The silence of the business boardroom is being obliterated by a new type of intruder, who talks with the voice of the CEO, walks with the mannerisms of the Chairman, and has the authority of the Board, but is just an empty digital space. The world of Indian businesses has passed to a rough new phase when Artificial Intelligence is not only a tool to increase productivity, but a high-tech weapon of deception.
This report is a high level study of more than 3,000 organizations throughout the world, which shows an alarming fact to India: 65 percent of Indian organizations have already been affected by the attacks perpetrated by deepfakes. It is not a some-day caution of what could occur, this is an ongoing, active emergency that is redefining the idea of digital trust.
The Human Mask of the Machine Malice
Cybersecurity has long been concerned with firewalls and antivirus software- preventing entry of the bad code. But deepfakes amount to a social violation. They attack the human intuition which the traditional software fails to protect.
When a video call is made by a person who is described as a CFO of an accounts department asking an employee to make an off-book transfer, which is a matter of urgency, the urge is to do so. The accent is correct, the backdrop is not new, and the urgency is evident. This is precisely what happened to a UK engineering company that has been ripped off 25 million dollars recently and Thales is warning that Indian companies are now on the hunt list.
In India, more than half of the organizations have already recorded high reputational damages caused by AI-generated misinformation or impersonation campaigns. The Deepfake Threat has transitioned into the sci-fi realm of fraudulent investment guidance that involves leaders of major stock exchanges to manipulated audio recordings of controlling chiefs of boardroom to something that is a daily running risk.
Read also: Pentagon threatens Anthropic in a dispute
AI: The New “Insider” Threat
The change in the process of integrating AI into businesses is perhaps the most chilling discovery of the Thales report. Indian firms are giving these tools free-range and unsupervised access as they scramble to implement the so-called Agentic AI, systems capable of autonomously making decisions, booking meetings, or accessing databases.
According to Ankur Kanaglekar, the Vice President of Thales India, AI is frequently granted more rights and less restrictions than a human worker. In case of weak identity governance or encryption frameworks, he points out, AI can magnify the weaknesses in corporate grounds many times faster than a human being had ever been capable of doing.
In essence, companies are welcoming someone into their cyber house who they believe has been their close ally and have not even bothered to evaluate whether the ally has a backdoor that could open up to attackers. This is made worse by an enormous visibility gap: a third of Indian organizations are in reality not sure at all where all their sensitive data is being kept. When you are not aware of the whereabouts of the gold, then you have no way of protecting it against a thief who appears like the bank manager.
Read also: AI Tsunami Is Coming, Says Anthropic CEO Dario Amodei
Credential Crisis in the Cloud
Although deepfakes offer the disguise, the real theft can be based on old-fashioned methods enhanced with AI. Credential theft has been the most common method used to compromise cloud infrastructure in India as it has been reported by 68 percent of victims.
Attackers are now using AI to:
- Scale Phishing: Writing thousands of targeted individualized emails, which evade the spam filters of the past.
- Voice Cloning: With only three seconds of audio data of a LinkedIn video, it was possible to produce a voice clone of a vishing (voice phishing) attack.
- Automate Exploitation: With just one set of credentials, AI bots can explore the internal network of the company and locate any unencrypted data in a matter of seconds and steal it before a human security officer is even notified.
