Q3 2026: When AI Attacks Back

AI-Powered Attacks Are Changing the Rules

For years, the advice was straightforward: look for spelling mistakes, odd formatting, and suspicious links. That guidance is now dangerously out of date. Cybercriminals have adopted the same generative AI tools used in legitimate business, and the results are attacks that are faster, more convincing, and harder to detect than anything seen before.

The numbers bear this out. AI-powered Business Email Compromise drove $2.77 billion in losses across 21,442 incidents in 2024 according to FBI IC3, and the trajectory has accelerated sharply since. The proportion of BEC attacks leveraging AI-generated voice, video, or text deepfakes has reached 40% in 2026, up from under 5% in 2023. For the first time ever, cybersecurity has overtaken economic pressure as the top concern for SMBs, and 40% say a cyberattack costing $100,000 or less would shut them down.

Analysis from KnowBe4 and SlashNext indicates that 82.6% of phishing emails now contain some AI-generated content. These are not mass-blast emails full of grammatical errors. They are targeted, personalized messages written in the same tone your colleagues use, referencing real projects and real names scraped from LinkedIn and your company website.

The Deepfake Layer: Voice, Video, and Fraud

Business Email Compromise has always exploited trust. What is new is that "email" is no longer the only channel. In a landmark 2024 case, a finance worker transferred $25 million after a video call where every participant except the victim was an AI-generated deepfake.

The barrier to entry has collapsed entirely. Commodity tools on dark web markets can clone a voice from three seconds of audio for under $20. Your CEO's voice is almost certainly available from publicly posted recordings, conference calls, or even LinkedIn video posts. Just 3 seconds of audio is enough to clone a person's voice, and deepfake-enabled fraud attempts increased by over 1,300% year-over-year.

The most effective defence is procedural, not technical. Verify any unusual financial request through a separate, pre-established channel, regardless of how credible the voice or video appears. A policy that simply requires a callback on a known number before any wire transfer is approved will stop the vast majority of these attacks.

What to Expect Through the Rest of 2026

The threat landscape will not simplify before the end of the year. Several trends warrant attention across the organizations we support.

• AI-enhanced phishing at scale. Attackers have moved beyond mass emails. Underground markets sell ready-to-use phishing templates, credential theft kits, and stolen credentials, meaning criminal groups no longer need deep technical skills. Expect volume and quality to increase simultaneously.
• Cyber insurance requirements tightening. Carriers are requiring evidence of MFA, EDR, and security awareness training before issuing or renewing policies. Businesses without these controls are increasingly finding coverage denied or premiums unaffordable.
• Shadow AI creating new data exposure risks. Employees using unsanctioned AI tools create data exposure pathways that attackers harvest for deepfake training material and targeted spear-phishing. An acceptable-use policy for AI tools is no longer optional.
• Ransomware exploiting unpatched systems. Thousands of new cybersecurity vulnerabilities are disclosed each year, with 2025 continuing the trend of record-breaking vulnerability counts. This rapid growth increases the risk for SMBs that struggle to keep systems patched and up to date.

Strengthening Your Defences: What We're Focused On

As the threat landscape evolves, so does the way we protect our clients. Over Q3, CG Technologies is focused on three areas across our managed client base.

• Security Awareness Training reinforcement. Given the sophistication of AI-generated phishing, we are ensuring all clients on Wizer receive updated training modules that include real deepfake audio and video examples, not just simulated text-based phishing. Employees need to recognize the new attack patterns, not just the old ones.
• MFA coverage audit across Microsoft 365 environments. We are reviewing MFA enrollment completeness across all managed tenants. Conditional Access policies are being validated to ensure no service accounts or legacy authentication paths remain unprotected. If you have not completed MFA rollout, this is the quarter to finish it.
• Endpoint Detection and Response posture review. Huntress and Bitdefender coverage is being verified across all managed endpoints. Any devices outside managed coverage represent an unmonitored entry point. We will be flagging gaps directly with affected clients this quarter.

If you have questions about any of these initiatives or want to understand how your specific environment is protected, reach out to the helpdesk or your account contact.

5 Minutes That Could Stop a Deepfake Attack

The single most impactful procedural control your organization can put in place right now costs nothing and takes five minutes to establish: a verbal code word for financial authorizations.

Here is how it works. Your finance team and any employee who can authorize payments agree on a rotating code word, changed monthly. Any request to transfer funds, change banking details, or approve an urgent payment, regardless of how it arrives, requires the requester to supply the current code word before the transaction proceeds.

No code word means no transfer. Full stop. This single control defeats voice cloning attacks, deepfake video calls, and AI-generated email chains in one step, because the attacker cannot know an internal verbal code word regardless of how convincing their impersonation is.