AI-powered cyber threats have transformed the security landscape for manufacturers, with 2026 reports indicating that AI is used to speed up reconnaissance, automate phishing, and craft functional exploit code within minutes. Manufacturing has topped the list of industries facing cyberattacks for four consecutive years, as attackers leverage AI to target the convergence of IT and Operational Technology (OT).
Billy Cannon, cybersecurity leader and director of the Partner Development Center at Recorded Future, joined the Sip Club on April 16, 2026, to share his perspective on this topic. Billy specializes in technical enablement and global channel ecosystems and was a cyber intelligence officer for the United States Air Force for eight years prior to entering the private sector. His background as a leading partner engineering and pre-sales teams at CrowdStrike and Rapid7 has given him deep expertise in scaling global solution architecture and sales readiness.
AI in the Security Landscape:
How has AI changed the security environment specifically for the end-user?
AI has shifted the security environment from “static” to “dynamic.” For the end-user, the traditional “red flags” of a scam—like poor grammar or grainy images—have vanished, making the digital world feel much more deceptive.
- User Impact:A user might interact with a chatbot on a familiar website, not realizing the bot has been hijacked to scrape their personal data in a natural, fluid conversation.
- User Mitigation:Use browsers with enhanced protection and adopt a “verify-then-trust” mindset for all unsolicited digital interactions.
- Enterprise Mitigation:Deploy AI-native endpoint protection (EDR) that detects behavioral anomalies and update acceptable use policies for AI interfaces.
Questions to Ask Yourself:
“When was the last time you saw a phishing email that looked too perfect to be fake?” The answer is most likely once a week if not more. Be vigilant!
“If a chatbot started asking for your Employee ID to “verify your account,” would you give it?” The safe answer is “Don’t trust anybody.” If you think you are “talking” with a bot, ask to speak to a manager or ask a question they couldn’t possibly answer, like “What is the square root of 4,278 times 38,789?” If you get an immediate answer, it’s a bot! (12,881.744524714 …)
What is the Hacker’s Perspective?
How are Hackers using AI to be faster and more efficient?
Hackers use AI to scale personalized attacks that previously required human hours. This includes deepfakes (audio and/or video), AI Bots for social engineering, and instant phishing pages that mimic a company’s exact login portal.
- User Impact:You receive a video call from your manager’s Slack account. Their voice and face look perfect, and they ask you to “test” a new payment portal by entering your corporate credentials.
- User Mitigation:Use hardware security keys (FIDO2) and create a “safe word” with colleagues for verifying high-stakes requests over the phone.
- Enterprise Mitigation:Implement liveness detection for identity verification and mandate “two-person integrity” for all financial transfers.
Questions to Ask Yourself:
“If you received a voice note from your CEO asking for an urgent wire transfer, what is the first thing you would do to verify it?” Call your CEO directly or at least get to a reliable source
“How would our team handle a situation where a customer’s identity was spoofed by a deepfake?” If you don’t know the answer to this, you’d better get one. Your company could be exposed. Again, the most reliable solution is if you are not sure, validate with a live, reliable source.
How do we defend ourselves and our companies?
What are some best practices and actionable steps to protect ourselves and our companies from these new threats?
Here we shift from “detection” to “resilience.” Since AI can bypass many filters, the goal is to minimize the damage a single compromised identity—human or machine—can cause.
Non-Human Identities (NHIs), or machine identities, are digital credentials used by software—such as API keys, service accounts, bots, and containers—to authenticate and access systems. As the primary drivers of automation and cloud services, they outnumber human users, often creating security risks due to over-permissioning, lack of lifecycle management, and “zombie” accounts.
AI integration relies on “service accounts” and API keys to move data between apps. Unlike humans, these “identities” don’t use Multi-Factor Authentication (MFA), they never sleep, and they often have over-privileged access, making them a goldmine for attackers.
- User/Admin Impact:An Employee connects a “meeting summarizer” AI to their calendar. That AI now has a permanent “secret key” to read every invitation, see private links, and access contact lists, even if the employee changes their own password.
- User Mitigations:
- Technical:Regularly audit “authorized apps” in your Google, Microsoft, or Slack settings and revoke anything you don’t use daily.
- Policy:Treat API keys like physical master keys—never store them in plain text (such as in a Notes app or a Word doc).
- Enterprise Mitigation:
- Technical:Implement NHI inventory tools to track every active API key and automated “secret scanning” to find keys accidentally leaked in code.
- Policy:Enforce short-lived tokens; instead of a key that lasts forever, use credentials that expire every few hours and must be re-requested.
Questions to Ask Yourself:
“How many third-party AI helpers have access to your inbox or calendar right now?” If you don’t know the answer, you should check quickly. This could be a more dangerous situation than you realize.
“If an AI bot’s credentials were stolen, how much of our company data could it walk away with before we noticed?” Again, if you don’t know the answer, you should check quickly. Fortune favors the prepared!
What are the risks for our employees?
What are some of the security risks incurred by employees using AI in their daily work?
Employees often use unsanctioned AI tools to be more efficient, but this creates data leakage. Inputting proprietary code or customer lists into a public AI model can make that data part of the AI’s permanent training set.
- User Impact:An employee uploads a confidential legal contract to a free PDF summarizer AI tool; that contract is now stored on a third-party server with no security guarantees.
- User Mitigation:Use only enterprise-grade AI where data training is explicitly turned off and never put personally identifiable information (PII) into any AI prompt.
- Enterprise Mitigation:Use data loss prevention (DLP) software to block sensitive data from being pasted into AI websites and maintain a registry of approved AI tools.
Questions to Ask Yourself:
“Have you ever pasted company data into an AI tool because it was just easier than doing it manually?” If your answer is “yes,” do you know where that information went? If you don’t know, you need to think about using AI tools differently. Protect yourself and your company!
“If the data you just typed into an AI became public tomorrow, how would it impact our company’s reputation?” This should be a prime consideration every time you use an AI tool. Think about and understand the consequences before you have an incident.
What’s the conclusion?
AI is a two-edged sword, and it cuts both ways. On one hand, it can be a significant benefit to employee productivity. On the other hand, it can create significant issues and exposures for the company. Still, there are several steps a company can take to protect itself while using the tool to promote efficiency and productivity:
- Policy: Create sound operating policies for your employees and establish the appropriate protocols and controls. Determine what tools can be used and how and eliminate/prohibit unauthorized tools.
- Understanding:Make sure you understand how your employees are using AI tools and ensure unauthorized sub-routines have not been established—in a way that is not punitive to the innovative employee.
- Training:Train your people on the appropriate and safe way to use AI tools.
- Awareness:Make sure your employees are aware of the consequences to the company and themselves if there is some sort of incident.
- Recovery:Things happen; people make mistakes. Put a recovery plan in place in the event that there is an issue with data loss, cash impact, or a situation where a customer’s identity was spoofed.
Thanks to all our Sip Club participants for their contributions and insights for the Sip Club.
Sip Club is a monthly, online knowledge-sharing event sponsored by Mirador Software Group and its subsidiary companies. It’s designed primarily for our customers—manufacturing professionals in operations, finance, and IT roles. Each session offers a safe space for our community to learn from one another, exchange ideas, and gain fresh perspectives from industry leaders.
Billy Cannon, Director of the Partner Development Center at Recorded Future, specializes in technical enablement and global channel ecosystems and was a cyber intelligence officer for the United States Air Force for eight years prior to entering the private sector. His background includes roles as a leading partner engineering and pre-sales teams at CrowdStrike and Rapid7.
Jeff Osorio is a Consulting CFO with over 40 years of experience in operationally oriented companies ranging from pre-Revenue to $4B with over 40 ERP implementations in his portfolio. He is currently serving on the Board of a Stealth Medical AI Company and advising emerging companies. He is also a former Adjunct Professor in the MBA program of the Leavey School of Business at Santa Clara University.
