Human-centric cyber threats have long posed a serious issue for organizations. After all, humans are often the weakest link in the cybersecurity chain. Unfortunately, when artificial intelligence came into the mix, it only made these threats even more dangerous.

So, what can be done about these cyber threats now?

That’s precisely what we asked Tom Vazdar, the chair of the Enterprise Cybersecurity Master’s program at the Open Institute of Technology (OPIT), and Venicia Solomons, aka the “Cyber Queen.”

They dedicated a significant portion of their “Cyber Threat Landscape 2024: Navigating New Risks” master class to AI-powered human-centric cyber threats. So, let’s see what these two experts have to say on the topic.

Human-Centric Cyber Threats 101

Before exploring how AI impacted human-centric cyber threats, let’s go back to the basics. What are human-centric cyber threats?

As you might conclude from the name, human-centric cyber threats are cybersecurity risks that exploit human behavior or vulnerabilities (e.g., fear). Even if you haven’t heard of the term “human-centric cyber threats,” you’ve probably heard of (or even experienced) the threats themselves.

The most common of these threats are phishing attacks, which rely on deceptive emails to trick users into revealing confidential information (or clicking on malicious links). The result? Stolen credentials, ransomware infections, and general IT chaos.

How Has AI Impacted Human-Centric Cyber Threats?

AI has infiltrated virtually every cybersecurity sector. Social engineering is no different.

As mentioned, AI has made human-centric cyber threats substantially more dangerous. How? By making them difficult to spot.

In Venicia’s words, AI has allowed “a more personalized and convincing social engineering attack.”

In terms of email phishing, malicious actors use AI to write “beautifully crafted emails,” as Tom puts it. These emails contain no grammatical errors and can mimic the sender’s writing style, making them appear more legitimate and harder to identify as fraudulent.

These highly targeted AI-powered phishing emails are no longer considered “regular” phishing attacks but spear phishing emails, which are significantly more likely to fool their targets.

Unfortunately, it doesn’t stop there.

As AI technology advances, its capabilities go far beyond crafting a simple email. Venicia warns that AI-powered voice technology can even create convincing voice messages or phone calls that sound exactly like a trusted individual, such as a colleague, supervisor, or even the CEO of the company. Obey the instructions from these phone calls, and you’ll likely put your organization in harm’s way.

How to Counter AI-Powered Human-Centric Cyber Threats

Given how advanced human-centric cyber threats have gotten, one logical question arises – how can organizations counter them? Luckily, there are several ways to do this. Some rely on technology to detect and mitigate threats. However, most of them strive to correct what caused the issue in the first place – human behavior.

Enhancing Email Security Measures

The first step in countering the most common human-centric cyber threats is a given for everyone, from individuals to organizations. You must enhance your email security measures.

Tom provides a brief overview of how you can do this.

No. 1 – you need a reliable filtering solution. For Gmail users, there’s already one such solution in place.

No. 2 – organizations should take full advantage of phishing filters. Before, only spam filters existed, so this is a major upgrade in email security.

And No. 3 – you should consider implementing DMARC (Domain-based Message Authentication, Reporting, and Conformance) to prevent email spoofing and phishing attacks.

Keeping Up With System Updates

Another “technical” move you can make to counter AI-powered human-centric cyber threats is to ensure all your systems are regularly updated. Fail to keep up with software updates and patches, and you’re looking at a strong possibility of facing zero-day attacks. Zero-day attacks are particularly dangerous because they exploit vulnerabilities that are unknown to the software vendor, making them difficult to defend against.

Top of Form

Nurturing a Culture of Skepticism

The key component of the human-centric cyber threats is, in fact, humans. That’s why they should also be the key component in countering these threats.

At an organizational level, numerous steps are needed to minimize the risks of employees falling for these threats. But it all starts with what Tom refers to as a “culture of skepticism.”

Employees should constantly be suspicious of any unsolicited emails, messages, or requests for sensitive information.

They should always ask themselves – who is sending this, and why are they doing so?

This is especially important if the correspondence comes from a seemingly trusted source. As Tom puts it, “Don’t click immediately on a link that somebody sent you because you are familiar with the name.” He labels this as the “Rule No. 1” of cybersecurity awareness.

Growing the Cybersecurity Culture

The ultra-specific culture of skepticism will help create a more security-conscious workforce. But it’s far from enough to make a fundamental change in how employees perceive (and respond to) threats. For that, you need a strong cybersecurity culture.

Tom links this culture to the corporate culture. The organization’s mission, vision, statement of purpose, and values that shape the corporate culture should also be applicable to cybersecurity. Of course, this isn’t something companies can do overnight. They must grow and nurture this culture if they are to see any meaningful results.

According to Tom, it will probably take at least 18 months before these results start to show.

During this time, organizations must work on strengthening the relationships between every department, focusing on the human resources and security sectors. These two sectors should be the ones to primarily grow the cybersecurity culture within the company, as they’re well versed in the two pillars of this culture – human behavior and cybersecurity.

However, this strong interdepartmental relationship is important for another reason.

As Tom puts it, “[As humans], we cannot do anything by ourselves. But as a collective, with the help within the organization, we can.”

Staying Educated

The world of AI and cybersecurity have one thing in common – they never sleep. The only way to keep up with these ever-evolving worlds is to stay educated.

The best practice would be to gain a solid base by completing a comprehensive program, such as OPIT’s Enterprise Cybersecurity Master’s program. Then, it’s all about continuously learning about new developments, trends, and threats in AI and cybersecurity.

Conducting Regular Training

For most people, it’s not enough to just explain how human-centric cyber threats work. They must see them in action. Especially since many people believe that phishing attacks won’t happen to them or, if they do, they simply won’t fall for them. Unfortunately, neither of these are true.

Approximately 3.4 billion phishing emails are sent each day, and millions of them successfully bypass all email authentication methods. With such high figures, developing critical thinking among the employees is the No. 1 priority. After all, humans are the first line of defense against cyber threats.

But humans must be properly trained to counter these cyber threats. This training includes the organization’s security department sending fake phishing emails to employees to test their vigilance. Venicia calls employees who fall for these emails “clickers” and adds that no one wants to be a clicker. So, they do everything in their power to avoid falling for similar attacks in the future.

However, the key to successful employee training in this area also involves avoiding sending similar fake emails. If the company keeps trying to trick the employees in the same way, they’ll likely become desensitized and less likely to take real threats seriously.

So, Tom proposes including gamification in the training. This way, the training can be more engaging and interactive, encouraging employees to actively participate and learn. Interestingly, AI can be a powerful ally here, helping create realistic scenarios and personalized learning experiences based on employee responses.

Following in the Competitors’ Footsteps

When it comes to cybersecurity, it’s crucial to be proactive rather than reactive. Even if an organization hasn’t had issues with cyberattacks, it doesn’t mean it will stay this way. So, the best course of action is to monitor what competitors are doing in this field.

However, organizations shouldn’t stop with their competitors. They should also study other real-world social engineering incidents that might give them valuable insights into the tactics used by the malicious actors.

Tom advises visiting the many open-source databases reporting on these incidents and using the data to build an internal educational program. This gives organizations a chance to learn from other people’s mistakes and potentially prevent those mistakes from happening within their ecosystem.

Stay Vigilant

It’s perfectly natural for humans to feel curiosity when it comes to new information, anxiety regarding urgent-looking emails, and trust when seeing a familiar name pop up on the screen. But in the world of cybersecurity, these basic human emotions can cause a lot of trouble. That is, at least, when humans act on them.

So, organizations must work on correcting human behaviors, not suppressing basic human emotions. By doing so, they can help employees develop a more critical mindset when interacting with digital communications. The result? A cyber-aware workforce that’s well-equipped to recognize and respond to phishing attacks and other cyber threats appropriately.

Related posts

Il Sole 24 Ore: Integrating Artificial Intelligence into the Enterprise – Challenges and Opportunities for CEOs and Management
OPIT - Open Institute of Technology
OPIT - Open Institute of Technology
Apr 14, 2025 6 min read

Source:


Expert Pierluigi Casale analyzes the adoption of AI by companies, the ethical and regulatory challenges and the differentiated approach between large companies and SMEs

By Gianni Rusconi

Easier said than done: to paraphrase the well-known proverb, and to place it in the increasingly large collection of critical issues and opportunities related to artificial intelligence, the task that CEOs and management have to adequately integrate this technology into the company is indeed difficult. Pierluigi Casale, professor at OPIT (Open Institute of Technology, an academic institution founded two years ago and specialized in the field of Computer Science) and technical consultant to the European Parliament for the implementation and regulation of AI, is among those who contributed to the definition of the AI ​​Act, providing advice on aspects of safety and civil liability. His task, in short, is to ensure that the adoption of artificial intelligence (primarily within the parliamentary committees operating in Brussels) is not only efficient, but also ethical and compliant with regulations. And, obviously, his is not an easy task.

The experience gained over the last 15 years in the field of machine learning and the role played in organizations such as Europol and in leading technology companies are the requirements that Casale brings to the table to balance the needs of EU bodies with the pressure exerted by American Big Tech and to preserve an independent approach to the regulation of artificial intelligence. A technology, it is worth remembering, that implies broad and diversified knowledge, ranging from the regulatory/application spectrum to geopolitical issues, from computational limitations (common to European companies and public institutions) to the challenges related to training large-format language models.

CEOs and AI

When we specifically asked how CEOs and C-suites are “digesting” AI in terms of ethics, safety and responsibility, Casale did not shy away, framing the topic based on his own professional career. “I have noticed two trends in particular: the first concerns companies that started using artificial intelligence before the AI ​​Act and that today have the need, as well as the obligation, to adapt to the new ethical framework to be compliant and avoid sanctions; the second concerns companies, like the Italian ones, that are only now approaching this topic, often in terms of experimental and incomplete projects (the expression used literally is “proof of concept”, ed.) and without these having produced value. In this case, the ethical and regulatory component is integrated into the adoption process.”

In general, according to Casale, there is still a lot to do even from a purely regulatory perspective, due to the fact that there is not a total coherence of vision among the different countries and there is not the same speed in implementing the indications. Spain, in this regard, is setting an example, having established (with a royal decree of 8 November 2023) a dedicated “sandbox”, i.e. a regulatory experimentation space for artificial intelligence through the creation of a controlled test environment in the development and pre-marketing phase of some artificial intelligence systems, in order to verify compliance with the requirements and obligations set out in the AI ​​Act and to guide companies towards a path of regulated adoption of the technology.

Read the full article below (in Italian):

Read the article
The Lucky Future: How AI Aims to Change Everything
OPIT - Open Institute of Technology
OPIT - Open Institute of Technology
Apr 10, 2025 7 min read

There is no question that the spread of artificial intelligence (AI) is having a profound impact on nearly every aspect of our lives.

But is an AI-powered future one to be feared, or does AI offer the promise of a “lucky future.”

That “lucky future” prediction comes from Zorina Alliata, principal AI Strategist at Amazon and AI faculty member at Georgetown University and the Open Institute of Technology (OPIT), in her recent webinar “The Lucky Future: How AI Aims to Change Everything” (February 18, 2025).

However, according to Alliata, such a future depends on how the technology develops and whether strategies can be implemented to mitigate the risks.

How AI Aims to Change Everything

For many people, AI is already changing the way they work. However, more broadly, AI has profoundly impacted how we consume information.

From the curation of a social media feed and the summary answer to a search query from Gemini at the top of your Google results page to the AI-powered chatbot that resolves your customer service issues, AI has quickly and quietly infiltrated nearly every aspect of our lives in the past few years.

While there have been significant concerns recently about the possibly negative impact of AI, Alliata’s “lucky future” prediction takes these fears into account. As she detailed in her webinar, a future with AI will have to take into consideration:

  • Where we are currently with AI and future trajectories
  • The impact AI is having on the job landscape
  • Sustainability concerns and ethical dilemmas
  • The fundamental risks associated with current AI technology

According to Alliata, by addressing these risks, we can craft a future in which AI helps individuals better align their needs with potential opportunities and limitations of the new technology.

Industry Applications of AI

While AI has been in development for decades, Alliata describes a period known as the “AI winter” during which educators like herself studied AI technology, but hadn’t arrived at a point of practical applications. Contributing to this period of uncertainty were concerns over how to make AI profitable as well.

That all changed about 10-15 years ago when machine learning (ML) improved significantly. This development led to a surge in the creation of business applications for AI. Beginning with automation and robotics for repetitive tasks, the technology progressed to data analysis – taking a deep dive into data and finding not only new information but new opportunities as well.

This further developed into generative AI capable of completing creative tasks. Generative AI now produces around one billion words per day, compared to the one trillion produced by humans.

We are now at the stage where AI can complete complex tasks involving multiple steps. In her webinar, Alliata gave the example of a team creating storyboards and user pathways for a new app they wanted to develop. Using photos and rough images, they were able to use AI to generate the code for the app, saving hundreds of hours of manpower.

The next step in AI evolution is Artificial General Intelligence (AGI), an extremely autonomous level of AI that can replicate or in some cases exceed human intelligence. While the benefits of such technology may readily be obvious to some, the industry itself is divided as to not only whether this form of AI is close at hand or simply unachievable with current tools and technology, but also whether it should be developed at all.

This unpredictability, according to Alliata, represents both the excitement and the concerns about AI.

The AI Revolution and the Job Market

According to Alliata, the job market is the next area where the AI revolution can profoundly impact our lives.

To date, the AI revolution has not resulted in widespread layoffs as initially feared. Instead of making employees redundant, many jobs have evolved to allow them to work alongside AI. In fact, AI has also created new jobs such as AI prompt writer.

However, the prediction is that as AI becomes more sophisticated, it will need less human support, resulting in a greater job churn. Alliata shared statistics from various studies predicting as many as 27% of all jobs being at high risk of becoming redundant from AI and 40% of working hours being impacted by language learning models (LLMs) like Chat GPT.

Furthermore, AI may impact some roles and industries more than others. For example, one study suggests that in high-income countries, 8.5% of jobs held by women were likely to be impacted by potential automation, compared to just 3.9% of jobs held by men.

Is AI Sustainable?

While Alliata shared the many ways in which AI can potentially save businesses time and money, she also highlighted that it is an expensive technology in terms of sustainability.

Conducting AI training and processing puts a heavy strain on central processing units (CPUs), requiring a great deal of energy. According to estimates, Chat GPT 3 alone uses as much electricity per day as 121 U.S. households in an entire year. Gartner predicts that by 2030, AI could consume 3.5% of the world’s electricity.

To reduce the energy requirements, Alliata highlighted potential paths forward in terms of hardware optimization, such as more energy-efficient chips, greater use of renewable energy sources, and algorithm optimization. For example, models that can be applied to a variety of uses based on prompt engineering and parameter-efficient tuning are more energy-efficient than training models from scratch.

Risks of Using Generative AI

While Alliata is clearly an advocate for the benefits of AI, she also highlighted the risks associated with using generative AI, particularly LLMs.

  • Uncertainty – While we rely on AI for answers, we aren’t always sure that the answers provided are accurate.
  • Hallucinations – Technology designed to answer questions can make up facts when it does not know the answer.
  • Copyright – The training of LLMs often uses copyrighted data for training without permission from the creator.
  • Bias – Biased data often trains LLMs, and that bias becomes part of the LLM’s programming and production.
  • Vulnerability – Users can bypass the original functionality of an LLM and use it for a different purpose.
  • Ethical Risks – AI applications pose significant ethical risks, including the creation of deepfakes, the erosion of human creativity, and the aforementioned risks of unemployment.

Mitigating these risks relies on pillars of responsibility for using AI, including value alignment of the application, accountability, transparency, and explainability.

The last one, according to Alliata, is vital on a human level. Imagine you work for a bank using AI to assess loan applications. If a loan is denied, the explanation you give to the customer can’t simply be “Because the AI said so.” There needs to be firm and explainable data behind the reasoning.

OPIT’s Masters in Responsible Artificial Intelligence explores the risks and responsibilities inherent in AI, as well as others.

A Lucky Future

Despite the potential risks, Alliata concludes that AI presents even more opportunities and solutions in the future.

Information overload and decision fatigue are major challenges today. Imagine you want to buy a new car. You have a dozen features you desire, alongside hundreds of options, as well as thousands of websites containing the relevant information. AI can help you cut through the noise and narrow the information down to what you need based on your specific requirements.

Alliata also shared how AI is changing healthcare, allowing patients to understand their health data, make informed choices, and find healthcare professionals who meet their needs.

It is this functionality that can lead to the “lucky future.” Personalized guidance based on an analysis of vast amounts of data means that each person is more likely to make the right decision with the right information at the right time.

Read the article