AI-based attacks, artificial intelligence and machine learning, events
RPC’s Spencer Scott discusses why you need to understand security basics before implementing agenttic AI
Anna Delaney (anna madeline) •
June 15, 2026
Artificial intelligence is transforming social engineering threats, allowing attackers to deploy deepfake-driven attacks, voice cloning, and advanced phishing at low cost and speed, leaving defenders scrambling to keep pace.
See also: Know Your Enemy: Threats to Cyber Resilience
Shadow AI further compounds the challenge by allowing employees to introduce unauthorized tools that expose organizations to risks invisible to security teams, making an already complex attack surface difficult to manage and auditing nearly impossible.
“Many companies are rushing to develop this agent capability, but they’re leaving behind dirty laundry that they haven’t implemented at a fundamental level,” said Spencer Scott, head of information security at law firm RPC.
In a video interview with ISMG at Infosecurity Europe 2026, Scott also said:
- The increasing speed of AI-powered attacks is why humans alone can no longer manage threat analysis.
- How to incorporate AI-specific questions into your third-party due diligence process.
- Why AI governance should be subject to the same board-level oversight that applies to infrastructure implementations.
Scott has over 25 years of experience in the IT field, with over 18 years of specialization in cybersecurity, risk management, and operational resiliency in global retail and corporate environments. He has extensive expertise across the security lifecycle, including governance and compliance, SOC operations, cloud security, identity and access management, third-party risk, and AI-driven threat detection.
