Published to clients: September 9, 2025 ID: TBW2068
Published to Readers: September 10, 2025
Published to Email Whispers: TBD
Published Publicly with Video: TBD
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract:
“Trust in fintech isn’t just about compliance—it’s a multi-dimensional strategy. This report explores how transparency, privacy, and strong identity verification shape consumer confidence. Insights from Fintech Meetup 2025 reveal how leading firms are navigating open banking, fraud prevention, and data ethics to earn and retain trust. If trust is your brand’s currency, this report is your blueprint. “
“This report dives into the evolving role of generative AI in logistics, revealing how it’s reshaping visibility, communication, and adaptability across global supply chains. From forecasting weather impacts to managing labor shortages and customer-driven changes, the research explores both the promise and the limitations of AI. It also introduces a provocative challenge: should supply chains adopt disruption modeling, just as IT uses threat modeling?”
Whisper Report:What’s the biggest cybersecurity myth in 2025?
Published to clients: August 19, 2025 ID: TBW2090
Published to Readers: August 20, 2025
Whisper Email Release: TBD
Public and Video Release: TBD
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract:
This Whisper Report identifies eight persistent cybersecurity myths in 2025, from the belief that threats can be fully stopped to misconceptions about AI’s role in security. Experts from Black Hat USA 2025 clarify that resilience, strategic investment, adaptive training, and human oversight remain essential. AI is powerful but not a plug-and-play solution, nor a replacement for human judgment. Understanding these myths helps organizations build more realistic, effective cybersecurity strategies.
We took the most frequently asked and most urgent technology questions straight to the Cybersecurity professionals gathering at Black Hat USA 2025 held in Las Vegas. This Whisper Report addresses the question regarding what’s the biggest cybersecurity myths in 2025? Figure 1 displays the eight cybersecurity myths we uncovered we will now discuss.
MYTH 1: We can Stop all Threats
The first myth comes from Trustmi’s Corey Sienko and is that “we can stop every single threat from entering the organization” This may come as a surprise to some executives particularly those outside of cybersecurity but the expression used is always when not if you have an incident. No Need to fret, Trustmi’s Corey Sienko continues. “It’s about how do we respond to those threats and make sure that we protect the organization from losing valuable information and cards.” I believe all appreciate that clarification. Cybersecurity involves defense but it is also a game all about preparation for when and resiliency after. This topic is further discussed in Conference Whispers: Black Hat USA 2025.
Cymulate’s Avihai Ben Yossef brings us myth number two, “The more money you spend on cyber security the more protected you are.” Ben goes on further to explain. “I think in order to really be protected in cyber security from cyber attacks is by actually knowing what you need to do in order to make sure you are protected and when once you know that you don’t need to spend too much money you need to spend you know a very focused amount of money in what matters most.” If you are surprised by this, you really need to book an inquiry with TBW Advisors so we can help you review your cybersecurity strategy. Additional research regarding critical observations on cybersecurity spend can be found in the keynote covered within Conference Whispers: Identiverse 2024.
Cybersecurity Myth number three comes to use from Dune Security’s David DellaPelle. “Security awareness training is improving readiness and reducing risk. Security awareness training is dead.” Intrigued? Let’s hear more from David. “Security awareness training as it exists today, meaning legacy security awareness training technologies are not effective at reducing risk and create friction and an adversarial relationship between the security organization and the end users. The problem is if you think about a doctor who is looking to solve a patient’s problem, the first thing they would do is take in a lot of data and run tests to exclude the possibilities. They quantify the risk before they prescribe a medicine or a surgery. And so if there’s a security awareness training solution that doesn’t automatically provide uh user adaptation, it’s uh it’s kind of falling flat on its face. Every piece of security control or adaptation should be relevant to the individual user’s risk profile and that training or that security measure should be applied automatically based on the risk profile.” Training employees only on what that specific employee personally need to get better at? Sounds optimized.
Bringing us cybersecurity Myth 4 is StrikeReady’s Alex Lanstein. “AI is going to replace humans.” Alex further clarifi:ed, “AI is always going to augment humans. Anybody who’s ever leveraged any AI system, any generative AI system. You see that it makes mistakes. Sometimes those mistakes are obvious, sometimes they’re subtle. And no one is ever going to turn anything over to an AI when it’s making such obvious or subtle mistakes without a human in the loop.” Or as Elastic Security’s James Spiteri further explained, “we’re thinking about this fully autonomous security operations team. I don’t think that’s going to happen. I don’t think even think it’s the right approach to think about these things. AI and agents are phenomenal, but they are the perfect compliment to humans. They’re not they’re not there to replace humans. They’re there to make humans lives better. eliminate the stuff that humans don’t want to do and let humans do the fun things like make people excited about wanting to work in cyber and that’s what the AI is allowing us to do.”
of my agents, and his name is Ralph. Ralph, can you answer the question as you see it in our world view? What’s the biggest cyber security myth here in 2025? Absolutely, Brian. Happy to jump in here. So, from our perspective, the biggest cyber security myth of 2025 is probably the idea that AI is just a plug-and-play solution, that it’s kind of a one-size fits-all magic bullet.” Ralph and Brian went on to further explain, “In reality, the myth is that AI will handle everything securely on its own. But the truth is it needs a lot of oversight, a lot of transparency, and people often underestimate the complexity inside the machine. So that’s the big myth that AI is just simple and straightforward when really it’s a lot more nuanced. And that’s my take. Uh I would add my answer. I would extend onto yours is I agree, but um I’m used to systems that have access controls, authentication controls, and audit. Uh inside the black box, we don’t have any of them. Once I log in and I authenticate, it’s a wild wild west. That has to change. Immutable logs within the system is probably something that’s going to happen at some point. Uh or some other unique uh solutions to the problem.”
Interestingly, Ariful Huq from Exaforce observed a similar concern. “Trying to build an LLM wrapper is what I call it without really understanding the data related to the problems that you’re trying to solve. LLMS can only get you so far, right? They are large language models and summarization and contextualization but at the end of the day if you want to solve problems related to say detections investigations LLMS can only get you so far right you really need to go back to the data go back to the fundamentals and then layer on a large language model on top of it to solve some of the problems that around like you know summarization um you know building agent workflows.” In other words, solutions are custom crafted – NOT plug and play.
Checkmarx’s Jonathan Rende brings us Myth 6, “AI generates secure code.” That myth should grab the attention all organizations leveraging coding agents to quickly advance their product. Jonathon continues, “It doesn’t. It doesn’t. And it will probably get better over time. And will it do a better job than a junior developer in simple mistakes that can cause vulnerabilities? Heck yeah, of course it will. But for the more complex issues, it’s not there yet. AI is not there yet.”
Let’s hear Myth 7 from Booli’s Joe Schorr, “the biggest cyber security uh myth is that AI is actually going to solve everything.” Joe went on to further explain, “I think if you judiciously apply AI, machine learning and very discreet task and things, it’s fantastic. I think it’s being overblown quite a bit right up at the myth level. I think that if you treat it like we treat it in Booli, we’ve got AI built in, but we don’t publish it all over everything we’ve got, but we treat it kind of like an idiot savant. It’s it does one to ask really well or does a discrete set to ask really well. It may not actually behave well in church, but you can get it to do what you want for something very very specific, which is how we do it. I think the myth is that AI is going to solve everybody’s problems.” Brian Sledge of imPAC also believes that AI will solve everything is a myth. “I think AIis best positioned more like a forcemultiplier, but I don’t think it solvesthe problems, the core problems of cybersecurity today. Um cyber security stillrequires context. It requirespolicy driven control and those thingsstill require human in the loop. And Ithink the best way to leverage AI isn’t so much in solving for cyber security,but it’s more for helping multiply andscale out what humans still need andwe’re required to do. So I don’t think Idon’t think customers should sleep onthe idea that humans still need to be very much engaged as part of cyber security. Because cyber security AIis only as good as the algorithms andthe models and the data it’s getting.” Thus believing in 2025 AI will solve everything is a stretch but will it solve something?
Microsoft’s Thomas Roccia brings us Myth 8. “right now I think most people in in the industry in the security industry doesn’t yet believe in this technology (AI) and that’s maybe one of the one of the myths that AI will not really solve issue in cyber security. We have and I think that’s a mistake it’s probably something which is changing the way we are doing and all the past work that we did for the past 20 or 30 years uh is going to be changing and evolving thanks or because to AI so that’s something to consider.” Thus, while it may not solve everything today, it is changing how the industry works and what it is fighting against.
*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.
“Effective strategies for securing customer data include encryption at rest, in transit, and during compute; cautious AI adoption; and strict access controls. Removing or masking personally identifiable information (PII) and training staff on cybersecurity best practices are essential. Legal compliance, intellectual property protection, and customer trust drive the need for robust privacy measures in customer interactions.”
We took the most frequently asked and most urgent technology questions straight to the technologists gathering at Customer Connect Expo 2025 held at the Las Vegas Convention Center. This Whisper Report addresses the question regarding What are the most effective strategies for ensuring data security and privacy in customer interactions? There are two reasons security and privacy are critical in this space. As Ford’s Dr. Kalifa Oliver pointed out, “to first really understand the laws..” In fact, all governance program definitions start with legal requirements, then industry regulations and requirements, then internal privacy promises made to customers. The second critical reasons for ensuring data security and privacy as Claritiv’s Sean Gigremoss reminds us, “your knowledge for your business comes from all the conversations that you’re having – that is your IP (intellectual property).”
Figure 1. Four Pillars of Customer Data Protection
As Macy’s Siva Kannan Ganesan pointed out, “all those regulation and implementing an regulation it’s a multi-step approach like data and motion data at rest should be encrypted and you have to make sure it’s like the access strict access control and frequent evaluation of the data breach.” With security depth is always valuable. TBW Advisors LLC advises clients to not only use encryption at rest and in transit, but to leverage protections during compute leveraging Confidential Computing. For additional research, enjoy Industry Whispers: Public is Privacy – Confidential Computing in the Cloud available on TBW Advisors YouTube Channel.
TBW Advisors has frequently warned if you are not being charged for the product, you are the product. If you are the product, you should assume you do not have privacy. Today with many of the advanced AI products, even lower tier paid products do not get privacy; rather they are being used to further train the product. As Ford’s Dr. Kalifa Oliver observed, “you really got to start asking organizations that have AI technologies about their Blackbox about how the data is being trained. You have to ask them about data breaches you have to be conservative about how you implement things because I think the law is going to catch up and the hardest thing to do is trying to go back and fix it.”
One critical step to ensure privacy is to not send PII or personally identifiable information to tools. Enthu.ai’s Atul Grover denoted, “we also ensure that we deduct the PI information we deduct almost 16 kind of PIs including social security data birth credit card information …. we do that in the recording as well as all the analytics.” While removing the information is a common practice, masking data is also quite common. As Mitrol’s Pedro Lopez Slevin shared, “our banks for example you will probably have on premise data servers. Everything will be with TLS 1.2 two or higher you know and create your data. We’re talking about AI, we usually do rack so you will have to process every information into embeddings and those embeddings are..unreadable if you just put it in a vector database.”
While the term Human in the Loop has gained popularity with generative AI and agentic solutions, cybersecurity has always known the human in the loop as being a critical risk factor. Thus in order to truly ensure data security and privacy, you must train those humans! Randy Simmons from FaxSipIt shared the common journey towards compliance. “we’ve gone through a HIPPA audit and we’re secure there we just finished the SOC 2 audit and we’re SOC 2 compliant so people have come in they’ve audited our system our policies they’ve come with recommendations or not and we pass the audit for the socks 2 audit so our staff all goes through cyber security training as well we go through a wiser cyber security training and then also we send phishing to our to our employees and see if they’re going to click and if they click on a link then guess what they’re doing they’re doing that training all over Again.” So remember, do not click on that link without checking the link is safe first!
“Recent advancements in decentralized identity include passwordless authentication, time-bound credentials, and dynamic identity chaining. These innovations reduce risk, improve privacy, and enhance user control. Separation of authentication from authorization enables more precise access management. One-way functions protect biometric data in cloud environments. Emerging standards like SPIFFE and CSA’s agentic identity frameworks offer scalable, interoperable solutions. Together, these developments support secure, flexible identity ecosystems without relying on centralized authorities.”
“Organizations can implement zero-trust security without disrupting user experience by prioritizing frictionless authentication, especially biometrics, and enforcing least-privilege access through dynamic policies. Understanding user context and behavior enables informed decisions that preserve continuity. Self-service access tools reduce delays, while streamlined verification processes minimize frustration. With thoughtful planning and clear communication, zero trust can enhance both security and usability, ensuring users access only what they need—when they need it—without unnecessary barriers.”
“Media companies now favor hybrid cloud workflows for flexibility, speed, and cost-efficiency. Open standards ensure interoperability, while strong security protects valuable IP. Experts stress aligning cloud use with business goals, maintaining control and visibility, and using cloud strategically—not universally—to optimize collaboration, performance, and infrastructure investment.”
Cyber-physical security, like healthcare tech, must carefully manage PII. Experts highlight privacy-preserving biometrics, user-controlled consent, and anonymous face matching. Regulatory compliance, such as GDPR, drives standardization and innovation. As laws vary by region, adaptable and consistent global system architectures are essential for scalable, secure, and compliant operations.
Public and Video Edition Released: August 11, 2025 11am
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract:
“Integrating AI customer service with existing IT systems starts by setting clear business goals. AI should enhance, not disrupt, current workflows and streamline real-time support. Every organization has unique systems, so tailored integration is essential. A major challenge is fragmented data—making robust pipelines and clean, synchronized data critical. Accurate timestamps and system compatibility across platforms are key to ensuring effective AI performance and a smooth digital transformation journey.”
Target Audience Titles:
Chief Information Officer, Chief Technology Officer, VP/Director of IT Operations, Enterprise Architects
Chief Customer Officer, VP/Director of Customer Services/Success, Contact Center Operation Managers
Solution Architects, DevOps & IT Administrators, Customer Support Agents, Data Scientists and ML Engineers
Key Takeaways
Start with clear business goals so AI enhances workflows without causing disruptions.
Tailor integration to your unique tech environment to avoid inefficiencies.
Reliable, clean, and synchronized data pipelines are essential for effective AI-driven customer service.
We took the most frequently asked and most urgent technology questions straight to the technologists gathering at Customer Connect Expo 2025 held at the Las Vegas Convention Center. This Whisper Report addresses the question regarding how can we integrate AI-driven customer service solutions with our existing IT infrastructure? As Ford’s Dr. Kalifa Oliver shared, “first we need to break down our needs and our goals and figure out which pieces of AI actually build efficiencies in our IT systems because right now there are too many systems that are fragmented.” With ALL AI projects, it is best to start with the business goal not the technology. We do not want to spend resources to integrate technology that goes unused. Furthermore, the context of the business goal helps guide engineers when they have design choices to make.
AI in Customer Service is all about optimizing and improving the customer service workflow to lead to maximum customer satisfaction. As Zaon’s Jason Kaufman shared, “using artificial intelligence tools within the organization to actually help drive and make more efficient the processes that go into place in order to support good customer service. For example, leveraging artificial intelligence to actually analyze chats real time community forums real time. Actually monitoring that (the communities) helping to gain insights about what your customers have questions about so that you can leverage the AI to actually generate the knowledge on the fly to actually provide that (information removing confusion) back to them real time as if it’s another person on that community thread.” The nonobvious challenge in achieving this solution is best described by Claritiv’s CEO Sean Gigremoss. “Everybody has workflows. Every company is unique. What tools do they use? What products do they use now? Do we need to build it?” In other words, every organization has a unique, highly mixed environment with varying degrees of maturity both in the technology itself and the organization’s ability to deploy technology.
Verse.ai’s Zac Brooksher recommends focusing on complimenting the current workflows and processing. “We can integrate AI driven customer service solutions using full funnel metrics understanding all of the conversations the timestamps the channels the appropriate team members what next steps are all integrating into existing systems and processes just to complement what the current workflows and data processing is today like.” Any technology not realizing it is complimenting an existing process will instead create process interrupts. The distinction really is a big difference.
As Claritiv’s Sean Gigremoss shared, data is everywhere! “They make it so easy for us to integrate because in the end that’s important because all the data are in this different .. disparate systems. You need information from Salesforce you need information from zoom you need information from slack you need information from your database you need information from your customer’s database so to be able to do that you need to make sure that you’re using the tools or you’re partnering with companies that help you so that you can focus on what you do best.”
But the data isn’t just everywhere, it comes from everywhere. The first obvious location was shared by Enthu.ai’s Atul Grover, “we integrate with the telephony at the dialer.” And the rest such as the web and email communications, “we ingest that using an API driven environment.” Diabolocom specializes in capturing all that occurs between the customer and the organization on mobile devices. As Diabolocom’s Benjamin Shakespeare shared, “with our mobile solution that we are about to release
the market .. So all field reps anybody who is using a cell phone today with every interaction they have on their phone our AI will then score that call transcribe it and push it directly into the CRM So any lack of compliance that you are seeing today in your organization from people that are not sitting behind a computer that will be no longer.”
Now that we understand we are complimenting the existing customer experience workflows for the benefit of the customer experience and that data is everywhere, what can we do? As Macy’s Siva Kannan Ganensan shared, “you need to make sure your data pipeline is very robust when we talk about all this AI integration data is the core so make sure the data is cleansed and always readily available ready to serve with that we’ll be able to integrate an into your existing architecture or in your organization.”
Figure 1. Compliment Workflows & Leverage Robus Data Fabric
It’s all about the data infrastructure! You need robust data pipelines as part of your data fabric to seamlessly integrate any new AI offering as depicted in Figure 1. AND you must ensure data quality. For example, data quality is paramount when dealing with timestamps of customer communications. What time zone is your organizational standard? Do your IT systems work in that time zone, and do you know what systems provide timestamps in other formats or time zones? Is that true for any and all corporate acquisitions feeding data into the system? Is the system designed to handle the variety of daylight savings time scenarios? Are all the clocks adjusted for daylight savings automatically or manually? Finally, are the timestamp clocks aligned? To the second or to the minute? It’s valuable to know if you can look at time as fact or approximation in your organization. If your organization is going through any type of digital transformation, it is critical to get the best advice available to ensure your success. Ensure your success by scheduling your inquiry with a TBW Advisors advisor before starting any critical phase of your digital transformation journey. Get the smartest advice available and leverage our firsthand experience to your advantage.
To strengthen cybersecurity in FinTech, experts emphasize a layered approach that combines technology and human awareness. Rising threats like phishing, smishing, and fraud demand not just better tools but also vigilant, well-trained employees. Embedding security scans into software development, analyzing diverse data signals, and adopting a “defense in depth” strategy are all critical. Ultimately, staying curious, asking the right questions, and embracing evolving technologies—especially AI—can help organizations stay ahead of cyber risks.
Research available only to clients at this time.
*When vendors’ names or quotes are shared as examples in this document, it is to provide a concrete example of what was on display at the conference or what we heard doing our research, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document.
