At the recent TTT 2025 Reshape: Enterprise Cybersecurity event held last week, Mr. Pongint Chusuvun, Technical Educator at ActiveMedia (Thailand), spotlighted the dark side of Artificial Intelligence. While AI offers immense benefits, he warned that it also serves as a powerful weapon in the hands of cybercriminals.
Read the full recap of his keynote: “AI-driven deception: A new face of corporate fraud” here.
AI: A Double-Edged Sword - From Revolutionary Benefits to Sophisticated Cyber Threats
Pongint Chusuvun highlighted that AI has become a true double-edged sword — while it brings immense possibilities, it also enables cyberattacks to become more sophisticated and harder to detect than ever before. What once seemed like science fiction is now becoming a reality for organizations around the world. According to a report by Gartner, 55% of global companies are expected to adopt generative AI in a meaningful way starting from 2023. At the same time, this very technology is being weaponized by cybercriminals to carry out highly convincing and increasingly dangerous attacks.
Worrying Trends in AI-Driven Cyberattacks
Pongint Chusuvun shared several concerning trends where AI is being used as a core enabler of increasingly sophisticated cyberattacks:
- Fake employees – Hackers can now use AI to make fake resumes, documents, and even faces that look real. They use these to sneak past HR and get into companies, just to steal data or plant malware.
- A new breed of BEC scams – This is a new form of Business Email Compromise (BEC), where AI is used to mimic the voice or appearance of company executives during live video calls. In one real-life case, an employee was tricked into transferring over $25 million after being contacted by what appeared to be the company’s CFO.
- Authentication bypass – Attackers use AI-generated videos to impersonate customers during identity verification processes. By stealing facial data through malware, they can bypass security checks, open fraudulent accounts (so-called mule accounts), or apply for loans using fake identities.
- Deepfake scams – AI is being used to generate deepfake videos of CEOs or celebrities, inviting people to invest in fake projects or click on dangerous websites. These scams are highly convincing and spreading quickly online.
- Password cracking – Tools like PassGAN can guess passwords in seconds, much faster and more accurately than any human attacker. This allows hackers to break into systems and steal valuable data—everything from customer records to financial reports.
- Document forgeries – AI can quickly produce realistic fake documents such as ID cards, invoices, or insurance claims. It is suspected that up to 5% of insurance claims may already have been manipulated using AI-generated content.
- Phishing and reconnaissance – AI can quickly produce realistic fake documents such as ID cards, invoices, or insurance claims. It is suspected that up to 5% of insurance claims may already have been manipulated using AI-generated content.
What’s the impact of AI threats?
According to data from ESET, 38% of fraud-related losses over the past year involved the use of AI. These AI-driven threats have caused serious damage—not only to a company’s reputation and brand trust, but also financially.
The losses go far beyond mistaken money transfers. Organizations also face high costs from system repairs, data recovery, and legal penalties resulting from regulatory violations or lawsuits.
How Organizations Can Defend Against AI-Driven Threats?
Pongint Chusuvun highlighted that to protect against AI-powered threats, organizations need a well-rounded and practical approach that covers three key areas.
1. People & Process
- Conduct thorough background checks for new hires – Especially for remote positions, consider adding on-site interviews or additional verification steps to ensure identity and integrity.
- Provide cybersecurity awareness training – Help employees stay alert to phishing attacks, deepfakes, and other common threats by offering regular training sessions.
- Enable Multi-Factor Authentication (MFA) – Require OTPs or other authentication methods for accessing important systems within the organization.
- Promote collaboration between HR and IT – Encourage these departments to work together in developing clear security policies and compliance standards that support secure onboarding and daily operations.
2. Technology
- Use AI for behavior-based threat detection – Monitor login patterns, such as unusual times or locations, to quickly identify suspicious activity from users or employees.
- Deploy deepfake detection tools – Particularly in identity verification processes like KYC (Know Your Customer) onboarding, to prevent impersonation and fraud.
- Leverage generative AI for simulated attack scenarios – Create mock cyber threats using AI to train systems and teams to respond more effectively to emerging risks.
3. Corporate Culture
- Make sure leaders are aware – Cybersecurity isn’t just for IT teams anymore—it’s a key part of keeping the whole business running smoothly.
- Build awareness across the company – Everyone should know that AI can be helpful, but it can also be misused. That’s why everyone has a part to play in staying safe.
- Keep communication open and simple – Create a workplace culture where people feel comfortable reporting suspicious activity and know how to stay cyber-aware.
ESET: Cybersecurity Solutions for the AI Era
ActiveMedia, the exclusive distributor of ESET cybersecurity products in Thailand, offers ESET’s multi-layered security technology, known as ESET LiveSense®. This approach is designed to provide strong and adaptive protection—because no single layer of defense is ever enough to stop all cyber threats.
ESET combines three core technologies to keep threats at bay:
- ESET LiveGrid® – A cloud-based system that collects global threat data in real time, enabling fast detection and response.
- Machine Learning – AI-powered detection that automatically identifies and blocks new and unknown threats with high accuracy.
- Human Expertise – ESET’s team of cybersecurity specialists continuously monitor trends, fine-tune detection systems, and respond to evolving threats.
ESET takes a comprehensive approach to cybersecurity, covering every stage of defense—from Prevention (PREVENT), Detection (DETECT), and Response (RESPOND) to Threat Prediction (PREDICT). Pongint Chusuvun explained
“The ESET PROTECT platform is available in five tiers—Entry, Advanced, Complete, Enterprise, and Elite—designed to meet the needs of organizations of all sizes and maturity levels.Each tier offers key features tailored to different requirements, including Endpoint Security, Server Security, Full Disk Encryption, Mail Security, Cloud Application Protection, Vulnerability & Patch Management, and even XDR (Extended Detection & Response).Everything is managed through a single, centralized console—the ESET PROTECT Console—and pricing is based only on the number of endpoints. This makes cybersecurity protection simple, complete, and cost-effective for every organization.”
ESET: Over Two Decades of AI Expertise
ESET has been using AI and machine learning for more than 25 years—since as early as 1997. This long-standing experience reflects the company’s deep understanding of evolving cyber threats and its ongoing commitment to developing advanced technologies to stay ahead of them.
Pongint Chusuvun’s session underscored the importance of being prepared and proactive in responding to today’s fast-changing cybersecurity landscape.
Is Your Organization Ready for AI-Powered Threats?
“AI is changing the game for cybercriminals—but it can also change the game for cybersecurity and risk management teams.
The question is: will your organization wait to be attacked, or take the lead by using AI to defend itself first?”
Watch the full session “AI-driven deception: A new face of corporate fraud” by Pongint Chusuvun, Technical Educator at ActiveMedia (Thailand)