Vercon Research
Executive briefs, incident analyses, and field notes on synthetic callers, AI-agent abuse, and the resilience of modern contact centers.
Conference-Line Hijacking: A Quiet Threat Pattern Getting Louder
Conference-line hijacking has historically been a low-noise category of incident that organizations have not invested heavily in defending against. The reasons have been reasonable. The frequency was...
Cross-Channel Smishing Campaigns Are Pairing With Inbound Vishing in June
The opening days of June 2026 have brought a pattern that telecom and contact-center security teams have been quietly preparing for and that retail-facing organizations have largely not. Smishing...
What the May 2026 Disclosure of a Bank's AI Voice Assistant Breach Tells Us
A mid-sized US bank disclosed in late May that an attacker had used its customer-facing AI voice assistant to extract account information and initiate transfers on behalf of customers the attacker...
The Late-May 2026 Pivot: Attackers Are Targeting Outsourced IT Help Desks
Over the last ten days of May 2026, the help-desk vishing surge we wrote about earlier in the month has visibly pivoted. The targets are no longer primarily the in-house IT teams at the end customer....
Field Notes From the May 2026 Help Desk Vishing Surge
A surge in help-desk vishing in May 2026 reveals advanced voice cloning, sophisticated pretexts, and rapid post-reset persistence. Attackers bypass policies via exceptions and exploit agent metrics and inadequate monitoring. Defensive measures include mandatory waiting periods, o
Pulling Back the Curtain: Five General Methods to Identify AI on a Live Channel
Jeff Lever breaks down the five standard methods for detecting AI in live channels and explains why human-observable cues only provide a 50% chance of identification in the wild.
Insurance Carriers in the Crosshairs: Recent First Notice of Loss Fraud Patterns
Organized fraud groups are leveraging sophisticated tooling and breach data to execute First Notice of Loss (FNOL) operations at an industrial scale, exploiting traditional insurance intake processes. This analysis details the patterns, underlying mechanics, and effective hardeni
Healthcare Intake Under Pressure: Spring 2026 Patterns in Patient Impersonation
Healthcare is seeing an increase in patient impersonation, driven by voice cloning and AI intake. This shift challenges existing security assumptions, enabling various frauds from prescription diversions to identity theft. Robust verification and inter-organizational sharing are
The Quiet Cost of Shipping AI Without a Threat Model
Most enterprises ship AI agents without a formal threat model, leaving data-exfiltration boundaries wide open. Jeff Lever argues that a 90-minute exercise can prevent seven-figure incidents.
The Spring 2026 Wave of AI Voice-Cloning Attacks on Municipal 311 Lines
A recent wave of AI voice-cloning attacks on municipal 311 lines exposes critical vulnerabilities, highlighting how cities' outdated threat models and infrastructure are being exploited for large-scale service disruption and fraud.
Stress-Testing AI Agents Like You'd Stress-Test a Trading System
Jeff Lever explains why AI agents require the same rigorous, high-frequency stress-testing as trading systems to ensure security against sophisticated adversarial voice and text attacks.
Lead Poisoning: When Adversarial AI Floods Your Inbound Channels With Fake Demand
Adversaries are now exploiting service businesses' core efficiency by flooding inbound channels with manufactured demand that looks legitimate. This 'lead poisoning' leverages inexpensive AI voice agents to generate convincing fake leads, driving up operational costs and eroding
The Recent Disclosed Voice-Cloning Attack on a US Senator's Office
A U.S. Senator's office was targeted by a voice-cloning attack, a stark demonstration of how generative AI has transformed social engineering. The incident highlights immediate operational imperatives for any organization handling sensitive information.
Voice Cloning Has Outrun Your Authentication
Voice cloning technology has rendered traditional audio authentication obsolete. Jeff Lever explains why 3 seconds of audio is all it takes to breach a standard corporate help desk.
A Reading List on AI Communications Security
AI-enhanced communication threats are escalating, impacting critical workflows from customer recovery to manager overrides. Effective defense requires a layered approach, raising the cost for adversaries to a prohibitive level.
Penetration Testing the IVR: A Checklist for the Modern CISO
Treat your IVR as an unauthenticated API. This executive checklist outlines how to identify vulnerabilities in menu trees, speech-driven AI, and fallback paths to human agents to prevent data exfiltration.
What to Tell Your Board About AI Voice Risk
Vercon's Director explains that AI voice risk isn't about tools; it's about vulnerable workflows. He outlines how attacker tooling, channel proliferation, and regulatory attention demand a proactive, executive-level approach to validating inbound interactions.
Why Webform Intake Is the Most Neglected Channel
Webform intake is a neglected security channel. Traditional security postures are insufficient; attackers target workflows designed for convenience, necessitating a cross-functional review and cost-raising defense strategies over new tech purchases.
Chat Widget Abuse and the New Front Door
Chat widget abuse is rising, hitting the messy intersection of AI governance, contact center ops, and identity verification. Organizations need a dedicated function to manage this new 'front door' security threat.
Competitive Sabotage by AI Agent: When Adversaries Book Fake Jobs With Your Rivals
A new fraud pattern uses AI agents to book fake jobs with competitors, creating significant financial, reputational, and operational costs. Detection relies on aggregated data, while defense requires operational adjustments and proactive legal strategies.
Eleven Questions to Answer Before You Deploy an AI Agent
Jeff Lever presents a critical decision framework for executives. These eleven technical and operational questions must be answered before any AI agent moves from beta to public deployment.
Email Spoofing Has Not Stopped Being a Problem
Email spoofing persists as a critical threat, not due to a lack of defensive tools, but because of vulnerable contact center integration points. Attackers exploit workflow seams designed for convenience, necessitating proactive hardening rather than reactive fixes.
The Quiet Threat of SMS Pumping in Customer Workflows
SMS pumping is a growing threat, but defending against it requires more than just understanding the problem. Learn how to build layered defenses that make attacks too costly for adversaries.
Why 'Human Escalation' Isn't a Security Control
Escalation to a human agent is often cited as a safety net, but in reality, it is a liability transfer. Jeff Lever argues why humans are the weakest link in authentication and how to build real controls.
A Framework for Categorizing Communications Threats
Vercon's Director explains how to fortify communications security, focusing on workflow vulnerabilities that allow single inbound interactions to trigger sensitive actions. Learn why current threats compel a strategic, executive-level approach.
When AI Agent Logs Become Discovery Evidence
AI agent logs are becoming crucial discovery evidence in fraud cases. This article explores why AI-facilitated attacks are escalating, how they exploit operational gaps, and practical steps organizations can take to build defensible controls.
What the Recent Change Healthcare Aftermath Taught About Communications Recovery
The Change Healthcare aftermath showed us that communications recovery has its own long timeline, often outlasting system repairs. Planning for that "long tail" of inbound confusion and fraud risk is a critical, often-overlooked aspect of disaster response. Learn what effective d
Securing the Communications Perimeter in an Agentic World
Vercon Founder Jeff Lever outlines why the communication channel is the new security perimeter and how agentic AI forces a total rethink of enterprise defense strategy.
What an Executive Communications Risk Brief Should Contain
A deepfake CEO urging a wire transfer is no longer fiction. What does defensible security look like in an era where identity is under relentless attack? Organizations must synthesize AI governance, contact center operations, and identity verification into a coherent defense.
Conversational Prompt Exploitation in Practice
Vercon's Director of Threat Research & Intelligence explains conversational prompt exploitation (CPE), detailing how attackers target contact center workflows. Learn practical defenses against sophisticated impersonation attempts and why proactive, friction-adding controls are critical.
Why You Should Stress-Test Your AI Agent Quarterly
Effective defense for AI agents shifts from periodic testing to continuous operational requirements. Attacker tooling is cheap, channels are expanding, and regulators are attentive, making proactive, layered controls essential to raise the cost of attack for adversaries.
The Underdiscussed Risk of AI Agent Memory Across Calls
AI agent memory across calls introduces a novel risk. Fraudsters aggregate seemingly innocuous details across disconnected interactions to bypass authentication and execute sophisticated social engineering attacks. This requires a shift in security posture.
The First Hour After an AI-Driven Breach: An Executive Playbook
A compressed incident-command guide for the C-suite. Learn the critical steps to contain AI-driven breaches, from channel hardening to regulatory disclosure, in the first 60 minutes.
How Restoration Companies Can Harden Their First Notice of Loss
Hardening a restoration company's First Notice of Loss (FNOL) is no longer an edge case. Attackers exploit convenience features and cross-functional gaps with increasing sophistication, using tools like SIM swap and voiceprint replay.
Disaster Surge Plans That Account for AI Channel Failure
Brandon Stowe, Director of Communications Defense Strategy at Vercon, breaks down why disaster surge plans accounting for AI channel failure are critical, emphasizing practical steps for security leaders to address evolving threats.
A Practical Approach to Verified Identity Manipulation Defense
Vercon's Director of Threat Research & Intelligence details a practical approach to defending against Verified Identity Manipulation (VIM), focusing on contact center vulnerabilities and actionable steps for mitigation. The focus is on specific technical mechanisms and raising attacker costs.
Web Chat Widget Hijacking: The Quiet Supply-Chain Risk Most Sites Have Not Audited
Web chat widgets are often the largest piece of third-party code on a site, running with full trust, yet rarely audited. Recent supply-chain incidents like Polyfill.io highlight the significant risks when third-party trust erodes, turning the widget's access into a potential atta
Four Companies, One Lesson: Build Security Into the Product, Not Around It
Jeff Lever shares a hard-won founder's lesson: retrofitting security costs 5-10x more than building it in. Explore how product-led security defines the architecture of resilient enterprises.
What Insurance Carriers Should Ask Their AI Vendors
AI integration is not just a technological upgrade for insurance carriers; it's a fundamental shift in risk posture. Understanding the right questions to ask AI vendors is critical for securing operations, maintaining customer trust, and ensuring regulatory compliance.
The Limits of Voice Biometrics in 2026
The limitations of voice biometrics in 2026 are primarily driven by workflow assumptions, not technology, as generative AI reduces the cost of credible impersonation. Effective defense focuses on increasing attacker friction through process adjustments and targeted controls.
Why Multi-Location Brands Need Centralized Intake Security
Addressing multi-location intake security requires a coordinated approach across IT, operations, and product teams. The threat pattern targets convenience-designed workflows, demanding friction-raising controls rather than just new tools.
The Recent Wave of Vishing Attacks on Help Desks Has Not Slowed
Vishing attacks on help desks continue to pose a significant threat. New incidents underscore the need for redesigned verification processes that shift the burden from human operators to automated workflows, raising the cost for attackers.
The IVR as an Untrusted Boundary
Vercon's Director of Communications Defense Strategy, Brandon Stowe, discusses why IVR systems are becoming a critical security boundary. He covers the confluence of AI governance, contact center ops, and identity verification, offering practical advice for defense and next steps.
How Surge-Aware Routing Reduces Fraud Exposure
Attacker tooling is cheap, more channels are in production, and regulators are paying attention. It's time to intentionally add verification steps and set escalation rules that slow down under pressure.
Customer Spoofing in the Wireless Carrier Channel: A Field Report
Customer spoofing, where an attacker calls a company pretending to be one of its customers, presents the most common entry point for high-impact fraud. It thrives not on advanced technology, but on the tension between customer service helpfulness and authentication rigor, a dynam
The Case for a Dedicated Communications SOC Function
Attackers are now bypassing traditional network defenses by targeting communications infrastructure and human interaction points. A dedicated communications security function is now critical, not optional, to address this rapidly evolving threat landscape.
Tabletop Exercises for AI-Era Communications Incidents
Curious what a 'secure enough' posture looks like today? It's not about the tech, it's about workflow, friction, and validating every decision a single interaction can trigger. Getting practical about AI-era comms incidents.
What Happens When Your Chatbot Becomes a Witness
Vercon's Director of Threat Research & Intelligence dissects the critical issue of automated contact center agents acting as testimonial evidence, focusing on the systemic vulnerabilities arising from siloed team ownership and attacker exploitation of convenience workflows.
A Vendor Risk Checklist for AI Voice Providers
The convergence of AI, contact center operations, and identity verification presents a critical, evolving risk. Effective defense against AI voice impersonation demands a dedicated function and a strategic approach to raising the cost for attackers, ensuring robust security in an
The Quiet Erosion of Trust in Inbound Phone Channels
Vercon's Director of Communications Defense Strategy, Brandon Stowe, discusses the quiet erosion of trust in inbound phone channels. He offers practical steps for operations and security leaders to defend against sophisticated attackers, focusing on increasing the cost of successful attacks.
What an AI Agent Pen Test Should Actually Cover
AI agent pen testing is now an operational imperative. Attackers exploit convenience workflows. Effective defense raises the cost of attack, a principle proven across security, but requiring careful application to customer-facing AI.
The Recent Ransomware Disclosure at a Major Retailer Was a Communications Test
The recent ransomware attack on a major retailer showed how crucial communications are during a crisis. It's not just about technical recovery; it's about how companies talk to customers when things go sideways.
The Underrated Risk of Voicebot Outbound Campaigns
The rise of AI-powered outbound campaigns redefines contact center fraud, leveraging workflow vulnerabilities rather than merely technological ones. Attackers exploit processes designed for convenience, necessitating a proactive, unglamorous defense strategy focused on raising th
The Recent Ferrari Deepfake Attempt and the Discipline of the Skeptical Question
Vercon's founder on the Ferrari deepfake attempt and why building a culture of skeptical questioning is now an operational imperative, not just a security concern. It was a close call, and it offers a crucial lesson.
Voice Cloning Has Crossed an Affordability Threshold
Voice cloning isn't an edge case anymore; it's a practical threat impacting operations. Effective defense means raising the cost for attackers, often through workflow changes, not just new tech. Learn how a small review can identify critical vulnerabilities.
Designing Fallback-to-Human in AI-First Workflows
Vercon's Director of Threat Research & Intelligence explains why designing fallback-to-human in AI-first workflows is critical now, detailing prevalent threat patterns and effective defense strategies.
The Compliance Case for AI Intake Logging
The convergence of AI, pervasive communication channels, and heightened regulatory scrutiny demands a fresh look at contact center security. Organizations must move beyond reactive measures to proactively log and audit AI-powered intake.
Why Contact Center QA Programs Miss Fraud Indicators
It's getting harder to defend contact centers from fraud. Bad actors are using cheap, powerful tools, and the old QA programs just aren't cutting it anymore. This piece explains why your QA might be missing the signs and what you can do about it.
Cross-Channel Pivots: How One Email Becomes a Voice Attack
Ever wonder how an email becomes a voice attack? It’s not about the tech, it’s about your workflows. Companies are scrambling to define what a real defense looks like as generative AI makes credible impersonation almost free. This isn't just a security problem; it's operational w
When AI Agents Promise Things They Cannot Deliver
AI agents promising actions they cannot deliver presents a significant and evolving threat. This pattern requires cross-functional controls and a focus on raising the cost of attack within established workflows.
The Difference Between AI Safety and AI Security in Customer Channels
The crucial distinction between AI safety and AI security, and how to effectively manage both, is a frequent point of inquiry. This exploration is for the security lead, operations director, or chief of staff seeking actionable insights for strategic discussions.
The Coinbase Voice Phishing Wave and What It Revealed About Consumer Voice Trust
A deep dive into the Coinbase voice phishing wave reveals how attackers exploit consumer trust in caller ID and timing, undermining legitimate communication channels for financial gain. We explore how this pattern impacts consumer behavior and outlines effective defensive strateg
What a Modern Communications Threat Model Looks Like
A modern communications threat model assesses the contact center as an unauthenticated API, where sophisticated attackers meticulously map workflows to convert convincing calls into exploitable outcomes, often targeting recovery or override processes.
The Financial Services Wire-Verification Conversation
Financial institutions face evolving threats in wire transfer verification. This article details practical defensive strategies focusing on raising attacker costs through layered controls and process re-engineering, rather than relying on single-point solutions. It is critical to
How Home Services Companies Get Targeted by Lead Fraud
Brandon Stowe, Vercon's Director of Communications Defense Strategy, discusses lead fraud in home services, emphasizing workflow over technology and sharing practical advice for hardening defenses against increasingly sophisticated attacks.
What the Snowflake-Linked Customer Breaches Say About Vendor Communications Risk
Recent cloud service provider breaches underscore the chaos of vendor communications. Effective defense means proactively agreeing on communication channels and verification methods with critical vendors before an incident forces a chaotic, reactive, and often exploited response.
Legal Intake Lines Are an Underestimated Attack Surface
Vercon's Director of Threat Research & Intelligence details how legal intake lines have become a critical, yet underestimated, attack surface. Attackers exploit convenience-based workflows using increasingly sophisticated synthetic agents, demanding a re-evaluation of security postures.
Healthcare Intake and the New Class of AI Risks
Healthcare intake at the convergence of AI risks presents unique challenges. Attack tooling is cheap, channels proliferate, and regulators are taking notice, making proactive AI security paramount. The most effective defenses involve dedicated teams raising the cost for attackers
The Insurance Industry's Quiet Vishing Problem
The insurance industry faces an escalating vishing problem, driven by cheap attacker tooling and complex internal workflows. Robust defense requires strategic friction points where attackers cannot leverage publicly available data.
Designing Escalation Paths That Survive Surge Events
Vercon's Brandon Stowe discusses how to build effective escalation paths that withstand surge events and impersonation attempts, focusing on practical steps and cost-raising defense strategies for contact center resilience.
Why Verified Caller Frameworks Still Leave Gaps
Caller verification systems, though designed for security, often leave critical vulnerabilities exposed by misplacing emphasis on technology over workflow. The true challenge lies in workflow decisions triggered by single inbound interactions, a problem exacerbated by cheap attac
The Quiet Risk of Voicemail-to-Text in Intake Workflows
Voicemail-to-text brings a quiet, significant risk to intake workflows. Attackers exploit these channels, often designed for convenience, bypassing traditional security. Effective defense requires cross-functional review and workflow adjustments.
How to Prepare Contact Centers for AI-Era Abuse
It's time to build a robust defense for your contact centers against new AI-powered threats. Understand why this is critical now, what the threats look like in practice, and how to implement effective defenses by raising the cost for attackers.
The Snowflake-Linked Breaches and the Customer Notification Failure That Followed
The Snowflake-linked breaches exposed significant flaws in modern incident communication, demonstrating how multi-vendor compromises create chaotic disclosure timelines, enabling follow-on fraud. Understanding these systemic failures is crucial for future readiness.
AI Impersonation Across Phone, Email, and Chat
Omnichannel impersonation, once a quarterly concern, is now an operational imperative. Generative AI makes credible impersonation almost free, requiring organizations to implement practical, high-friction defenses in critical workflows like recovery and manager overrides.
Lessons From the Recent Wave of AI-Generated Voice Scams Targeting Families
AI voice cloning isn't just a consumer scam anymore; it's a preview of the threats enterprise contact centers face. Brandon Stowe discusses practical defenses, focusing on process changes over tech fixes to raise the cost for attackers.
Why Traditional Cybersecurity Misses Voice Risk
Traditional cybersecurity often overlooks voice risk, but attackers are wise to the gap. Learn why standard security measures fall short and what practical steps you can take to make your organization a harder target.
Intake Fraud in Restoration and Emergency Services
Intake fraud in restoration and emergency services is less about technology and more about workflow vulnerabilities. Organizations must scrutinize actions authorized by single inbound interactions to counter evolving Synthetic Caller Threats.
Securing Franchise Communication Networks
Securing franchise communication networks has become an urgent operational task. Attackers exploit gaps between IT, operations, and product teams, often targeting workflows designed for convenience like after-hours intake. Effective defense focuses on workflow changes to raise th
How to Audit an AI Voice Agent Before Deployment
This article details how to audit AI voice agents before deployment, focusing on the need for rigorous security at the intersection of AI governance, contact center ops, and identity verification. It outlines evolving threat patterns, principles of effective defense, and practica
The Hong Kong Deepfake Wire Transfer One Year On: What Changed and What Did Not
A year after the Hong Kong deepfake wire transfer of $25 million, Vercon's Director & Principal Marcus Lattimore revisits the case, dissecting what has and hasn't changed in organizational defenses and threat landscapes.
The Executive Case for Communications Resilience
A defensible posture against sophisticated impersonation requires understanding contact center workflows through an attacker's eyes. It's about raising the cost of attack, a principle as old as security itself, applied to new threats.
Social Engineering Against Virtual Agents
Vercon's Director of Threat Research & Intelligence, Lisa Hawkins, analyzes the evolving threat of social engineering against virtual agents, detailing practical defenses and outlining next steps for organizations facing this challenge.
Prompt Injection Risks in Customer Intake
Vercon's Director of Threat Research & Intelligence details prompt injection risks in customer intake, focusing on workflows susceptible to AI agent compromise and the necessity of raising attack costs. This requires procedural rigor more than new tech.
How AI Receptionists Can Be Manipulated
AI receptionist manipulation has escalated from an edge case to an immediate operational risk. Current controls often fall short, necessitating a re-evaluation of security postures across IT, operations, and product teams. The key to defense lies in raising the cost for an attack
The Hong Kong Deepfake Wire Transfer and What It Changes
A recent $25 million deepfake wire transfer in Hong Kong signals a critical shift: synchronous video is no longer a strong verification signal. Learn how out-of-band verification and raised authentication costs are now essential.
Building a Communications Security Program
Communications security is a growing risk, positioned at the intersection of AI governance, contact center operations, and identity verification. Organizations need a dedicated function to address these evolving threats, as reactive approaches are no longer sufficient.
Why Omnichannel Fraud Is Hard to Detect
Omnichannel fraud isn't a quarterly agenda item anymore; it's daily ops work. Bad actors are laser-focused on specific, often overlooked, workflows designed for convenience, not security.
Smishing at Scale: USPS and Toll-Authority Impersonation Has Changed the SMS Threat Model
Vercon's Director of Threat Research & Intelligence, Lisa Hawkins, dissects how widespread USPS and toll authority smishing has structurally redefined SMS trust, detailing attacker mechanisms, consequences, and what organizations can do.
Synthetic Identity Attacks in Service Businesses
Attacker efforts to establish and exploit synthetic identities within service businesses pose a significant and evolving threat. Lisa Hawkins, Vercon's Director of Threat Research & Intelligence, outlines a practical, layered defense strategy.
The Problem With Trusting Caller ID
Caller ID is no longer a reliable identity signal for contact centers. Its inherent vulnerability creates systemic risk by enabling attackers to exploit trusted workflows for high-value operations.
AI Agent Red Teaming for Voice and Chat Systems
Vercon's Director of Threat Research & Intelligence details the critical shift in AI agent red teaming from edge case to operational imperative, focusing on practical, actionable strategies for securing voice and chat systems against evolving threats and advanced impersonation attacks. The article
Contact Center Resilience During Disaster Surge Events
Disaster surge events are pushing contact center resilience to the forefront. Organizations are grappling with the intersection of AI governance, identity verification, and contact center operations, often lacking a unified function to manage these converging threats.
How Fraudsters Exploit Emergency Intake Workflows
Vercon's Director of Threat Research & Intelligence details how fraudsters exploit emergency contact center workflows, describing specific techniques like SIM swap, ANI spoofing, and prompt injection, and outlining effective, cost-aware defense strategies.
Human-AI Handoff Failure in Customer Service
Human-AI Handoff Failure (HAF) in customer service represents a growing threat, as adversaries exploit the seams between automated and human interactions to bypass security controls. Effective defense requires layered controls and a disciplined approach to raising attacker costs.
Help Desk Vishing After MGM: The Pattern That Has Not Gone Away
Attackers continue to exploit help desk vulnerabilities, refining vishing tactics like voice synthesis and precise targeting to bypass weak verification protocols. The defense requires organizational changes, not just technical, to counter sophisticated impersonations and prompt
Why SMS, Email, Chat, and Voice Must Be Secured Together
Securing SMS, email, chat, and voice isn't just a tech problem; it's about controlling what decisions a single interaction can trigger. With attacker tools cheaper than ever, it's now a daily operational challenge, not just a quarterly review item.
Deepfake Callers and the Future of Identity Verification
Deepfake callers demand a cohesive strategy spanning IT, operations, and product. The threat exploits critical gaps between these domains, often within workflows designed for convenience, necessitating a coordinated review over mere tool purchases.
Voice Denial of Service: The Next Contact Center Threat
Voice Denial of Service (VDoS) is rapidly becoming a top concern, intersecting AI governance, contact center ops, and identity verification. It's no longer just a 'security team problem'-it's operational. Companies that prioritize defense now, by 'raising the cost' for attackers,
The T-Mobile SIM Swap Settlement and the SMS Trust Problem
The T-Mobile SIM swap settlement means it's time to rethink trusting SMS for verification. Brandon Stowe breaks down the SIM swap threat pattern, what effective defense looks like, and practical next steps for securing your systems when SMS is no longer enough.
The Hidden Risk of AI-Only Customer Intake
AI-only customer intake paths present critical vulnerabilities for sophisticated attackers. Learn how to identify and defend against evolving threat patterns, focusing on deliberate, cost-raising verification steps rather than reactive measures.
How Contact Centers Become Attack Surfaces
It's time to talk about how contact centers become attack surfaces. This isn't just a security team's problem anymore; it's operational work. Building effective defenses isn't about stopping every attempt, but raising the cost for an attacker until they move on.
Why AI Voice Agents Create a New Security Perimeter
AI voice agents introduce a new security perimeter, driven by automated decisions and attacker technique. This demands a re-evaluation of trust boundaries in voice channels, prioritizing workflow hardening over tool acquisition to defend against sophisticated impersonation and so
What Is Synthetic Caller Injection?
Wondering what synthetic caller injection is and what a strong defense looks like? This isn't an edge case anymore. It's operational work, demanding new approaches beyond your typical comms security tools.
What the Internet Archive Breach Tells Us About Communications Trust
The Internet Archive breach wasn't just about compromised credentials; it illuminated a critical vulnerability in communications trust. Organizations must proactively define secure communication channels and assume every public statement will be cloned by adversaries.
The MGM and Caesars Vishing Playbook, One Year Later
A year after MGM and Caesars were breached via vishing, the adversary playbook remains effective due to exploited convenience in internal workflows. This analysis outlines the threat pattern and offers practical steps for hardening defenses.
Inside the Twilio Authy Breach: What Happened, What Did Not, and What It Means for SMS Trust
Vercon's Director of Communications Defense Strategy breaks down the Twilio Authy breach, explaining what a phone number tied to an MFA app means to attackers and why SMS remains a soft spot for identity verification.
What the CrowdStrike Outage Revealed About Communications Surge Capacity
That CrowdStrike outage showed us something critical: every affected organization's contact center saw its yearly call volume in a single morning. This isn't just about security anymore; it's an operational challenge that demands a fresh look at your communication surge plan.
The Ascension Health Outage Was a Communications Continuity Failure
When core systems go down, communication continuity is often overlooked. Ascension Health's outage highlighted how a breakdown in communication can compound an already critical situation, affecting patient care and organizational integrity. It's time to treat communications plann
Air Canada and the New Liability of Hallucinated AI Intake
The Air Canada ruling reveals that a chatbot's fabricated statements create legal liability for the organization. AI agents function as an integral part of your intake surface; their communication is legally binding. This necessitates robust adversarial testing and continuous mon
110 entries · archive runs from Feb 2024 to Jun 2026.