AI-powered social engineering is the use of generated text, voice, video, or interface content to manipulate a target into taking an unsafe action. The goal is not just deception, but trust transfer, where the attacker convinces a legitimate identity holder to approve, disclose, or execute something harmful.
Expanded Definition
AI-powered social engineering is a manipulation technique that uses generated text, voice, video, or interface content to persuade a legitimate identity holder to take an unsafe action. In NHI security, the danger is not only impersonation, but trust transfer across human and machine boundaries, especially where approval workflows, service desks, or delegated admin paths can be influenced.
Definitions vary across vendors when this term overlaps with deepfake fraud, phishing, or business email compromise. In practice, the distinction is the use of AI to scale personalization, timing, and conversational persistence, often making the attack more believable than a static lure. It matters because the target may be a user who controls access to secrets, an operator who can approve a token, or a help desk analyst who can reset a credential. For identity assurance context, NIST SP 800-63 Digital Identity Guidelines remains useful for understanding how assurance weakens when a person can be convinced to perform an action outside normal authentication boundaries.
The most common misapplication is treating it as ordinary phishing, which occurs when organisations ignore voice, video, and conversational abuse in workflows that depend on human approval.
Examples and Use Cases
Implementing defenses against AI-powered social engineering rigorously often introduces friction in urgent workflows, requiring organisations to weigh faster approvals against stronger verification.
- A finance analyst receives a convincing AI-generated voice call that imitates an executive and requests a payment override, turning a routine approval path into a fraud channel.
- A service desk agent is shown a synthetic video or chat transcript that appears to confirm an identity reset request, leading to unauthorized credential recovery.
- An attacker uses generated email threads to sustain a believable conversation over multiple hours, gradually eliciting MFA codes, backup codes, or session approval.
- A developer is tricked into pasting a token into a fake internal portal that mirrors legitimate tooling, creating a bridge into cloud workloads and NHI-managed automation.
- The DeepSeek breach is a reminder that exposed data and secrets can become raw material for more believable AI-driven deception, not just direct credential theft.
Public guidance on identity verification from NIST SP 800-63 Digital Identity Guidelines is especially relevant where teams need stronger proof before honoring high-risk requests.
Why It Matters in NHI Security
AI-powered social engineering is especially dangerous in NHI environments because many high-value actions are not performed by end users at all. They are performed by operators, CI/CD automation, support staff, or agents acting on behalf of a user, which expands the number of people and systems an attacker can pressure. A single successful manipulation can expose secrets, approve a dangerous workflow, or grant an AI agent the wrong tool access.
NHIMG research shows how quickly exposed credentials can be abused: in the LLMjacking research, attackers attempted access to publicly exposed AWS credentials in an average of 17 minutes. That speed matters because social engineering often creates the first opening that leads to credential theft, secret disclosure, or delegated misuse. In parallel, the State of Secrets in AppSec report highlights how weak secrets practices increase the blast radius once a person is manipulated into revealing sensitive material.
Organisations typically encounter the operational impact only after a fraudulent approval, exposed secret, or unauthorized reset has already been acted upon, at which point AI-powered social engineering becomes unavoidable to investigate and contain.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A2 | AI agents can be manipulated into unsafe actions through persuasive prompts or fake instructions. |
| OWASP Non-Human Identity Top 10 | NHI-05 | Social engineering often targets secrets and credentials that protect non-human identities. |
| NIST CSF 2.0 | PR.AT-1 | Awareness and training controls address human susceptibility to deceptive manipulation. |
Require robust human verification before agents execute high-impact requests or delegate authority.
Related resources from NHI Mgmt Group
- Why does AI make social engineering harder to spot?
- How can organisations reduce risk from browser-based social engineering against AI tools?
- Why do phishing-resistant MFA controls still fail against social engineering?
- How should security teams protect helpdesk reset workflows from social engineering?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 24, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
