WEBINAR REPLAY

AI in Cyber

Prevent emerging Al attacks with smarter Al training.
Improve your cyber posture
Advanced Mail Filtering | CodeBlue

OVERVIEW

Criminals now use AI to remove the usual warning signs. Most staff training has not kept up. In this one-hour session, CodeBlue and Tekspace share what is changing and what helps.

CONTENT SUMMARY

Watch to learn:

  • How AI is reshaping phishing, BEC, and social engineering
  • Why staff are more vulnerable to AI driven deception
  • How AI powered training strengthens human defences
  • Practical steps to uplift awareness without major cost

Replay Webinar

Webinar transcript

Introduction

George Hagivassilis: Welcome and good morning, everyone. I’m George Hagivassilis, CCO at Tekspace. We are cybersecurity product experts, and our research powers many of the product decisions at CodeBlue. Today, we’re taking a fascinating dive into the two sides of the same coin: how bad actors use AI to attack organizations, and how we can use AI to respond.

Joining us are two leaders in the field. First, Matthew Jose, CISO at CodeBlue, who leads strategy to help New Zealand organizations manage cyber risk. Second, we have Frank De Pasquale, the driving force behind Tekspace’s strategic direction and cyber SaaS R&D.

Today is actually Safer Internet Day here in New Zealand—a global initiative to create a safer space online—making it the perfect day to discuss cybersecurity awareness.

Part 1: How Attackers Use AI

Matthew: Everyone is happy that we have access to AI, but the bad news is that attackers have it too. They aren’t sitting still. We’re seeing a massive volume of attacks at the coalface.

The “Anatomy of an Attack”

Attackers are now using AI for highly personalized phishing. I recently heard of a case where a homebuyer’s lawyer received an email from their client asking to settle funds into a different bank account. The email was written exactly in the client’s style because the attacker had been monitoring the account. Fortunately, the lawyer followed best practices, called the client, and discovered it was a scam.

Beyond money, attackers use AI to:

  1. Create Malware Quickly: They use AI to write code and perform “A/B testing” on malware to see what bypasses security.

  2. Conduct Reconnaissance: In one instance we handled, an attacker sat in a compromised account for 20 days, learning the victim’s writing style and profiling customers before sending a single malicious email.

CodeBlue’s 2025 Statistics

The scale of these attacks is staggering. Last year alone, our Security Operations Center (SOC) prevented:

  • 217,000 malware attacks.

  • 7.3 million spam and phishing emails.

  • 2.2 million internet threats.

  • 36 Business Email Compromises (BEC): Interestingly, 28 of those involved bypassing Multi-Factor Authentication (MFA)—once the “gold standard” of security.

Part 2: The Modern Response to AI Threats

Frank De Pasquale: If someone is fighting you with guns, you can’t fight back with bows and arrows. We need AI-assisted detection.

The Human Element: Security Awareness Training (SAT)

We need to uplift the “human firewall.” Most modern solutions focus on three pillars:

  1. AI-Driven Phishing Simulations: Instead of sending the same fake email to everyone, AI analyzes individual risk profiles. It looks at what apps you use (Zoom, LinkedIn, etc.) and what time of day you’re most vulnerable to send a tailored test.

  2. Adaptive Difficulty: If a user is struggling, the system sends easier simulations to build confidence. As they improve, the difficulty increases.

  3. Positive Reinforcement: We want to move away from “policing” staff. When a user reports a suspicious email, they should be rewarded and encouraged.

The Purpose-Built Curriculum

Think of it like teaching a child math. You don’t just give them a library; you give them a curriculum. We use “micro-learning” sessions (under 5 minutes) that are interactive and engaging, building a foundation so that spotting a threat becomes as organic as looking both ways before crossing the street.

Part 3: Key Takeaways and Q&A

Matthew: Technology is essential, but it cannot cover every gap. Security awareness creates a culture of shared responsibility. Key Takeaways:

  • Resilience: Trained staff recognize attempts earlier, making the impact on the organization smaller and cheaper to fix.

  • Trust: In a regulated environment, having a trained workforce is visible proof that you take security seriously.

  • Layered Defense: You need a “house” approach—locks on the doors (firewalls), an alarm (detection), and people who know how to use them.

Highlights from the Q&A

  • Frequency: Best practice is to run phishing simulations at least twice a month and training modules once a month.

  • Bypassing MFA: Attackers use “Man-in-the-Middle” attacks to steal session tokens, which is why users must be trained to check the URL of a login page.

  • Small Business: These solutions are absolutely scalable for small businesses—even those with only 10 employees.

George Hagivassilis: That’s all for today. Thank you to Frank De Pasquale and Matt for their insights. Remember, the best security is a mix of smart technology and informed people.

Would you like me to create an “About the Speakers” section for the bottom of this page to give it more professional polish?

Strengthen your posture

Looking to get ahead of cyber risks?

Complete our form today to speak with the CodeBlue team about a robust cybersecurity strategy.

Speakers

Mathew Jose
Mathew Jose CISO CodeBlue New Zealand

Mathew leads cyber security strategy at CodeBlue, supporting Kiwi organisations to manage cyber risk across people, process and technology.

 Read More
×

Mathew Jose

Mathew leads cyber security strategy at CodeBlue, supporting Kiwi organisations to manage cyber risk across people, process and technology.

Frank De Pasquale
Frank De Pasquale CEO and Founder Tekspace

Frank has decades of testing, vendor analysis and experience securing live client environments as the owner of two MSPs.

 Read More
×

Frank De Pasquale

Frank has decades of testing, vendor analysis and experience securing live client environments as the owner of two MSPs.

Key points from the webinar

Matthew Jose (CISO, CodeBlue)

Focus: The Threat Landscape and Technical Reality

  1. AI-Enhanced Social Engineering: Attackers are using AI to clone writing styles and conduct “real-time conversational phishing.” This allows them to monitor an account for weeks, learn how a person speaks, and then strike with a perfectly crafted, authentic-sounding request.
  2. The Failure of “Gold Standard” Security: Matthew revealed that 28 out of 36 recent email compromises involved bypassing Multi-Factor Authentication (MFA). This proves that while technical controls are necessary, they are no longer a 100% guarantee against sophisticated attackers.
  3. The Value of the “Human Firewall”: Because AI allows malware to be created and tested so rapidly that it often bypasses traditional filters, the final line of defense is a human who has the “healthy skepticism” to stop and verify a request before clicking.

Frank De Pasquale (Founder, Tekspace)

Focus: Strategic Training and Behavioral Science

  1. Individualized Risk Profiling: Frank emphasized that training shouldn’t be “one size fits all.” Modern systems use AI to build a behavior risk score for every employee, tailoring phishing simulations based on the specific apps they use (like LinkedIn or Zoom) and their personal skill level.
  2. Psychology Over Policing: He highlighted that “naming and shaming” or overly difficult tests lead to staff disengagement. Effective training must be adaptive—getting easier if a user is struggling to build confidence, and harder as they become more competent—to keep them engaged.
  3. The “Math Curriculum” Philosophy: Instead of just showing videos, Frank advocates for building “foundational cybersecurity knowledge.” By training staff on the basics through interactive micro-learning, identifying a scam becomes an organic, subconscious habit—similar to looking both ways before crossing the street.