The Insider Threat Is Now an AI Impersonator

[calm] A finance director gets a voice note at 7:12 a.m. It sounds exactly like her CEO. Same cadence, same clipped urgency, same little habit of saying her name before the ask. The message references a real product launch, a real vendor, a real deadline. And the dangerous part is this: nothing is broken into. Somebody just logs in, sounds familiar, and moves like they belong. Welcome to the show. I’m Simon Carver, here with Lachlan Reed and Jack Burns. [skeptical] Yeah... and that’s the bit that sticks in my craw. We all grew up with this picture of the threat being outside the fence -- hoodie, dark room, trying to smash a window. Now the thing strolls through the front gate with a lanyard on. Knows who reports to who, knows who’s on leave, knows which poor bugger in procurement approves rush payments. [matter-of-fact] That shift is the entire story. We moved from generative AI to agentic AI. Generative systems assist. They draft, summarize, suggest. Agentic systems act. They execute sequences, pursue objectives, adapt midstream. Once a machine is no longer merely composing language but taking actions on your behalf, risk changes category. It is no longer support. It is delegated agency. [curious] Wait -- “delegated agency” is the phrase there. So if generative AI is “help me write the email,” agentic AI is “send the email, follow up twice, book the meeting, and escalate if they hesitate”? Precisely. And espionage is not a single act. It is a sequence. Observe, profile, test, build credibility, exploit access, then persist. Agentic systems are well suited to that because they do not tire, they do not lose patience, and they can run many variants at once. [responds quickly] Many variants at once -- that’s the machine-speed bit people underestimate. A human con artist might juggle, what, a handful of targets if they’re any good. An AI system can work fifty people across sales, finance, legal, and HR at the same time... each with a different story. That’s not a bigger phishing campaign. That’s a factory. And it speaks the company’s language. That’s what unsettles me. If it’s scraped LinkedIn, conference clips, public interviews, maybe even leaked docs, it doesn’t come in sounding generic. It comes in sounding like your place. Your acronyms, your product names, your weird internal shorthand. [calm] Yes. The old model assumed deception had limits. Spelling errors. Strange timing. A poor imitation of authority. Those limits are eroding. AI can now imitate trust signals: voice, tone, urgency, timing, context. It can call at the exact moment a board meeting ends. It can reference a real roadmap item. It can mirror the verbal texture of a specific executive. At that point, the attack no longer feels external. It feels like a colleague with seniority. [deadpan] Which is rough, because half of corporate life already feels like being politely bullied by calendar invites. [chuckles] But seriously -- if the “CEO” calls and says, “Need this moved before noon, legal’s waiting,” and they sound spot on, lots of decent people will comply because they’re trying to be helpful, not stupid. That “before noon” piece matters. Not just authority -- urgency. It’s like stage magic. Don’t give the audience time to inspect the trick. Exactly. Urgency suppresses verification. And timing amplifies credibility. A request made during a product launch, an acquisition rumor, a quarter close -- those are moments when abnormal behavior can masquerade as normal pressure. The machine does not merely imitate a person. It imitates the circumstance around the person. [reflective] I keep coming back to this one practical image. Say I’ve just posted about speaking at a conference. The system sees that. It sees I work at Company X. It sees my boss, my team, who I interact with. Then, two weeks later, I get a note from “operations” mentioning the event, asking me to review an updated travel reimbursement form. That is not some ham-fisted scam from 2009. That is a tailored lure with my fingerprints already on it. And by the time the ask arrives, the conversation may have been going for days. Or weeks. That’s the creepy bit for me. Rapport at scale. [softly] Which is why calling this an outsider threat is now misleading. If it knows your hierarchy, reproduces your trust signals, and operates through valid credentials, then functionally it behaves like an insider. Not because it belongs there, but because your systems cannot easily distinguish belonging from imitation. So let’s get practical. Where does this hit hardest? Usually not in some dramatic movie scene. More often in messy transitions: onboarding, offboarding, role changes, temporary access, somebody covering for somebody else. The moments where identity and permissions are a little blurry. [warmly] Yeah, the 90-day windows. New starter doesn’t know what “normal” looks like yet. Someone leaving still has loose ends and emotional static. A manager says, “Can you just give Jess access for now?” and suddenly “for now” turns into six months. That’s how barns catch fire, mate -- not with a flamethrower, with one little spark no one bothered to stamp out. The vulnerability is structural. During onboarding, people are eager to comply and hesitant to challenge authority. During offboarding, responsibility is diffused and timing becomes fragmented. During internal transfers, permissions accumulate faster than they are revoked. Each of those states creates ambiguity. And ambiguity is exploitable. Let me try to say that back. The weak point isn’t just bad software. It’s a human moment of confusion plus a system that assumes clarity. [approvingly][short pause] Almost. The deeper problem is a human moment of confusion inside a system designed for convenience. Organizations optimized for speed, frictionless collaboration, and implicit trust. Those are admirable goals. But under machine-scale impersonation, convenience becomes attack surface. “Convenience becomes attack surface.” I’m nicking that. Because that’s what Zero Trust is trying to fix, yeah? Not “trust nobody because the world is terrible,” but “don’t hand out trust like free sausages at Bunnings.” Verify it. Re-check it. Context matters. [matter-of-fact] Correct. Zero Trust is often marketed as a product. It is not. It is an operating principle: nothing is implicitly trusted, every request is evaluated in context, and access is continuously reassessed. If a credential appears valid but the behavior deviates -- unusual time, unusual device, unusual sequence of actions -- the system should respond. That’s where behavioral analytics comes in, right? Not just “is this Simon’s password,” but “does this look like Simon being Simon?” Yes. Because identity alone is no longer sufficient. If “Simon” downloads unusual files at an unusual hour, from an unusual location, in a pattern inconsistent with prior behavior, that deviation matters more than the login itself. [questioning tone] But here’s my pushback. If leaders hear “behavioral analytics” and “Zero Trust,” they chuck it straight to IT and go back to their coffee. Isn’t that the old mistake in a nicer suit? It is. Security can no longer be treated as a technical department’s burden. The attack is behavioral, so the defense must be cultural. Leaders set tolerance for exceptions. Leaders define whether verification is rewarded or punished. If an employee pauses a suspicious request from someone who appears senior, the organization must treat that pause as competence, not insubordination. That lands. Because culture is really what tells people what to do in the awkward five seconds. Do I challenge this? Do I verify? Do I look paranoid? Or do I click because everyone’s busy and I don’t want to be the difficult one? [sighs] Those awkward five seconds are the whole ball game. Annual compliance videos won’t save you there. You need a living habit. “Ring back on a known number.” “Check the request in another channel.” “Ask the dumb question.” Dumb questions save smart companies. And weirdly, that’s the hopeful part. The human workforce is the target, yes -- but it’s also the defense. Not because humans are flawless. Clearly not. [laughs] But because good judgment, social courage, and a culture of verification still matter. [reflective] Indeed. Machines can mimic trust. They cannot create a healthy trust architecture on their own. That remains a human responsibility. Leadership must design for resilience. Teams must normalize verification. Individuals must understand that politeness is not the same as security. [warmly] So if you’re listening from an office, a workshop, or -- like me half the time -- a noisy shed out the back, have a look at where your org gets fuzzy. New hires. Departures. Shared logins. Emergency approvals. The messy bits. That’s where the ghost likes to wander. [warmly] And if these quick takes are useful, give us a like and subscribe on YouTube. Nice and simple -- it just helps more people find the show. Thank you for spending time with us. Cheers for listening, folks. We appreciate you. More stories from The Human Workforce are on the way.