How AI Is Transforming Cybersecurity Threats and Defense—Interview With an Expert
Cyber expert Will Knehr shares how AI transforms the threat landscape and reveals key strategies for effective cybersecurity response.
Cybersecurity threats are evolving at an unprecedented pace. With the rise of generative AI, even novice bad actors now have the tools to launch sophisticated, automated attacks that were once the domain of highly skilled hackers. From real-time deepfakes to polymorphic malware and AI-powered phishing, the modern cyberthreat landscape is constantly shifting, leaving organizations struggling to keep up. To stay ahead, companies need more than firewalls and software updates. They need a culture of cybersecurity awareness, agile incident response plans, and defenses that evolve as quickly as the threats they face.
In this episode of The Employee Safety Podcast, Will Knehr, Global Cybersecurity Advisor at i-PRO, explains how AI is reshaping cybersecurity’s offensive and defensive sides. Drawing on his background in cryptological warfare and experience across industries, Will shares how organizations can detect emerging threats, foster employee engagement in cybersecurity, and prepare for incidents before they happen. He also provides practical tips for training employees, mitigating insider risks, and building smarter, faster response strategies in the age of AI.
You can listen to this interview below and find many more by following The Employee Safety Podcast on Spotify or Apple Podcasts.
Q&A With Will Knehr, Global Cybersecurity Advisor at i-PRO
When you look at the cybersecurity landscape today, what is the most significant risk or set of risks companies should consider?
What stands out to me the most right now is artificial intelligence and its impact on cybersecurity. On the offensive side of the house, we’re seeing a lower barrier to entry for many cyber attackers. AI tools can now do many of the things they had to know before—like coding specific attack vectors or looking for vulnerabilities. Tools like Nebula AI, and many others you can find on GitHub, automatically put all that together.
We’re also seeing it in phishing emails. Not only have phishing emails grown substantially—some studies say 400% year-over-year, which I’ve definitely seen in my organization—but it’s also the sophistication of the AI-generated emails. A lot of the traditional things we used to look for, like improper grammar, strange sentence structures, or missing signatures, are now being generated properly by AI. So, the emails look much better and can be fully automated on behalf of the attackers. They don’t even have to touch them.
Another big thing is polymorphic malware. Traditionally, we used signature-based detection to catch malware. Now, AI systems can change the encoding engine so that each time the malware runs, it behaves differently.
On the cyber defense side, we’re seeing AI used in a similar way—to bring in additional information that traditional analysts may not have time to process. When they’re experiencing alert or alarm fatigue, AI helps by putting the most important things right in front of them. It can even analyze the content of emails and other inputs to detect potential attacks coming into the organization.
How do you see AI shaping the future of cyber threats?
So, right now, what we see AI doing is lowering that barrier and making it easier for attackers. I see that continuing. The ability to build out a sophisticated attack, to find all the members of an organization, gather their emails, job roles, and titles, and build very specific, very tailored attacks—that’s going to be a big challenge we’ll have to deal with.
AI deepfakes are getting better and better. What’s crazy is that they’re already pretty good, but they’re not the fastest. If I wanted to auto-generate your voice or face, I’d need time to render that. What a lot of folks are doing now is pre-programming responses for things they think you might say. It won’t be long before we can do that kind of stuff in real time. We’re getting very close to that.
A lot of the traditional mechanisms we trust—things like voice and video—will become major attack vectors. We won’t be able to rely on them as we have in the past.
How do you handle cybersecurity awareness at i-PRO?
“Cybersecurity should be secure, but it also needs to be user-friendly. My employees need to be able to do their jobs.”Will Knehr Global Cybersecurity Advisor at i-PRO
At i-PRO, we do traditional annual training, such as click-through modules and videos. But we also strongly focus on high-touch cyber training. I record short videos once a month, usually five to ten minutes, covering cybersecurity threats we might face in the organization. I try to make them entertaining because I know the topic can be dry. I’m fascinated by it, but others might not be.
We also include quick cyber tips in our monthly newsletter. The goal is to bake cybersecurity into the culture as much as possible.
One of the biggest things I push is open communication. I tell my team: if you have an issue, just tell me. No chastising, no lectures—nothing like that. If you think you’re compromised, if you clicked on a phishing email, or if you plugged in a USB you found in a parking lot and now your machine’s acting weird, just let me know. I’ll come in, we’ll handle it, and there won’t be any drama. We’re trying to build a culture where people feel comfortable speaking up, so we can respond quickly.
Another thing I love doing is ethical hacking demonstrations. Whether it’s part of a video or in-person training, I set up a hacking station. Sometimes it’s hardware, sometimes software, or even websites they want to see. I show how easy it is to break into systems, manipulate them, and trick AI—like getting ChatGPT or other AI systems to do something they shouldn’t or fuzzing images to inject logic and make the AI generate incorrect or inappropriate content.
I love doing live demos because they show that this stuff isn’t as hard as people think. Most of what I demonstrate could probably be taught to a kindergartner—and yet these techniques can lead to devastating attacks on a business.
Once you establish that level of trust—once you make it clear that we’re here for the people first—employees become much more comfortable coming to you and saying, “Hey, I saw something that seems strange or off.”
Often, it’s not even that they think they’ve been compromised. It’s more like, “Here’s something we could do to improve our cybersecurity,” or “This control seems to be causing an issue for our salespeople, our developers, or whoever it might be.” That kind of feedback is exactly what we want.
Cybersecurity should be secure, but it also needs to be user-friendly. My employees need to be able to do their jobs. We don’t sell cybersecurity—we sell camera products, access control systems, and security systems. If our salespeople can’t do their jobs, then I don’t have a job.
I’m responsible for implementing cybersecurity in a way that’s effective but relatively frictionless for the user.
What does an effective incident response look like?
The first thing you can do is have a plan in place before getting attacked. I know that’s like telling someone whose house was just broken into, “You should’ve had a security system, an alarm, video surveillance.” But hopefully, this is proactive advice for anyone listening.
You need a solid incident response plan. I recommend outlining your most common potential attacks—things like distributed denial-of-service (DDoS) attacks, phishing email compromises, ransomware, viruses on the network, or even the accidental leak of sensitive information. Build your plan out in advance and regularly walk through it with your staff—not just cyber or IT, but also HR, legal, and any other key stakeholders in the organization.
Another critical part of your incident response plan is pre-defining how you’ll communicate with key stakeholders and anyone potentially affected by a breach. The last thing you want to do during a cybersecurity incident is draft media statements or determine where legal, HR, and others stand. Have that ready to go in advance, so you can focus on the incident when it happens.
That said, there’s no one-size-fits-all approach. Every incident is unique and needs to be treated accordingly. We always set up a “war room,” which is common in cybersecurity. We gather all stakeholders, follow the incident response plan, and take care of everything we need to address as part of the incident.
I highly recommend going through these plans regularly. Practice them so your teams know exactly what to do. If you’re not sure where to start, the Department of Homeland Security has a branch called CISA—the Cybersecurity and Infrastructure Security Agency. On their website, they offer a great incident response playbook. If you’re thinking, “I don’t know where to begin,” start there. Use that as a foundation, tailor it to your organization, and implement something practical so you know how to respond when something happens.
And print it out. Make sure your key stakeholders have physical copies. I can’t tell you how many organizations I’ve worked with where a cyberattack happened, and they said, “We had an incident response plan—but it was stored on the server we lost.” So, then you’re left asking, “Now what?”
What emerging threats do you worry about most?
I still feel like we’re getting hit with the same stuff over and over again. When we talk about emerging threats, what I see out there still relies on the same old, timeless issues we’ve faced for years: poor user authentication, poor patching and system updates, and weak security policies.
What keeps me up at night is what we’ve already discussed: AI’s ability to gather information about a network in seconds and launch an attack just as fast. What used to take a lot of time and effort can now happen almost instantly.
So, I still see AI as the leading emerging threat. And I continue to tell people, the best things you can do are still rooted in basic cyber hygiene. Yes, the number of attacks may be increasing, but they still exploit the same vulnerabilities that attackers have used for the past 20 years.
Staying Ahead in a Rapidly Evolving Cyber Landscape
As Will Knehr makes clear, the cybersecurity landscape may be evolving rapidly, but the fundamentals still matter. Staying ahead of AI-driven threats requires cutting-edge tools, continuous education, and a workplace culture that prioritizes awareness, trust, and proactive planning. Whether you’re leading cybersecurity at a global enterprise or protecting a small business, the key lies in empowering your people, refining your incident management strategies, and never underestimating the value of basic cyber hygiene.
For more expert insights like this, be sure to subscribe to The Employee Safety Podcast on your favorite platform.
