The Attacks Getting Through Your Filters (and How AI Is Scaling Social Engineering)

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/2c/75/10/2c751067-115e-8f9c-e3c0-37b520066400/mza_12906314327932823493.jpg/600x600bb.jpg

All Things Human Risk Management

Hoxhunt

10 episodes

5 days ago

All Things Human Risk Management is the essential podcast for cybersecurity professionals seeking to strengthen their organization's human defenses. Get actionable insights on emerging threats, behavioral science, and data-driven training techniques to transform your employees from your biggest risk into your strongest defense.

Technology

RSS

All content for All Things Human Risk Management is the property of Hoxhunt and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/43323265/43323265-1742826811416-7e0944dae7173.jpg

The Attacks Getting Through Your Filters (and How AI Is Scaling Social Engineering)

All Things Human Risk Management

37 minutes 40 seconds

3 weeks ago

The Attacks Getting Through Your Filters (and How AI Is Scaling Social Engineering)

Episode #10

Email security filters have never been better... and yet attackers are still getting through.

In this episode, host Eliot is joined by Petri Kuivala
(CISO advisor) and David Badanes (Human Risk Management advisor) to break down what actually makes it past modern defenses, based on analysis of 400,000 real attacks reported by users - not simulations, not theory.

They unpack how generative AI didn’t invent new attack types, but dramatically scaled social engineering, why perfect grammar is now a warning sign, how MFA is being bypassed via session hijacking, and why humans remain one of the most effective detection layers when systems fall short.

What you’ll learn in this episode:

Why phishing emails still get through secure email gateways and which attacks filters miss most often
How AI is scaling social engineering through volume, personalization, and speed (not magic)
Why “better language” and polished branding can now be stronger phishing signals
How attackers bypass MFA using attacker-in-the-middle tooling and stolen session tokens
Why QR codes, voicemail (vishing), and non-email channels are becoming more effective
Real-world examples of deepfake voice and impersonation attacks — and where the risk is heading
What 400,000 real attacks reveal about human detection versus automated controls
Why good training works — and how reporting behavior changes the economics of attacks
What security teams should focus on when filters, MFA, and signatures aren’t enough

Timestamps:

(00:00) Why do phishing emails still get through secure email filters?

(03:20) What do real-world phishing attacks actually look like today?

(06:40) How is AI changing phishing and social engineering attacks?

(10:10) How can you spot AI-written phishing emails?

(13:30) How do attackers bypass MFA and steal session tokens?

(17:40) What is quishing, and why do QR code attacks work?

(19:20) How does vishing work and why are voice phishing attacks increasing?

(21:10) How are deepfakes used in real cyber attacks?

(25:40) Can humans really detect phishing better than security tools?

(29:10) Does security awareness training actually work against modern phishing?

(33:00) What does the future of AI-driven spear phishing look like?

Resources:

Threat Intelligence Report 2025: Tactics, Trends & Risks: https://hoxhunt.com/guide/threat-intelligence-report

Host links:

Eliot Baker: ⁠https://fi.linkedin.com/in/eliotebaker⁠
David Badanes: ⁠https://www.linkedin.com/in/dbadanes
Petri Kuivala: https://www.linkedin.com/in/petrikuivala

****

All Things Human Risk Management is a Hoxhunt Original Podcast.

⁠⁠⁠⁠⁠⁠⁠Hoxhunt⁠⁠⁠⁠⁠⁠⁠⁠ is the Human Risk Management platform that goes beyond security awareness to drive behavior change and measurably lower risk.

Data breaches start with people, so Hoxhunt does too. It combines AI and behavioral science to create individualized micro-training experiences people love.

Hoxhunt works with leading global companies such as Airbus, IGT, DocuSign, Nokia, AES, Avanade, and Kärcher and partners with leading global cybersecurity companies such as Microsoft and Deloitte.