AI vs. AI: Chubarov on Defending Against Intelligent Threats

Cybersecurity consultant Sergey Chubarov says that fighting AI threats requires using AI. He presented this idea during a June 17 talk on defending against intelligent threats. Chubarov explains that generative AI is "cheap, multilingual, and tireless." This means attackers are moving faster, but defenders still need to focus on visibility, identity, data governance, and response. He notes that enterprises are releasing AI features quicker than security teams can review them. The consultant highlighted four shifts: speed, scale, believability, and new attack surfaces. Reconnaissance can now happen in minutes, and one attacker can run thousands of personalized campaigns. Grammar and voice are no longer reliable warning signs, and an organization's own AI systems can become targets. Chubarov detailed the attacker's AI playbook, which includes using large language models to create target dossiers and generating personalized spear-phishing messages. Attackers can also deploy voice or video deepfakes, use AI to obfuscate malware, and hide prompt-injection content in documents and emails. He stressed that voice and video are becoming untrusted channels. Attackers can reuse voice samples to impersonate a target, leading to deepfake finance scams and voice-clone attacks against IT help desks. For defenders, Chubarov suggests liveness checks and code words for high-trust calls. The bottom line is that trust decisions can no longer rely solely on what people see or hear in normal business workflows.