI to execute convincing and efficient attacks, Crume warns that most companies have not adapted to the artificial intelligence age in terms of security policies.
“63% of organizations that we surveyed and talked to and interviewed did not have a governance policy… If you don’t have a governance policy or security policy in place, then you really have no way to win because you don’t even know how to define what that is.”
Disclaimer: Opinions expressed at CapitalAI Daily are not investment advice. Investors should do their own due diligence before making any decisions involving securities, cryptocurrencies, or digital assets. Your transfers and trades are at your own risk, and any losses you may incur are your responsibility. CapitalAI Daily does not recommend the buying or selling of any assets, nor is CapitalAI Daily an investment advisor. See our Editorial Standards and Terms of Use.