Automate Your Human Defense with AI

The panel discussion “Automate Your Human Defense with AI” brought together industry leaders to address a critical vulnerability in modern cybersecurity: the human element. Moderated by Pavan Kushwaha, the session featured Dr. Sergio E Sanchez (CISO, Coleman Health Services), Chris Bollerud (CISO, AppGen), and Dr. Sandeep Desai (technology and governance expert). The central theme was that while firewalls and systems have become significantly stronger, attackers have shifted their focus to exploiting human trust, urgency, and emotions through AI-powered social engineering.

The AI Arms Race: A Love-Hate Relationship

Dr. Sergio opened the discussion by describing his “love-hate relationship” with AI. While AI cuts down task times from hours to minutes, it also equips threat actors with “fully loaded” tools. He noted that attackers no longer need five monitors and deep coding skills; instead, they target individuals who may be “allergic to technology” or lack awareness of how attackers interact with them via SMS, vishing, or phishing.

A significant concern raised by Dr. Sergio was the emergence of AI agents. He cited “Malt,” a platform described as “Facebook for AI agents,” and questioned whether these agents might eventually become “sentient” enough to scam humans autonomously. He emphasized that before organizations rush to integrate AI because “everyone else is using it,” they must establish proper governance, security locks, and clear processes.

Beyond “One-Shot” Attacks: Layered Defense

Chris provided a practical perspective on how AI can be used to detect sophisticated hacking patterns. He expressed concern over “one-shot prompting,” where an attacker might successfully compromise a user with a single, perfectly crafted AI prompt. To counter this, he advocated for diverse, adaptive training that mimics how social engineering comes from multiple directions, such as SMS or LinkedIn connections rather than just company devices.

Chris also shared a unique “human” approach to training: he regularly jokes with his accounting department about bank account change requests to keep them alert. Furthermore, he emphasized a defense-in-layers strategy. He argued that no single tool is sufficient; instead, organizations need multiple hurdles, such as email security, link-disabling protocols, and mandatory Multi-Factor Authentication (MFA), to ensure one wrong click doesn’t compromise the entire company.

Personalized Security Training

Sandeep Desai compared the future of security training to “Khanmigo” (an AI tutor from Khan Academy). Just as a student receives a personalized lesson plan based on their academic weaknesses, employees should receive awareness training tailored to their specific roles and vulnerabilities. He argued that generic phishing campaigns—such as sending an invoice-themed email to a developer—are ineffective because they do not “resonate” with the user’s daily reality.

By utilizing AI to create dozens of role-specific scenarios, organizations can test and train employees more effectively. Dr. Desai also stressed the importance of making these AI-driven defenses measurable, repeatable, and reportable to provide leadership with clear evidence of progress.

Actionable Tips for the Non-IT User

The panel concluded with practical advice for protecting non-technical staff:

• Verify via “Back Channels”: Chris advised users to never communicate back through the same channel where a suspicious request originated. Instead, walk over to the person’s desk or use an internal tool like Slack or Teams to confirm the request.
• Watch for Psychological Triggers: Dr. Sergio reminded users that hackers target human psychology. Be wary of words like “urgent,” “act now,” or “only one time,” as these are designed to bypass critical thinking.
• Layered Vigilance: Always use MFA and look for “suspicion indicators” provided by security tools before interacting with external messages.

Conclusion

In summary, the panel agreed that automating human defense is not about replacing people with machines, but about using AI to create a “vibrant community” of defenders who are equipped to evolve faster than the attackers.