Notifications
Clear all
Topic starter
27/06/2026 1:55 pm
TL;DR: Attackers are bypassing chatbot guardrails, SOC teams are using automation to ease alert fatigue, and AI is making social engineering faster and harder to detect, according to Abnormal AI. The deeper issue is that security programmes now have to govern AI-mediated deception as a live operational risk, not a future scenario.
NHIMG editorial — based on content published by Abnormal AI: Season 5 of The Convergence of AI + Cybersecurity
Questions worth separating out
Q: How should security teams govern AI chatbots that can be manipulated by attackers?
A: Security teams should treat chatbot governance as an access and workflow problem, not only a content-safety problem.
Q: Why does AI make social engineering harder to stop?
A: AI makes social engineering harder to stop because it lowers the cost of personalised deception.
Q: What should SOC teams automate without losing control?
A: SOC teams should automate repetitive enrichment, correlation, and routing, but keep decisions that change incident status, evidence integrity, or containment authority under human oversight.
Practitioner guidance
- Review chatbot-connected workflows for abuse potential Inventory where legitimate AI chatbots can reach sensitive data, tools, or internal systems, then test those paths for prompt manipulation, context leakage, and unintended action escalation.
- Define strict automation boundaries in the SOC Separate low-risk enrichment from actions that suppress, close, or escalate incidents, and require explicit human approval for decisions that change evidence or containment status.
- Harden verification for high-impact requests Use out-of-band checks for payment changes, access resets, vendor onboarding, and data transfers when the request arrives through email, chat, or AI-mediated channels.
What's in the full article
Abnormal AI's full season recap covers the episode-level discussion and speaker perspectives this post intentionally leaves at the thematic level:
- Conversation-by-conversation context from the AI chatbot abuse, SOC automation, and social engineering episodes
- Speaker viewpoints from threat intelligence, cyberpsychology, and CISO leadership that add operational colour
- The specific examples and discussion points used in each chapter to frame AI risk in practice
👉 Read Abnormal AI’s season recap on AI chatbots, SOC automation, and social engineering →
AI chatbots and social engineering: what security teams are missing?
Explore further
27/06/2026 3:27 pm
AI-assisted deception is now an identity problem, not just a content problem. When attackers use legitimate AI platforms to manipulate targets, the control failure is not simply bad wording or spam volume. The real issue is that identity assurance is being tested through machine-generated trust signals that look normal at first glance. Security teams need to recognise that deception can be delivered through the same channels used for legitimate collaboration.
A few things that frame the scale:
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities.
A question worth separating out:
Q: How do organisations reduce risk from AI-assisted impersonation?
A: Organisations should require stronger verification for requests that move money, reset access, or transfer sensitive data. Use secondary channels, callback procedures, and approval workflows that do not depend on the same communication path the attacker may already control.
👉 Read our full editorial: AI chatbots, SOC automation, and social engineering in security
