By Nikolay Valov

AI is getting better at mimicking how leaders think — not just how they sound.

The latest wave of deepfake attacks isn’t about dramatic voice-cloning or bold social engineering. Instead, the bigger risk may come from systems that quietly learn how your organization makes decisions — and then replicate that logic to steer outcomes in the wrong direction.

These attacks don’t require stolen passwords. They exploit routine patterns: approvals that cluster at day’s end, familiar pairs of names on high-risk items, predictable shortcuts when urgency spikes. Nothing about that behavior is confidential — it’s just how work gets done.

Modern AI is skilled at recognizing these cues. When adversaries introduce misleading signals into trusted systems, the result isn’t a red-flag breach. It’s a well-formed, data-cited, high-confidence recommendation that happens to benefit the attacker. A manager under pressure — one who’s seen the system work flawlessly dozens of times — may click “approve” without hesitation.

Below are three low-cost habits that reduce this risk, even without major changes to your tech stack.

•Separate identity from intent. Most security programs excel at verifying who someone is and whether their device is secure. But high-impact actions — wire transfers, permission changes, sensitive data access — should also require a quick check on why now.

A single-sentence note referencing a customer request or policy ticket can be enough. If the rationale can’t be clearly stated, the action can wait. This small habit helps both people and machines justify timing, not just identity.

•Give important decisions a receipt. When your team acts on analytics, capture a short “receipt” showing what data was used, which model made the recommendation, and who signed off. This doesn’t require a research lab — just a simple audit trail to reconstruct later if needed.

Valov

Leaders don’t have to check these logs every day. But knowing the information exists makes it easier to investigate when something feels off.

•Make your rhythm harder to spoof. If an outsider knows that key approvals always happen at 5:30 p.m. on Thursdays, they’ll time their request to match.

Consider varying the approval window for sensitive actions. Or split final sign-off across two channels — such as confirming in both a workflow system and a secure chat. These tweaks are less about slowing things down, and more about keeping predictability from becoming an attack surface.

•Don’t let a single source decide. If your organization uses AI tools to rank risks, route tickets, or make suggestions, run a second, simpler check in parallel for your most sensitive cases. When the two results disagree, pause.

Often, the simplest logic catches the most expensive mistakes. More importantly, disagreement becomes a cue to think — not a signal to override.

•Rehearse the “confidence theater” moment. Incident reports often include phrases like “99.8% confidence.” But confidence scores aren’t conclusions — they’re signals. Ask: What piece of data would lower this number? What’s the fastest way to confirm or refute it independently? A short pause and a smart question can save weeks of cleanup.

These practices work because they match how decisions are made under pressure. They’re scalable. A “why-now” field can be one text box. A decision receipt can be a short log. Changing timing costs minutes — not budget.

Organizations still need strong basics: authentication, encryption, modern access controls. But as AI shrinks decision timelines, resilience won’t come from moving faster — it will come from moving deliberately, with checks that clarify intent and leave a trace.

If you implement just one change this quarter, try this pilot in a critical workflow:

•Add a one-sentence “why-now” field

•Automatically log a decision receipt

•Add a lightweight second check for your top 10% highest-impact actions

Measure how many approvals actually slow down. In most organizations, the answer is close to zero — but decision quality improves, and risky signals surface faster.

We’ve made progress in protecting data. The next frontier is protecting judgment. And the most dangerous attacks ahead may not be loud or obvious — they’ll simply sound like something your organization would already do.

About the essayist: Nikolay Valov is the Founder & Editor of Signal Decoded, a bi-weekly dispatch covering the edge of AI, cyber, C5ISR and next gen defense technology. He is a self-described Defense Tech Futurist, AI Visionary, and cybersecurity transformation leader focused on practical habits that make technology decisions more resilient.

November 13th, 2025 | Essays | Top Stories