Summary5 min read

RSAC Podcast Episode Summary

Podcast: RSAC
Host: Tatiana Sanchez
Guest: Alex Holden, CISO of Hold Security LLC
Episode Title: I vs AI
Date: January 26, 2026

Episode Overview

This episode of the RSAC Podcast, hosted by Tatiana Sanchez, dives into the evolving role of artificial intelligence (AI) in the hands of cybercriminals and the complex challenges this creates for both organizations and individuals. Guest Alex Holden, a renowned cyber threat intelligence expert, shares insights drawn from direct observation of cybercriminal communities, highlighting real-world attack examples, organizational defense strategies, and vulnerabilities in current AI deployments.

Key Discussion Points & Insights

1. AI as a Double-Edged Sword in Cybercrime

(02:28–04:44)

AI adoption outpaces defenses: Cybercriminals are adopting AI rapidly, often more efficiently than legitimate organizations.
AI as both tool and accomplice: Criminals use AI for everything from crafting phishing emails to coordinating ransomware — tasks that now require fewer people and are executed with greater speed and sophistication.
- Quote:
  “AI is becoming a tool, a malleable tool in hands of cybercriminals… in their hands, AI is not only a tool, but it's also an accomplice.”
  — Alex Holden (02:32)
Erosion of traditional defenses: AI neutralizes old heuristics (like spotting phishing via misspellings), enabling attackers to convincingly mimic cultural and linguistic nuances.
Scalability and velocity: Attacks become faster, harder to detect, and possible at much greater scale, enabling even solo actors to run previously large operations.

2. Real-World AI-Driven Attacks

(05:37–09:40)

Corporate schemes:
- AI aids attackers in understanding and manipulating business processes, not just technology. Exploiting process-based vulnerabilities is now straightforward.
- Unlimited attempts: AI allows mass-automation of social engineering (e.g., AI-powered help desk impersonation), with negligible cost per attempt.
- AI can autorespond, learn context, and maintain rapport, making phishing and BEC (business email compromise) attacks much more convincing.
Individual targeting & romance scams:
- AI enables nuanced, ongoing dialogues for romance scams. These scams craft complex, believable stories, provide fake documentation, and emotionally manipulate victims beyond what humans alone could achieve.
- Quote:
  “In most cases even examining conversations, communications, it's not obvious to experts to see if this is a real person looking for romance or if this is an AI driven scam.”
  — Alex Holden (08:59)

3. Victim Recovery and Institutional Safeguards

(09:40–11:38)

Bank responses: Some financial institutions train staff to spot and counsel potential scam victims, but online, attackers use AI to walk victims through money transfer steps, often circumventing offline safeguards.
- Quote:
  “AI would actually give them step by step instructions in order to transfer the money... providing technical support from the bad guys to a victim…”
  — Alex Holden (11:14)
Recovery of lost money is rare once funds transfer electronically or into crypto.

4. Proactive Organizational Defenses against AI Attacks

(12:08–14:55)

Beyond technical controls: It’s essential to scrutinize not just tech but also business processes — especially those influenced by third parties or customers — for avenues of manipulation.
Behavioral safeguards: Use behavioral markers (e.g., unnatural response speed) to spot AI-driven attacks. Insert hidden prompts or challenges AI would notice but humans would not (e.g., complex math problems).
- Quote:
  “They put a complex math problem... invisibly into a human into a problem. And in response an AI sees it and it gives a number. Well guess what? Most people I know don't know this off the top of their head and they would not be able to respond in 10 seconds. AI does.”
  — Alex Holden (13:25)
Balance: Defend without disrupting customer service or business flow.

5. Incident Response to Successful AI Attacks

(15:26–16:44)

Follow classic incident response protocols — detect anomalies, investigate, contain — but update playbooks for AI-driven scenarios.
Prepare for complexity: AI-driven incidents may lack the obvious “errors” or tell-tale signs of traditional attacks.
- Quote:
  “In your incident response playbook, put in components. Consider scenarios that would be AI driven and how you would be investigating these things.”
  — Alex Holden (16:02)

6. AI as an Attack Surface: Defending Your Implementation

(17:09–21:46)

AI deployments are under-tested: Most organizations do not subject AI systems to the same security evaluation as traditional software (e.g., pen testing, patch management).
- Quote:
  “Very few AI implementations actually undergo proper security evaluation overall… and because this is not just a piece of software, it is a complex solution… The data may be there and maybe it's said to be protected. But how much of a vulnerability is there?”
  — Alex Holden (18:44)
Vulnerabilities in AI:
- AI can leak data due to exploitation or poor configuration.
- Social engineering can trick AI into revealing confidential information.
- Criminals value “AI manipulators” highly for their ability to exploit these systems.
Urgent need for standards: Alex urges adopting robust testing, red teaming, and defensive postures for AI, warning that current progress is slow and fragmented.

Memorable Quotes

“AI is not only a tool, but it's also an accomplice… attacks are coming out faster, they are more sophisticated, and the knowledge of cybercriminals is vastly improved.”
— Alex Holden (02:41)
“We are being bombarded by many AI components in the hands of really evil people. And it's hard to tell the difference and it's not very easy to defend against it.”
— Alex Holden (09:25)
“…in many cases way for us to succeed, to progress. So AI is vulnerable, your implementation of AI may be vulnerable and you should take necessary steps to defend against it.”
— Alex Holden (21:13)
“Hopefully it becomes much better science like we have right now with PEN testing, red teaming and many other things. But in my view we are getting into this very slowly and not always effectively…”
— Alex Holden (21:25)

Key Takeaways

Cybercriminals are adopting and weaponizing AI with alarming speed and creativity.
Traditional security awareness measures (e.g., phishing detection) are outpaced by AI’s capabilities.
Attacks can now be more targeted, persistent, and personalized — both for organizations and individuals.
Proactive defense requires scrutiny of business processes and innovative behavioral defense techniques.
Amend incident response and risk frameworks to account for AI-driven attacks and failures.
Current AI implementations often lack robust security vetting, pen testing, and ongoing monitoring — a critical, unaddressed risk.

Timestamps for Important Segments

[02:28] — AI as an “accomplice” and the evolution of attack sophistication
[05:37] — Corporate and individual attack examples, AI's role in scaling social engineering
[09:40] — Financial recourse for romance scam victims and banking safeguards
[12:08] — Strategies for organizational defense and behavioral anomaly detection
[15:26] — Incident response best practices in the AI era
[17:09] — Defending AI implementations; security gaps and needed actions

This episode delivers a pragmatic, sometimes sobering look at how AI is transforming the cyber threat landscape, offering actionable guidance for fortifying organizational defenses and highlighting the urgent need to mature AI’s security posture. Alex Holden’s real-world perspective helps both cybersecurity practitioners and leadership grasp the stakes, challenges, and concrete steps needed right now.

Loading summary

Transcript15 lines

[00:05]
A
You're listening to the RSA conference podcast, where the world talks Security. Hello listeners. Welcome to this edition of our RSAC podcast series. Thank you for tuning in. I'm your host for today, Tatiana Sanchez. And while AI offers incredible benefits and we're seeing rapid adoption across industries, it's also becoming a powerful force multiple supplier for cybercriminals. From sophisticated ransomware and deep fakes to romance scams and supply chain manipulation, the threat landscape is evolving fast. And that's why we are so excited to be joined by Alex Holden, who will explore how AI enables these criminal activities and more importantly, how organizations can identify and defend against them. But before we get started, we do want to remind our listeners that here at RSAC we host podcasts twice a month. And and we encourage you to subscribe, rate and review us on your preferred podcast app so that you can be notified when new tracks are posted. And now we would like to ask our guest to formally introduce himself before we dive in. Alex.
[01:12]
B
Absolutely. Thank you and it's a pleasure to be here. My name is Alex Holden. I'm chief Information security officer of Hold Security llc. We are cyber threat intelligence company that been around for 13 years now. And what we do, we go out among the cyber criminals, we walk among them and we learn from the them. Enough to prevent cybercrime. So good portion of my career I spent trying to prevent cybercrime by understanding cybercriminal psychology, understanding cybercriminal traits, tools and approaches. And this is why my knowledge comes unfortunately from firsthand of crimes being committed. And also it comes from really seeing how things can be stopped and if recognized and applied in time.
[02:06]
A
Thank you so much Alex for taking the time and being here today. And as we know, the rise of AI is increasing, especially you know, with generative and agentic AI. Those are more popular nowadays and we're seeing those two words more often. So Alex, how has the landscape of cybercrime evolved? What are some of the new, more sophisticated attacks we're seeing today?
[02:28]
B
Well, right now, AI is becoming a tool, a malleable tool in hands of cyber criminals. And from our perspective, cybercriminals are embracing and using AI in many cases much faster, much more efficiently than most of our businesses than individuals. So think about AI as a useful tool, greatly useful tools that transforms our industry, transforms our way of life. The cybercriminals doing absolutely the same. But with ill 10th and in their hands, AI is not only a tool, but it's also an accomplice. Remember that a decade ago we Were teaching our users to recognize phishing attacks by looking for spelling errors, by looking for format problems or anything else. Understanding that cybercriminals don't always understand our way of life, English, whatever language they're trying to impersonate, maybe not their language at all. And many cultural references, many different things that would separate us from cyber criminals were our defense was an obstacle for them. AI erased all this. It increased the ability of cybercriminals to adopt, adjust to the things that we would expect to see in our mailboxes, in our approaches, in our way of life. And it also changed the velocity of these components so the, the attacks are coming out faster, they are more sophisticated, and the knowledge of cybercriminals is vastly improved. Lastly, cyber criminals actually embracing AI that no longer we need to run a criminal enterprise. It's a single individual who can orchestrate entire ransomware organization with the help of its accomplice AI. A lot of things can be accomplished. Just one or two cybercriminals that that previously required 20, 30 individuals to work together. The scale is changing, the game is changing, the speed of attacks is changing. And AI unfortunately is very willing tool in the hands of cybercriminals.
[04:45]
A
Exactly right. The game is changing in cybersecurity. And like you mentioned a decade ago, organizations were teaching, you know, employees how to spot phishing attacks. And cybercriminals now know what organizations are looking out for. So they're using AI to enhance their attacks, like you said, at a greater speed and it's cost efficient. So whether it's an individual or 10 people, AI attacks are just happening every day. And I would like to dive in into some real world examples of how AI driven attacks like you mentioned, supply chain manipulation and business email compromises. How are these attacks impacting organizations today? And then beyond the corporate world, we're also seeing AI being weaponized against individuals through romance scams. So can you talk to us a little bit about the corporate world AI attacks and then individual AI attacks?
[05:37]
B
Absolutely. Corporate world is much more profitable for many cyber criminals and they are learning to leverage AI to come up with new innovative solutions. They may not know of how we function in our environment, but they can go and try to build these frameworks. Understanding of how things are done, understanding the processes and procedures target not only our technology, but also target our business processes. And finding these vulnerabilities that not always reside in our hardware software, but also would reside in our processes and individuals. They can leverage all these components. They also have unlimited amount of Approaches. So social engineering attacks involving help desk or other support staff, if it's coming through just an agent or a person sitting on the Internet, the bad guys are just programming AI to approach once, twice, a hundred times and they are looking for a single success. The cost of this is becoming negligible. The AI is enabling the bad guys to do multiple tries, multiple approaches, multiple ways to do things. Same thing comes in with fishing. Not only AI able to write a good phishing email, but it can actually initiate and continue conversation. So the bad guys are not limited to a single approach. They start with a basic approach that is driven by AI, then go with power up questions, comments and everything else. And it builds rapport, it builds actually a relationship. AI is actually a very malleable tool where if you explain the problem to it, it would actually really try to help. And there are many AI solutions that would actually unknowingly write a phishing email. They would try unknowingly build an approach that would be greatly vulnerable. And vulnerability is not only limited, as you said, to corporate environment, in our personal environment, we are also going out and expecting to find another human being. For example, for those of us who look to find our second half a partner. And romance camps are growing and brewing because the bad guys gave AI the same problem. They said that they want to play a role of a person who's looking for romance and letting AI continue that romance. The bad guys are setting expectations, they are playing AI as much as they're playing the individuals. And the stories become extremely complex, they becoming extremely believable and ability to generate falsified documentation. For them to build this story or the victim using AI, it's just going to the next level where in most cases even examining conversations, communications, it's not obvious to experts to see if this is a real person looking for romance or if this is an AI driven scam and ultimately it will open up. But at that time the individual who is targeted would be already potentially compromised, exploited, or much further in the scheme based on human attachment, based on AI driven decisions that otherwise would not be made. So unfortunately we are being bombarded by many AI components in the hands of really evil people. And it's hard to tell the difference and it's not very easy to defend against it.
[09:41]
A
Thank you. And for romance scam, right? We've been seeing an increase and I know usually they target, you know, the older generation. Now let's say if someone was able to build a bond with that human through romance scam, and that individual sends X amount of money. Are there any like resources or any process where they can, you know, may possibly get their money back? Or is it kind of just like it's done and that's about it? That's nothing you can do. The money's gone.
[10:12]
B
There are good safeguards around preventing these things. I talked to some banks and credit unions and they actually have processes at local branches that set to recognize these type of activities. And they try to counsel individuals, especially older individuals who clearly making a mistake and from a side point, from a neutral point, it's sometimes visible and they try to counsel them saying, hey, do you know that you're about to do this or that it works to a certain degree. We actually trying to get better with these safeguards. The same does not apply online. And unfortunately the threat actors are getting better in guiding these individuals through necessary steps that they need to do to send money electronically, to transfer this money, to convert them to cryptocurrency, stuff like that. And this is where AI also becomes useful because the bad guys don't know how Chase bank or bank of America works, but AI would actually give them step by step instructions in order to transfer the money with right references and basic steps providing technical support from the bad guys to a victim rather than having a victim go to help desk or assistance that would be able to spot these activities.
[11:38]
A
Thank you. Yeah. Cybercriminals know how to stay hidden. Right? And they always find a way. If there's a will, there's a way. And earlier you mentioned, you know, know, cyber criminals using AI tools don't only target an organization's technology, but their business process. So they, you know, study the business, kind of get an understanding of their daily communications process in order to get in and not be detected. So Alex, how can organizations build a proactive defense against these AI driven attacks before they actually happen?
[12:09]
B
Definitely, you have to examine technology and examine your business processes to understand not only if they work efficiently, but can they be tampered with. And this is a concept that we are using technology all the time. We are looking for vulnerabilities. We are saying, hey, what if somebody does this or that? And in our business processes, especially those that are being influenced by third parties, by customers, by partners, we don't always ask these questions. So in many cases we are actually seeing that to defend something we need to put necessary safeguards, understand that the person or AI on the other side can be incredibly sophisticated. We need to keep our face, we need to do great customer support and customer service, but at the same time These basic safeguards are necessary and we got used to going through several different steps. When we are connecting to third party services we may be ask on the personal level, ask for Marzo's maiden name or additional information, say codes and stuff like that. But in business same thing applies and building necessary safeguards and requiring those safeguards to be followed. This is absolutely critical. Even dealing with AI that is interacting with our customer service online, it's not impossible to do certain things. AI may not make as many mistakes, but AI has certain traits. AI is fast in making, rendering responses and decisions. We've seen several of our customers actually implementing hidden prompts that typically not visible to people. But AIs that read every character, every letter and every number, they may actually be reacting to this. So they put a complex math problem, for example, saying hey, what's number of PI to 20th decimal? And that's being put invisibly into a human into a problem. And in response an AI sees it and it gives a number. Well guess what? Most people I know don't know this off the top of their head and they would not be able to respond in 10 seconds. AI does. So you measure velocity, you measure response, you measure the correctness and you try to make a decision. Are you dealing with a human, you're dealing with AI. What is the intent, what is a person trying to do? Meanwhile, the most difficult thing is not to break our current processes, to affect our users, to affect the care and affect our services.
[14:56]
A
And I appreciate you mentioning, you know, organizations implementing safeguards and also, you know, investigating certain behaviors. Like if a person responds within five seconds compared to a normal time response, that's usually a sign or a flag. But let's say an organization, even if they have safeguards in place and the worst case scenario happens so they don't catch that vulnerability and an attack is successful. What are the key first steps an organization should take to respond and recover?
[15:27]
B
Well, this is as we have classic incident response. The situation is pretty much all driven by our incident response policy. So first detecting if there is something wrong, if there is an anomaly, if there are any kind of indicators of compromise that would be considered worse investig and then you go based on your investigation practices, understanding that dealing with AI may actually be more complex and more complicated in many different ways where you're not going to see immediate errors. So you look for consistency, you look for issues and follow your practices that should be built into the plan. But important thing, especially in the age of AI, is that in your incident response playbook, put in components. Consider scenarios that would be AI driven and how you would be investigating these things. Not only a basic ransomware attack or something like that, but something that would be complex, sophisticated on one side. But if you apply it in AI, it may be a breeze for cybercriminals to execute it.
[16:45]
A
Thank you. And as we know, organizations are adopting AI, whether it's to defend against AI attacks or to better help their business process and flow. But have you seen attackers go against these AI implementations and attack them? And if so, what steps can organizations take today to mitigate the risk of attacks against their AI implementations?
[17:09]
B
I think AI implementations today are more vulnerable overall to attack exploitation than most of our software solutions. AI is a great tool. It's a changer of a game that would be playing out not only in our lifetimes and things would change for the better across the board. We are at extremely early stages of this technology and we are in very unchartered territory ourselves because we are making up rules quickly and not always efficiently as we go. Think about the journey that we took over the last three to five years in adopting AI and how much of AI was within the organization really five years ago. But what it is right now is that it's a necessity to continue business. It's changing the speed, it's changing the quality, it changes everything. However, we are not following the best cybersecurity practices that we lay out for pretty much every other piece of software or hardware that we are bringing into your organization. Think about this. When I'm evaluating installation of new enterprise level software within an organization, I'm going to put a lot of different considerations, including the history of of vulnerabilities, including the history of exploitation for this particular software, how often the patches are being added, how much information would be stored in this particular software, and how it would be defended. So this is traditional software. How much of this is actually being applied to AI? And I know some organizations are thinking about this and doing this, but I can tell you that in our practice, we are seeing very few AI implementations actually undergo proper security evaluation overall, meaning that from pen testing and making sure that AI is actually not vulnerable, we do relatively little. And because this is not just a piece of software, it is a complex solution that may not live only within our enterprise, but maybe in the cloud, in many different distributed components. The data may be there and maybe it's said to be protected. But how much of a vulnerability is there? Because we are hearing more and more of the past year, year and a half of AI data Being leaked vulnerabilities through social engineering of AI leading to the breaches and AI unwillingly disclosing information to the bad guys about its configurations, about the confidential and so on, so forth. Our cybersecurity researchers have their hands full. But the same with PEN testing of AI almost non existent today. Very few organizations do this, very few organizations feel that they need it. But think about number of vulnerabilities that we're hearing about right now and how difficult, how easy it is to solicit additional information from AI. We see this unfortunately every single day and the bad guys know about this. They actually valuing those individuals in criminal organizations that can manipulate AI as most valuable resources. They are targeting AI for vulnerabilities and disclosures because they understand that this technology is less tested, less proven with age. And we unfortunately entrusting way too much to AI at this stage because this is in many cases way for us to succeed, to progress. So AI is vulnerable, your implementation of AI may be vulnerable and you should take necessary steps to defend against it. Hopefully this becomes standard, hopefully it becomes much better science like we have right now with PEN testing, red teaming and many other things. But in my view we are getting into this very slowly and not always effectively endangering our enterprises with with use of AI and AI's knowledge of our confidential information.
[21:46]
A
Alex, thank you so much for being here today and you know, emphasizing how AI is changing and fast as well and diving into the world of cybercriminals using AI attacks and how organizations can mitigate against such risk as well as stay on top of, you know, the latest vulnerabilities that CISA posts as well. So Alex, thank you for being here today listeners, thank you for tuning in. Please keep the conversation going in our RSAC membership platform by visiting onersac.com membership and be sure to check onersac for new content posted year round. Finally, don't forget to register for RSAC 2026 conference by visiting RSAConference.com USA. Thank you all until next time.