“This Whisper Report address the question regarding the best practices for integrating AI and ML into our security Systems. It highlights how leaders emphasize protecting PII, using selective data movement, optimizing hardware, choosing the right models, and knowing when AI should not be applied. Insights come from LVT’s Steve Lindsey, Safr’s John Cassise, 360 Privacy’s Trinity Davis, Intel’s Mike Nielsen, RightCrowd’s Jason Bohrer, Bioconnect’s Edsel Shreve, Vaidio’s Marshall Tyler, and Databuoy’s Kathleen Griggs. “
“This Whisper Report investigates how Gen AI will reshape enterprise finance operations. Researched on‑site at Money 20/20 USA 2025 in Las Vegas, it examines how financial operations are evolving under accelerating automation and intelligence. The report highlights perspectives from AutoRek’s Nicholas Botha, Veratad’s Thomas Canfarotta, Globant’s Erin StillWell, Oracle’s James Calise, Zoominfo’s Brandon Tucker, localpayment’s Ezequiel Israel, and IPQS’ Shea Craft.”
Published to clients: February 24, 2026 ID: TBW2115
Published to Whisper Club: February 24, 2026
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract:
“This Whisper Report investigates how will AI change warehouse architecture. Researched at the Retail, Supply Chain and Logistics Expo in Las Vegas, it highlights how AI boosts worker guidance, accelerates operations, improves predictive decisions, and reshapes automation across physical and digital systems. It also stresses fragmented tech stacks and future robot‑centric warehouse design. Quoted: Steve Harris (Warehouse Craft), Priya Katyal (PGS360), Petros Dertsakyan (oloround), Rodrigo Hernandez (Bazarup), Sean Elmurib (Backops AI), Naushad Ahmed (MetaOption), Ingo Pietruska (Lufthansa).”
Published to clients: February 17, 2026 ID: TBW2086
Published to Whisper Club: February 17, 2026
Analyst(s): Dr. Doreen Galli
Abstract:
“This Whisper Report investigates how AI and behavioral analytics enhances identity security. It highlights how organizations manage identity scale and emerging threats using behavioral baselines, anomaly detection, and contextual risk scoring. Researched at Identiverse held in Las Vegas, it incorporates quoted insights from Lumos’ Janani Nagarajan, GitGuardian’s Dwayne McDaniel, CyberSolve’s Ankush Kappor, Oasis’ Guy Feinberg, Simeio’s Octabio Lopez, Clarity Security’s James Davidson, Cubeless’ Treb Ryan, Apono’s Ofir Stein, Keeper Security’s Craig Lurey, Imprivata’s Diron Chain, and Panini’s Jim Harris.”
Published to clients: February 10, 2026 ID: TBW2099
Published to Whisper Club: February 10, 2026
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
ABSTRACT
“This Whisper Report explores how CTOs should rethink organizational design in the world with Generative AI. Generative AI introduces structural shifts that accelerate delivery and reshape skills, workflows, and talent strategy. The research was conducted at HR Tech in Las Vegas. It highlights how agile cycles, cross‑functional skills, and HR collaboration strengthen organizational resilience.Quotes come from leaders at RChilli, Darwinbox, FitFirst, Fountain, FranklinCovey, Eightfold AI, Gem, and Aptia USA.”
Published to Whisper Club: January 27, 2026 ID: TBW2095
Analyst(s): Dr. Doreen Gal
Photojournalist(s): Dr. Doreen Galli
Abstract:
This Whisper Report investigates how will drones change enterprise data strategy. It draws on insights gathered at the Commercial UAV Expo 2025 in Las Vegas, where UAV experts described the growing data volume, multi‑use potential, and rising compliance pressures shaping enterprise architectures. The report highlights strategic alignment, cross‑industry collaboration, and the challenge of converting drone data into actionable insights. It cites Barry Paul (Blue Nose Drones), Jason San Souci (Drone Ops USA), Kevin Teen (Aloft), Bill Reynolds (Central UAS Technologies), and Vik Chaudhry (Buzz Solutions).
This Whisper Report investigates the biggest packaging tech blind spot for CIOs. It draws on urgent insights gathered from Pack Expo Vegas 2025, where operations engineers and technology professionals shared firsthand perspectives. From overlooked IT involvement to cultural gaps with OT teams, the findings expose critical challenges in data use and collaboration. Discover why these blind spots persist—and what steps can transform them into competitive advantages. Featuring insights from Mike DeGrace (Universal Robots), Rich Parkhurst (KUKA), Aaron Silverberg (Flexible Vision), Chris King (Unitronics), Mike Wolf (Signode), and Brandon Winer (Cognex).
Whisper Report:Can AI defend against AI-powered attacks?
Published to insiders: January 13, 2026 ID: TBW2091
Published to Whisper Club: January 14, 2026
Published to Email Whispers: April 20, 2026
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract
“This Whisper Report explores the evolving cybersecurity landscape where AI defends against AI-powered attacks. Drawing insights from Black Hat USA 2025, it outlines four foundational dimensions of AI defense—from scaling and automation to ethical oversight and model diversity—within the context of an escalating AI vs AI arms race. The report emphasizes strategic adaptation, human involvement, and the limitations of current technologies in this rapidly advancing domain. The analysis incorporates perspectives from leading experts and organizations featured at Black Hat USA 2025, including Elastic Security’s James Spiteri, Safe Security’s Saket Bajoria, Cymulate’s Avihai Ben Yossef, Exaforce’s Ariful Huz, Dune Security’s David DellaPelle, Netarx’s Sandy Kronenberg, Cyber Innovate’s Brian Mehlman, Checkmarx’s Jonathan Rende, and Microsoft’s Thomas Roccia.”
Target Audience Titles:
Chief Information Security Officer, Chief Technology Officer, Chief Digital Officer, Chief Information Officer
Chief Product Officer, Chief Experience Officer
IAM engineers, Security Architects, DevSecOps Engineers, IT Ops Managers, Application Security Architects, AI security specialists, Cyber Risk analysis
Key Takeaways
AI vs AI defines today’s threat landscape, requiring defenders to match attacker sophistication.
Attack volume and complexity are rising, demanding scalable, automated responses.
Multiple AI models are essential, as no single model can cover all threats.
Human oversight is vital, ensuring ethical use and contextual accuracy.
AI boosts efficiency, freeing experts from repetitive tasks.
Limitations remain, and defences must evolve with emerging threats.
We took the most frequently asked and most urgent technology questions straight to the Cybersecurity professionals gathering at Black Hat USA 2025 held in Las Vegas. This Whisper Report addresses the question if AI can defend against AI-powered attacks?
In the event it is not obvious yet, one must understand that the new battlefield in cybersecurity is AI vs AI. As Elastic Security’s James Spiteri shared, “I absolutely think AI can fight AI. We’re seeing this today. Uh there’s been a lot of investment in both AI offensive techniques as well as AI defensive techniques. You know, we’re on the defensive side of the house. So we’ve done a ton of research into how effective it actually is and it doesn’t work.” Safe Security’s Saket Bajoria couldn’t agree more. “The only way to combat that is through AI and the attacks is going to be between AI and AI. Humans are just going to be watching it right. So, so the sooner we accept the fact that it’s AI against AI and we do we do watch it ethically and all that like we are ready for that otherwise the more we deny that the more we’ll get impacted.” Or to quote a very famous Classic sci-fi superintelligence named the Borg, “resistance is futile.” Then again, its just an evolution of the traditional cat and mouse game within cybersecurity. As Cymulate’s Avihai Ben Yossef maintained, “I think AI powered attacks can also be protected by AI and vice versa. I think AI powered defense can also not be protected by AI powered attacks. It’s still an ongoing chase that will happen with AI. It happened before AI. It’s going to happen now with AI. The ongoing chase will keep on happening even in the AI world.”
Considering AI will be a required part of the solution for the AI vs AI battle, it is valuable to consider how AI will be leveraged. Exaforce’s Ariful Huz affirmed, “AI can help defend against AI based attacks because mostly from the volume of attacks that we’re going to start seeing because people are going to be leveraging AI to do all kinds of things and the barrier to entry to actually performing these types of attacks is going to be much lower. So you’re going to see a larger volume and that means you need a way you need machines to be able to detect, investigate and respond to these types of attacks because humans are not going to be able to keep up with them.” Coming from a similar angle, Dune Security’s David DellaPelle elaborated, “I think when you think about AI, there’s kind of two elements. There’s the quantity of attack and the quality of attack lead to to breach, right? It’s incredibly important for security companies and security organizations to have really foundational AI models that can help meet the scale right the increased quantity of attacks that are coming from AP groups like scattered spider as well as the quality of attacks.”
Understanding it will ultimately a battle of AI vs AI and AI is necessary to handle the quality and quantity of attacks, it is valuable to understand you will be leveraging multiple models. For anyone who has created AI products, this is common knowledge. The expression is any given model may fail but the product or the solution cannot. Netarx’s Sandy Kronenberg dove into this critical aspect. “AI can defend against AI attacks, but only if we’re using a multitude of AI inference models from many many different sources with which to defend against AI attacks. Social engineering that’s AI powered fraud as an example can only be defeated if you’re using inference models from every single source of metadata and or voice and video inference models. It’s a hard way to it’s very complicated.”
One always present question when it comes to AI is the line between automation – particularly with agents – and maintaining the human in the loop. Cyber Innovate’s Brain Mehlman and his AI Agent Ralph raises one very valuable question, “What is the AI powered attack? Am I doing AI where I’m actually poking into a system brute force or is actually an AI in the system doing something rogue?” Regardless of the scenario, Brain and his AI Agent Ralph went on further to explain, “You still need human oversight. You still need to understand the context. And you have to remember that an AI defending system can have its own blind spots and yes, AI can be a powerful tool for defense, but it’s part of a bigger strategy and it’s all about using it wisely and understanding that it’s a constantly evolving game.” This was best summarized by Microsoft’s Thomas Roccia, “there is no silver bullet. It’s all about building the right AI system to assist you. you and make sure that the result of an AI is accurate enough for your investigation.” In addition to accurate, we will also hope the AI solution is transparent enough that it obtains and maintains trust amongst its human users.
As discussed many times during our coverage of the media industry, AI has two strengths. It eliminates tedious and mundane tasks from humans and allows them to focus on the other parts. Same can be said for AI in cybersecurity. As Checkmarx’s Jonathan Rende observed, “eliminating mundane toil like repetitive error prone human tasks that we can just take away and allow the experts with their hand on the wheel to actually better use their time in more valuable activities.” Of course this automation doesn’t just benefit the White Hats or those trying to defend people and organizations. Jonathan went on to further explain, “ AI raises the bar both for attackers, but it raises the bar for defenders as well. So, both have to make use of this.”
Cyber Innovate’s Brain Mehlman and his AI Agent summed it up. “So from our perspective, the short answer is yes. AI can defend against AI powered attacks, but with some caveats. Essentially, it’s a kind of arms race. The same technology that can be used to launch AI driven attacks can also be used to build defenses. So we’re seeing AI being used to detect patterns, to automate responses, and to kind of keep up with the speed and scale of AI driven threats. But the nuance here is that it’s not a silver bullet. It’s not like you can just drop in AI and it will perfectly defend against everything.” As Microsoft’s Thomas Roccia reminded us all, it is an evolving landscape. “We are probably not there yet. I think we are started to see some interesting attack with AI such as malware which will embed some LLM prompt and some automatic generation of command inside the bridge the infected machines. I think it’s still the beginning.” And so the game of cat and moues of cybersecurity continues now including AI vs AI.
“This Whisper Report investigates the next data breach our industry isn’t ready to handle. It captures urgent insights from Put Data First revealing how emerging threats are reshaping risk landscapes. These include AI pipeline compromises, indirect prompt injections, company chat exfiltration, and deep fake-driven social engineering. Expert perspectives explain why traditional defenses fail. The report urges proactive strategies to secure data integrity across every stage of AI-driven operations before vulnerabilities escalate.”
Target Audience Titles:
Chief Executive Officer, Chief Information Officer, Chief Technology Officer, Chief Data Officer, Chief Security Officer, Head of Data Strategy, Head of Information Security
Director of Cybersecurity, Director of AI Operations, Director of Risk Management, Director Data Governance Manager, Enterprise Architect
Data Scientist, Machine Learning Engineer, Cybersecurity Analyst, AI Operations Specialist, Risk Analyst, Cloud Security Engineer, Threat Intelligence Analyst
Key Takeaways:
AI pipelines are vulnerable at every stage, requiring continuous protection of training data and outputs.
Indirect prompt injections can manipulate AI agents through unvalidated web content, creating hidden security risks.
Company AI chat data is a high-value target for exfiltration, exposing sensitive organizational insights.
Deep fakes amplify social engineering attacks, eroding trust and enabling data breaches through deception.
We took the most frequently asked and most urgent technology questions straight to the data and AI experts gathering at the Put Data First’s Inaugural event held at Planet Hollywood in Las Vegas. This Whisper Report addresses the question regarding the biggest AI risk no one in your organization is talking about as depicted in Figure 1.
Figure 1. Prepare NOW for these Four Data Breaches
Our first area to defend, was suggested by SafeBreach’s Hudney Piquant. “The AI pipeline I like to call it. It’s the pipeline of the data that you are the training data that you have and then your prompting that you’re doing and then the output like those three things I believe that that’s going to be the biggest breach that the adversaries will be looking at because if you’re able to really manipulate those things it’s going to affect the pipeline from a scalability perspective.” Hudney raises an important point that data needs to be always protected, every step of the way on its journey. For more research on how to protect data during execution see Industry Whispers: Public is Private -Confidential Computing in the Cloud.
The next attack vector, brought by Mend.io’s Amit Chita, is subtle and exploits GenAI. “Indirect prompt injections. All the web contains websites. We take AI agents, we connect them to get information from these websites, but we don’t validate that it that this website doesn’t contain prompt injections within them. and they can manipulate our agents as they surf through the web. I think this is going to be one of the major issues that we’re going to deal with in the next coming weeks.” One may want to be careful where you let your agents roam!
Our third attack vector is an insider and SaaS risk with significant exposure potential, highlighted by AnswerRocket’s Shanti Greene. “Exfiltrating company AI chats. So, the organizers like Open AI have done a good job of giving you a sandbox for your company to work within and they’re not training on your data. But being able to exfiltrate a company’s specific use and see what they’re prompting with could be interesting. There’s probably some interesting gold in that data.”
Our final area of concern may not be a direct data breach but rather is a tool frequently leveraged to breach data and trust and is brought to us by The Agentic Manager’s Neil W. Smith. “The implications of deep fakes. We’re already used to AI being used for fishing expeditions, for extracting information from our databases. But what we don’t realize as humans is that we trust other humans to play by the rules more often than not. However, with deep fakes, both voice fakes, visual fakes, and context fakes, I think more and more humans are going to be fooled by the efficacy of deep fakes.” And the more humans that are fooled, the more systems can be compromised. Despite how widely discussed this topic is, deep fakes remain underestimated for their use in fraud and as a social engineering threat.
Published to clients: December 30, 2025 ID: TBW2114
Published to Readers: December 31, 2025
Whisper Email Release:
Public/Video Release:
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract
“This Whisper Report investigates the biggest supply chain risk CIOs ignore. It captures urgent insights from Retail, Supply Chain, and Logistics Expo revealing how external shocks, demand disconnects, and fragmented systems quietly erode resilience. Industry leaders share candid perspectives on tariffs, inventory pitfalls, and costly tech missteps—issues that can derail growth overnight. If you think your supply chain strategy is future-proof, this report may challenge everything you assume about stability.”
