AI security Five Protective Measures Against Social Engineering

By Neurawork | Translated by AI 2 min Reading Time

Related Vendors

Deepfake calls, deceptively realistic phishing emails, and manipulated identities: The AI consultancy Neurawork explains why trained employees alone are not enough and what security architecture companies additionally need.

(Image: Neurawork AI / Leonardo.ai)
(Image: Neurawork AI / Leonardo.ai)

AI makes social engineering more dangerous. Criminals can imitate voices, manipulate video images, and create messages that are linguistically and contextually almost indistinguishable from genuine corporate communication. As a result, it is not the technology that is attacked first but the trust of employees. The consultancy Neurawork, specializing in Operational AI, warns against this.

According to the latest YouGov survey commissioned by Neurawork, 24 percent of the 541 companies surveyed consider cyberattacks or data theft through the use of AI to be among the greatest business risks.

"AI doesn't first crack the technology, but the trust of people. The more authentic voices, images, and messages appear, the less companies can afford to base important decisions on a single communication channel," says Christoph Knöll, co-founder of the AI consultancy Neurawork.

Humans Remain Important—But Must Not Be the Only Layer of Protection

Training, callback procedures, and the four-eyes principle remain indispensable. However, they cannot prevent employees from making mistakes under stress or failing to recognize a professionally prepared deception in time.

Therefore, Operational AI requires a security architecture that limits an attacker's scope of action. Even if a manipulated message is successful, it must not automatically lead to a transfer, data leakage, or comprehensive system access.

Five Components of a Secure AI Architecture

1. Sensitive data remains in a controlled environment

Confidential customer, client, or company data should not be transmitted uncontrollably to external AI services. Neurawork relies on controlled infrastructures for sensitive applications, which can, for example, be operated in Germany. This ensures traceability of where data is processed and who is allowed to access it.

2. Every access is limited

AI systems and AI agents are granted only the rights they need for a specific task. For example, a system that analyzes documents does not need to be able to automatically send emails, change bank details, or delete files.

3. Critical actions require human approval

Payments, changes to master data, the sharing of confidential information, or the assignment of new access rights must not be triggered solely by AI or based on a single message. Such processes require clearly defined approval steps.

4. AI agents work within fixed governance rules

AI agents can analyze data and prepare processes. However, they should act only within predefined rules. This includes documented responsibilities, role and rights concepts, as well as clear limits for automated decisions.

5. Activities must be logged and verifiable

Companies must be able to identify which data an AI system has processed, which action was triggered, and who approved it. Logging and monitoring help to detect unusual activities early and trace incidents.

Security Arises Through Architecture, Processes, and People

How this approach works in practice is demonstrated by a joint project between Neurawork and the Eventus Group. For the tax consulting firm, a dedicated AI infrastructure was set up within seven weeks. Sensitive client data is processed within a controlled environment. AI agents analyze data streams and support processes within clearly defined governance and access rules.

The example shows: Strict requirements for confidentiality and data protection do not have to be a barrier to using AI. What matters is that companies don't just implement individual AI tools but integrate security into the architecture from the very beginning.

Subscribe to the newsletter now

Don't Miss out on Our Best Content

By clicking on „Subscribe to Newsletter“ I agree to the processing and use of my data according to the consent form (please expand for details) and accept the Terms of Use. For more information, please see our Privacy Policy. The consent declaration relates, among other things, to the sending of editorial newsletters by email and to data matching for marketing purposes with selected advertising partners (e.g., LinkedIn, Google, Meta)

Unfold for details of your consent