$18M Phishing Scam Exposes Coverage Gaps
A recent social engineering attack targeting Milford Management resulted in over $18 million being wired to a fraudulent account. The scam involved spoofed emails impersonating the Battery Park City Authority and is now under federal investigation. While cyber insurance is being reviewed, most policies cap social engineering fraud coverage at just $250,000, revealing a significant gap between potential losses and actual protection. This incident underscores the need for enhanced verification protocols and a reevaluation of coverage limits in today’s threat environment.
AI Deepfake Impersonation Targets U.S. Officials
In a troubling example of AI-powered social engineering, a malicious actor used deepfake voice technology to impersonate Secretary of State Marco Rubio. The impersonator contacted U.S. officials and foreign ministers via Signal, convincingly mimicking Rubio’s voice and writing style to solicit sensitive information. This incident highlights the growing risk of AI-driven impersonation, which can bypass traditional security measures and exploit trust in familiar identities. It also reinforces the need for proactive, well-funded cybersecurity programs, especially in the public sector where the stakes of compromised communication are exceptionally high.
Legal Hallucinations Highlight Need for AI Training
Generative AI tools like ChatGPT are increasingly used in legal workflows but not without risk. Since mid-2023, over 120 incidents of AI-generated false case law and citations (known as “legal hallucinations”) have surfaced, with nearly 60 occurring in 2025 alone. Some attorneys have faced sanctions for submitting AI-generated false information, and courts are now requiring certifications that AI-generated legal content has been properly verified. Tailored prompt training, robust verification protocols and ongoing education can help ensure responsible use within legal teams.
Identity Security Takes Center Stage in Cyber Defense
As AI agents become more integrated into enterprise systems, identity is emerging as the new cybersecurity battleground. In a recent interview, Ping Identity CEO Andre Durand explains the importance of decentralized, verifiable credentials, such as biometrics and cryptographic proofs, for future-proofing security. He emphasizes the need to treat AI agents like human users, with secure identities and behavior monitoring, in order to strengthen defenses and combat identity-based attacks.
