Threat Talks - Your Gateway to Cybersecurity Insights

AI can fake your voice.
Deepfakes can move millions of dollars in minutes.
And attackers no longer need to break trust - they can simulate it.

Security teams are entering an era where nothing can be trusted at face value.

In part two of our Zero Trust series with Dr. Zero Trust, Chase Cunningham, he and Lieuwe Jan Koning (Co-Founder and CTO at ON2IT Cybersecurity) explore what the future of Zero Trust looks like in an AI-driven world. 

How do you verify identity when voices and faces can be faked?
How do organizations defend against scams that scale to millions of targets?
And what happens when AI starts attacking AI?

They discuss real-world examples including deepfake fraud, “cyber-kidnapping” scams, prompt injection attacks, and the growing role of AI policy engines in defending modern systems.

One key takeaway: AI is accelerating a global trust crisis.
And this is what makes Zero Trust matters more than ever.

Simple Zero Trust principles like verification, passphrases, strict payment procedures, and continuous validation become essential safeguards for every organization.
Because in an environment where anything can be simulated, trust must always be verified.

Missed part one?
Watch “From Revolution to Reality”: https://www.youtube.com/watch?v=6reox4sqaUc&t

Timestamps
00:00 - Introduction: AI Security Threats and the Future of Zero Trust
01:07 - How Long Will Zero Trust Last? The Future of Zero Trust Strategy
01:54 - The Future of Zero Trust in an AI-Driven World
04:24 - Deepfakes, Fraud, and the Zero Trust Response to AI Security Threats
16:10 - AI Security Threats: Prompt Injection, AI Agents, and the Next Arms Race
21:55 - Final Thoughts on AI Security Threats and the Future of Zero Trust
 
Key Topics Covered
  • How AI security threats like deepfakes are changing identity verification
  • Why the future of Zero Trust depends on continuous verification
  • How AI-driven attacks scale fraud and social engineering
  • Why AI policy engines may become the next defensive layer in cybersecurity
Resources

Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.
 
🔔 Follow and Support our channel! 🔔

 === 

► YOUTUBE:    / @threattalks  
► SPOTIFY: https://open.spotify.com/show/1SXUyUE...
► APPLE: https://podcasts.apple.com/us/podcast...
 
👕 Receive your Threat Talks T-shirt
https://threat-talks.com/
 
🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com
 
🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

What is Threat Talks - Your Gateway to Cybersecurity Insights?

Threat Talks is your cybersecurity knowledge hub. Unpack the latest threats and explore industry trends with top experts as they break down the complexities of cyber threats.

We make complex cybersecurity topics accessible and engaging for everyone, from IT professionals to every day internet users by providing in-depth and first-hand experiences from leading cybersecurity professionals.

Join us for monthly deep dives into the dynamic world of cybersecurity, so you can stay informed, and stay secure!

Zero Trust has been around for over a decade.

We're coming up on two decades.

The world has changed, though.

I mean, AI is everywhere,
and it must have its ramifications

on cybersecurity as well,
and therefore also on Zero Trust,

being the dominant strategy
against cyber attacks.

Like we announced last time,
Dr. Chase Cunningham has

also a few words to say
on this subject.

So I’m really thrilled that here he is again
for our next episode of Threat Talks.

Welcome to Threat Talks.

My name is Lieuwe Jan Koning
and we are here from the headquarters

at ON2IT in the United States,
in Plano, Texas.

Let's get on to it.

Welcome to Threat Talks.

Let's delve deep into the dynamic world
of cybersecurity.

So let me introduce our guests of today.

Chase Cunningham, Dr. Chase
Cunningham, Dr. Zero Trust.

He is called.

He was at Forrester and took over,
well, filled the big shoes of John

Kindervag at Forrester
and he took over the Zero

Trust portfolio basically, invented
the Zero Trust Extended framework.

And then we're thrilled
to have you back here Chase.

Welcome.

So last time when you were on,
I asked you,

when did you start doing Zero Trust?
And that was a long time ago.

How many years is
there still to go for

Zero Trust, you think?
Unlimited.

I mean, it's the strategy that's,
like you said earlier, right?

I mean, the fact we're still talking
about this in 2025, 2026.

And it's something John came up with,

16 years ago and it really
still stands the test time.

I don't see a change
that's really needed here.

I think that that's the value
of a really good strategy, is it does

it's formulaic enough that you
can wrap your head around it,

but it's not so dogmatic
that you can't evolve over time.

That's what I think it is.

Yeah. And it ties to
the business needs.

I mean, it's not just, it’s not a
technical layout of a network,

but lots of people think that,
or a way to do identity.

No, it's the thought. It's the strategy.

Really. Yeah.

Concept, theory, strategy, all that stuff.

So if we look into
the future a little bit, there's

of course a ton of new things
that are emerging.

Aside from, AI is the obvious one

are there any other things that you can
think of that are changing that

or maybe parts of Zero Trust
that aren't really solved yet?

So I think the one that's showing up to me
now, and is kind of evolving

from the place
that I am concerned with as a risk

is the issue around kind of the,

call it simulated reality
that we're dealing with,

you know, between deep fakes and voice
fakes and all these other types of things

that you can make, you know, digital
twins and copies of people and whatever.

And, I mean, you and I both
have content on YouTube.

It'd be pretty easy
to make deep fakes of us, which...

Oh yeah. Luckily I have
no money, so no one’ll be-

We actually have an episode
of Threat Talks where Rob

actually starts with a
deepfake of himself.

Oh, nice. Yeah.
And, yeah, it's,

well, if you know it then
you can kind of see it, so,

but it's amazing, especially voice,
how amazing- Voice is easy. Yeah.

And that's, those things to me,

because I think there was like
a $25 million deepfake scam.

Somebody got hit up,

which, hey, there's some easy ways
to fix that problem, but different story.

And then the other one is drones.

Drones for me are... Autonomous.

Yeah, they're the future of where
a lot of things are going.

Yeah, yeah, they're too easy to deploy
and very difficult to defend.

And they're very economical.

And hard to shoot down.

Yeah.

In Ukraine we are using $1.5
million missiles so... Instead of

F-35 strike fighters at $1 million apiece,
you know,

I mean. To shut down a $200 drone or so.

I mean, the Ukrainians took out
the Russian nuclear fleet with drones.

Yeah, yeah.

I mean, that was mind boggling.

Like when I saw that on TV,
my wife is like, why are you

you know, jumping up and down?

I was like, because that's where we're going.

Yeah, I agree. Yeah.

Actually all over Europe, drones
pop up all the time, right.

Airports and power plants
and we see that

now I mean, we are at war, I think.

Yeah, it's just a different type.

I don't think the Cold War ever ended.

I think it just went digital.

Yeah, yeah. And we were snoozing.

We were just like, lulled into,
you know, the boil the frog thing.

Right? The water's getting warm.

Uh-oh. It's getting hot.

Yeah, but we believed that mutual trade
would have make us dependent on someone.

And therefore we wouldn't all do it.
We [ ] to one big world peace.

Yeah, we just basically
ignored all of-

Zero Trust tells you to never trust anything.
Right?

Yeah.

People will be people
and bad things will happen.

Yeah, yeah.

So on the deepfakes,
what would be the Zero Trust response

on it, because what
we've seen, just to clarify,

your CFO calling with

someone in the finance team saying,
hey, listen, we need to transfer money.

We can’t do it over regular channels, etc.,

it's super urgent.

I'm traveling at the moment and-
We need it right now. We need to do it right now.

Here’s my temporary phone number,
that’s going to be..

And you hear and see your actual CFO.
Right.

That's what's happening right now.
And then,

“okay, well I'll transfer it”
and then you go,

“Well they told me to”, like,

on the call. Yeah.

It wasn't him.
It was him. I think. Yeah.

That's you know, ...
So what would be the Zero Trust response to this?

Well I mean, number one would be
to put a pretty low limit on those transfers.

Just, you know, not $25 million
a pop from, you know, one exec to another

would probably be a smart thing,
just a concept.

But the other thing too, is like, and
I've told my family this stuff is,

have a passphrase, you know,
back to the old approach of like,

have a passphrase
and have a way to kick that off

that is out-of-band.
You’ve been in the military.

It worked like that as well?

Oh, yeah. Yeah.

I mean, if you go back to,
I like to talk to folks.

if you’ve ever seen the movie
The Longest Day

where they were invading, you know,
the beaches of Normandy, you know?

Thank you for that.
Yeah. Well, my grandfather.

Yeah, he was...,
the thing that they would say

there is ‘thunder’
and typically other person,

you know, if they don't know
the code would say ‘lightning’, well,

I better shoot that dude because that's
not what it’s supposed to be, it was

‘thunder’ and ‘clap’ was the response.

So, you know, simple stuff
makes a heck of a difference.

You're saying

something very important here
because there's a question and an answer.

Yeah.

I mean, it's

obvious, well, maybe not, let's first
go on on the answer part.

So you can agree with your CFO, for example,

or with your child or your spouse
or whatever, a password.

Right.

So if you are not sure
you want an extra authentication

that a person is not a deepfake,
you can say.. whatever.

What's the price of rice
in China on Tuesday?

Yeah. And their answer is Rover the dog.

Okay, I know that that's legit.

Yeah. But why is it not just Rover the dog?

Because there is kind of like,

you and I were chatting
before we got off on the call

here, was the whole kind of man
the middle side of if somebody happens

to have access or knows enough about us
or can put these things together,

they could piece that conversation.

And if it was just Rover the dog,
they might be able to kind of man

in the middle of that.
But if it is- Yeah, yeah.

Let's explain what, most people in the audience

will probably understand what we
mean by this man in the middle,

but you also have to recognize
we are kind of in a Zero Trust bubble.

[ ]

So why, if I, we would say
Rover to dog as a password.

Right.

Why would someone in the audience
then get in the middle of us?

Because they could fool as both.

Yeah.

So I'm, you know,

number one, like, from a ZT perspective,
like human nature

means there's always something malicious,
potentially sitting back there.

It's not paranoia, it’s

just that's how humans have been since,
you know, the first two cavemen started,

you know, thinking about how to
beat each other up or whatever, but,

anyone that's, especially nowadays
with all the digital information

that's out there, you know, Facebook
and Instagram and Snapchat and TikTok

and all the things like,

I can build a pretty good kind of profile
of what's going on.

Or maybe I'm just in earshot
and I've heard it a couple times,

and then I'm able to jump in
and man in the middle

as far as know the answer or what
the question is and that type of deal.

Yeah, yeah. So someone else
would call me as you. Yeah.

And would ask me for the passwords.

And I would say... I said,
what's the password?

Yeah. We were like, Rover the dog, oh.

And then they use it
to authenticate me with you.

That’s where the man in the middle is. Yeah.

So there's no point in
doing just a password then.

Yeah. It's too easy for the attacker.

So that's why you need to somehow spark,
because the attacker doesn't know

the first part of it, the question
part of it, and that’s the whole point.

And then switch it up
every once in a while to just-

Yeah, rotate it. Yeah.
Because I used it..

Well, like you're supposed to with
passwords, even though some people don't.

Ahum, Louvre in Paris.

The Louvre in Paris wasn't
a rotation problem,

only it was a complexity problem.
No, no.

I keep hearing about that one

and I’m thinking in my mind of,
like, the Mission Impossible

and some guys like, oh,
I'm going to hack into this thing.

And somebody goes, oh, I don't know

the password could be.
It was Louvre.

You can’t..

Happens too often, default passwords
that you can look up online and

I mean just go to Shodan or, a free service
where you can search for those.

Yeah, I've done that once
or twice in my past.

We won't go into it.

Yeah.

So, funny, that a day to day thing.
like talking to your child,

Zero Trust is also applicable there.

But I wonder, do you have such a
system in place with your loved ones?

Yeah, we do.

So like the, one thing
that's been interesting

too is if you haven't heard of like,
the cyber kidnapping phenomenon,

where basically people
are grabbing folks’ kids

and taking them and putting them out
and like the woods

in a tent with food and water
and whatever else.

And then they're deepfaking
the voice

and calling back and saying, like,
you know, mom, dad, I've been kidnapped

send these people mone, etc,

you know, the kid is fine.

They're just kind of lost.

That's a pretty common deal.

If you don't have a passphrase
and a, you know, a password

or whatever you want to call it to
kind of authenticate that that's legit,

it might not work.

And I think there was a pretty recent case
in California. Yeah.

So what you mean is
they're not actually kidnapped.

They kidnap them and they take them,
but they don't, they're not like held

in like a bunker or somewhere,
you know, chained to the floor or something.

They're just not available
to use the phone essentially.

And then the bad guys
are voice faking them

deepfaking them to call the parents
and say, I'm in trouble, I need help.

Send these people money.
And it works.

I mean, somebody calls you and says,
it's your kid's voice

dad, mom, send the money or they’ll kill me
like, yeah, here's my money.

Yeah. But if you have a-
But what do you do then,

if you have a spouse or kids,
so you say, what was it?

What's the price of rice in China?

And then you don't get an answer.
Yeah.

I go, no, not legit and then

if it's ‘they have my kids’,
it's a different story.

Then we got to get law enforcement
involved and stuff like that.

But at least then I know, like...
It's not a real child that you hear.

It's, right, it's not my kid on the phone.

Yeah, yeah.
You know, so then I, you know, so.

But everybody should do this then.
I think you should. In your family. Yeah.

What about, because we're talking
about, also on the podcast,

many times about user training
and for many

this is simply teaching people
not to click on links.

And my personal opinion on this is, yeah.

what if you’re a CISO of 2000 people,
or 10,000 people and,

and you fail when someone clicks on a link,
the chances of that happening is so

tremendously high.

[ ] basically. Yeah.

And especially with AI,
because it is already.. to me clearly

fake emails you can’t already
reliably teach people to do so.

They're getting better and better.

Oh, the days of those like janky, weird
Russian emails that don't make sense,

you know?

So maybe for training, we should
instead do the pass phrase.

I think we should kidnap people's
kids - no, I’m just playing.

That would really get the point across.

I will get to practice later.

Like find the employee and, but you really
need to train them and just be like, yeah, well...

That makes sense to do this.

And I always advocate

standard procedures and payments,
for example, never go beyond the process.

So whoever tells you, like financial
institutes, banks, good banks

at least say, we will never call you.

For your password or whatever.
That should be the mantra, right?

That's happened to my mom,
my own mother. Right.

She got actually hit twice in one day.

And what's funny was, the first time
I was like, mom, like, okay, don't do it again.

And sure enough, hours later,
the same thing happened.

I was like, that's why they send you
a thing saying, we will never call you.

Yeah. You know, she's said, well,
I don't know which one’s...

I'm like, well, what's, you know.
Zero Trust huh.

When you're 70 something years old...
Doesn't that hurt, you’re Dr. Zero Trust...

It did hurt a little bit.

I had to tell her like I,
you kind of hit me here, but,

you know, it is what it is.
I had the same experience. Yeah, see?

Everybody does.

You know what they did?
My parents, they send,

they called my dad and said, listen,
we need to, your,

we have debit cards with a Pin code
only, yours is going to expire.

And we now have a special sale.

You get 50% off if you renew right now.
Just give us the pin.

You need, yeah.

Put your pin in here and
then send it back.

Nice.

You know? And, you know what they did?

There was, he expected a shipment,

a letter for someone and it wouldn’t arrive
and he didn't know why.

And then he went to his, like, yeah,
I'll check the door again to see

where the sleeve where they put the stuff in,
if it’s still working. And it wasn't.

And in his garden
there was, on a pole.

There was a letter box for someone
to put the new pass in, the new credit card.

And then they were planning on
grabbing it.

Oh, yeah.

Now and, of course, what I
was disappointed about,

you didn't immediately call me.

because I would have called the cops
and say, hey, let's

let's stake out there
and see who is going to collect it.

Probably a mule or something,
but at least it's a start.

But he simply threw it away,
and then reset everything.

I only see he did better than my mother did.
And he is really technically savvy.

Yeah. Yeah.

So, it could happen to everybody.

Well, my mom's was interesting
because, she's got you know,

the health care stuff
and it was actually a health care

organization who, whoever was in
that network was good

enough to know that my mom
had been to the doctor recently

and that there was a bill coming
and whatever else.

So I mean, they had done a
little bit of work to get it right.

And then, you know, she's 70 something years old.

So when she gets a call about
a procedure she's recently had.

Yeah. It sounds much more legit.

Yeah, yeah.
And this is what AI brings, right?

Because AI, you can simply,
shoot the same thing at

every- it's not-
At a million people.

Yeah. You don't have to do
all the research for one person.

You can even do it with,
indeed, a million people

and if only ten of them are exactly
in the situation that you were

aiming for. Yeah. You will-
It's a numbers game. Exactly.

Yeah, yeah.

I read a story about someone

that claimed that he could predict
horse races and it was always the top

5, top 5 of people, so 1 in 5,
20% chance that you were right.

So he sent an email, to the victim,
and he said, hey,

I don't expect you to believe me,
but I know how to protect horse races.

I'll prove it to you.

And he predicted which horse
would win and it would win.

And then he said, well,
I was right, as I predicted.

I'll do it again next week.
And he did it again.

So second time he wrote he was right.

And then the third time he wrote he was right.

He said, hey, we can bet on this
because by now you might be convinced.

that I - [ ] Three times.
[ ] a lot of money.

And he went eight times in a row or so
and then he met this person,

at the last racing day at the tracks.

But not to explain how his algorithm works,

but to explain that he started with five to the

power of eight people, different emails.

At some point he had 25 people
because he could do two runs.

And then and that was just
it was a big eye opener for us

because from their perspective,
his numbers game, it was tailored to them.

Yeah. He was right the whole time.

Of course he would disappointed-
[ ] Yeah. Yeah. Right.

And I think we are getting into
that age now with AI.

Right.

And it's just just not natural to people.

And we need to have a Zero Trust mindset,
I think, to combat this and,

yeah, standard procedures for payments,
pass phrases, I think those are good things to to consider.

I think it's better to be more like,

the other day I tried
to buy something in

my account has a setting of,
you know x number of dollars,

and I would rather have it error out,
and we have to go, oh, crap.

I need to go fix that then.
Okay. We processed it.

Yeah, well, you know,
just set low thresholds, like that's okay.

Yeah. Yeah. It also helps.

Okay.

What are things that AI can do
that we should probably talk about?

Because there's also,
I know you're really worried

about AI in general and the
Zero Trust answer to this,

the answer is there but probably not
the technical countermeasure.

Exactly. It's working its way
there to some degree.

I think we're getting some indicators
that there's stuff coming, yeah.

Yeah.

I mean we've seen prompt injection,
for example, where you trick

the LLM, or the OpenAI or Anthropic or whatever.

You're using it to do something
completely different.

We saw a prompt injection where,

someone made a MCP server.

Sorry, MCP server is a,
like a front end to an API, basically.

The language, the Lego blocks
that you can put in your agent.

Right.

So, for example, if you want your ChatGPT
to know about your customers,

you hook it up to an MCP server
that is hooked up

to your database of customers,
so then you can ask, hey,

what customers did buy something
from me last .. and it will know.

Amazing, right?

But, an MCP server, someone made an MCP server
for management of Kubernetes,

and it would, under the hood,
simply execute kubectl whatever.

And someone tricked that LLM
into running, spawning

a shell on the node on the host machine
and removed the whole drive.

It was never the intention.

There's no firewall against this because..
It's a function inside of the thing.

We need to talk to this thing.

So the business perspective is, yeah,
this is a very useful things that we need

to execute.

There's no malware involved so

endpoint protection doesn't work,
encryption doesn't matter.

Yeah.

So how are we ever
going to do these things? And

I mean, what's the - Well, it's going
to be the same kind of rat race,

you know, arms race that
we have had for a long time.

But it's going to be more scope and scale.

And then, you know, the unique use cases,
it's kind of like what we have with,

you know, folks that say, oh,
we identify 100% of malware.

Well, no, you don't, cuz I mean,
technically I could do something

at the kernel that's native
to the machine, like,

I don't know, PowerShell
and that's malware.

And you wouldn't pick it up.
Live off the land.

Yeah.

So I think we're at that stage where it's kind of
arms race 101 and it'll continue to line up.

But yeah, to what you were
mentioning is like,

folks just have to be aware
that the good guys or the bad guys,

we don't own the patent
on these applications for AI or whatever.

We're all figuring it out
as we've been thrown off the cliff.

Yeah. And that's okay.

You know what I think is different
from previous parts in the arms race?

Because the, if there new,
cloud is coming along, for example,

people put stuff in the cloud
and forget to firewall.

But that that takes time
to get into the cloud.

So initially the risk is low because it's

not everything and people
do their low risk stuff first, etc..

So we learned along the way a little bit.

But now with AI, I mean,
you cannot postpone your

AI roadmap for half a year
because the competition will not

and they will win,
you'll be out of business.

I think it's really,
if you're not investing in AI,

it's an existential threat
to any company

actually, maybe not the barbershop,
but maybe... Maybe the barbershop, I dunno.

Yeah, maybe you don't get any clients...
Faster barbering?

Well, maybe, what's his name?
Prime.

The Tesla bots.
It can also do your haircut.

I don't know, but that's
not what I was referring to.

So my point is, there's such a push

to go into this technologies
and not really..

And less room for risk management or,

I mean, yeah, you can have
an AI way of thinking.

I think policy engines, honestly,
with AI as the capability offering there

going to be what makes a difference for
the good guy side of this equation.

Because, you're going to have
to do this stuff with scope

and scale with policy engine,
and that's going to be powered with ML

and that's where we-

Yeah. What you're saying is

since we're being attacked
or the subject is ML or AI,

we should... Meet the adversary
where the adversary lives.

Yeah. Y’know, fight fire with fire,
that type of thing.

Yeah.

So we need AI probably to fix all this.
There is actually start ups that do this.

They get into all the communication
channels between AIs.

Because even today already
we are in a stage where

AI start talking more to each other.

Yeah, [ ] they call it.

So in all those paths, first of all this,
that you can actually restrict.

But you can also look into those channels
and see and do all kind of

DLP kind of thing, prompt injection
on this stuff is possible.

I think that the whole
approach is just like,

be up on it, stay ahead of it, stay,
you know, cognizant, aware.

And then it's also still the same thing
that John's talked about,

that I've mentioned in the past.

He was like, don't be afraid. Be aware.

I'm not afraid. I'm just aware.

And that's better.

Yeah, yeah, okay.

But I still have the feeling that
the developments in AI outpace

how fast we can go. I mean, in cloud. Yeah.

Many people are not properly securing
those because it's- Because it's cloud

and you're like, how the hell
do I secure cloud?

Yeah. Or yeah, but it's Microsoft’s problem.
So, it’s - No it’s not.

It's just someone else's
computer. Exactly.

Yeah, but at least we can do
a lot of things there.

Yeah, and it feels a little,
but, I mean, it's in its infancy maybe.

Yeah. When we re-record this episode.

Yeah, when we come back two years from now...
Yeah, we’ll have a optimistic story about it all.

Hopefully. So.

Yeah.

Optimism would be good. Yeah.

Realism is good.

Optimism is gooder.

I guess. Chase, thank you very much
for all these insights.

I enjoyed talking to you about Zero Trust.

And I think that it’s been a lot of
things that people can take away

and hopefully the future
is brighter than we thought.

But we'll see in possibly
a next episode.

And to our viewers,
thank you very much for tuning in today.

This was Threat Talks and, well,
if you liked this episode, we’d appreciate it

if you press the like button because it
helps us spread the word further.

There's also subscribe button
and a notification bell.

And if you press those then
you will be sure that next week you will have

the next episode in your inbox.

Thank you for today. Bye bye.

Thank you for listening to Threat Talks,
a podcast by ON2IT cybersecurity and AMS-IX.

Did you like what you heard?
Do you want to learn more?

Follow Threat Talks to stay up to date
on the topic of cybersecurity.