So, some context.
A new report from LevelBlue reveals a concerning threefold increase in cybersecurity incidents during the first half of 2025, driven by sophisticated social engineering attacks. The report, titled “Fool Me Once: How Cybercriminals are Mastering the Art of Deception,” shows that the percentage of LevelBlue customers experiencing incidents surged from six percent in late 2024 to seventeen percent this year. Notably, social engineering attacks now account for thirty-nine percent of initial access incidents, with fake CAPTCHA schemes, particularly ClickFix campaigns, rising by an alarming one thousand four hundred fifty percent. The report outlines several recommendations for organizations, including educating users on emerging threats and implementing stricter access protocols.
Shadow artificial intelligence is a growing concern for organizations, with IBM’s recent report revealing that breaches related to unauthorized AI tool usage cost companies an average of $4.63 million—16% higher than the global average. The report highlights that while only 13% of organizations reported AI-related security incidents, a staggering 97% lacked adequate access controls for these systems, exposing sensitive data to potential threats. According to the research conducted by IBM and the Ponemon Institute, 60% of AI-related security incidents led to compromised data, with personal identifiable information at risk in 65% of cases. Experts warn that the governance of AI remains a significant weakness, with 63% of breached organizations lacking established policies.
Why do we care?
Social engineering is making a strong comeback—and it’s no longer just about phishing. LevelBlue reports attacks have increased threefold, with fake CAPTCHA campaigns soaring by over 1,400%. That’s not a mistake. This tactic tricks users by mimicking everyday prompts, and it’s proving effective.
Then there’s shadow AI. IBM states that breaches involving unauthorized AI tools cost nearly five million dollars on average. Also, 97% of organizations? They lack access controls. Translation: your clients are probably using AI tools they don’t understand—and unknowingly exposing data.
Why do we care? Because this is risk you should see coming. Your clients’ users are the new weak spot, and AI isn’t helping—it’s making things worse if you’re not watching. Start auditing. Start training. And for the love of uptime, start asking how AI is being used before it burns your house down.