The FBI recently issued an alert about the growing sophistication and financial damage of AI-powered scams. So, how did we get here — and what’s next in the evolving threat landscape? Abdul Alim, a cybersecurity pioneer with over 20 years of experience, warns that AI is lowering the barrier for cybercriminals.
Phishing attacks have become far more advanced, with AI and deepfake technology powering increasingly complex social engineering tactics. It’s estimated that 96% of organizations were impacted by such attacks in 2024.
Abdul Alim
For Abdul Alim, a cybersecurity expert with an extensive background in telecommunications and IT, this development is just the beginning.
“AI has revolutionized the way cybercriminals operate,” Alim said. “It allows them to easily bypass traditional security measures, and social engineering techniques are now more deceptive than ever before.”
The early days of digital threats
Alim’s journey in cybersecurity began back in 2004. Working at Telenor, a Norwegian telecommunications company, he contributed to building the largest cellular operator in Bangladesh. “Back then, network security was not as complex as it is now,” Alim said. “We didn’t have the same range of threats.”
Alim’s initial interest in cybersecurity began with learning about brute-force threats and social engineering tactics. Brute-force attacks, which involve trying every possible combination of a password, are difficult to pull off with complex passwords. However, social engineering — such as phishing emails that trick users into entering passwords on fake websites — was far more effective.
“I remember being fascinated by the evolving tactics of cybercriminals,” Alim recalled. “The first time I saw a phishing attack, it was a malicious email disguised as a bank update. The URL looked identical to my bank’s website, and many people would unknowingly give away their credentials. That was a wake-up call.”
Alim quickly realized that IT teams were often stretched thin and not prioritizing cybersecurity. That’s when he decided to pursue the prestigious CISSP (Certified Information Systems Security Professional) certification, which would go on to become a milestone in his career.
The evolution of cybersecurity
Alim’s transition into the cybersecurity field wasn’t immediate. Early on, IT teams were expected to handle both IT services and cybersecurity, but it quickly became clear that this approach wasn’t sustainable.
“Over time, organizations began to realize the importance of segregating the IT and cybersecurity roles,” Alim explained. “IT teams were focused on delivering services quickly and often overlooked security. It became clear that dedicated cybersecurity teams were essential.”
Alim eventually transitioned to working on a variety of high-stakes security projects, defending U.S. companies against cyber threats of all kinds.
One of his earliest challenges was dealing with a major ransomware attack in 2017. The pharmaceutical company he was working with had its systems infected, but thanks to Alim’s proactive security measures, including firewalls and patches from vendors like Microsoft, the damage was limited.
“Ransomware has only gotten worse,” Alim admitted. “Back then, it was about encrypting data and demanding a ransom. But today, it’s more sophisticated, with entire networks of hackers working together to launch these attacks. Now, ransomware is even a service you can buy on the dark web. You don’t need to be a skilled hacker anymore; you just need the money to hire someone.”
Privacy, ethics, and the future of AI in cybersecurity
The emergence of AI and machine learning technologies has made it easier for cybercriminals to launch attacks. Alim pointed out how AI enables attackers to quickly craft viruses, write malicious code, and develop new ways of infecting systems.
“With AI, attackers don’t need to rely on their own expertise anymore. They can use AI to write the code for them. They can generate a virus, then spread it through emails, text messages, or even social media. People are more likely to click on these malicious links because they trust the sender.”
Alim stressed that as AI evolves, so too will the techniques used by cybercriminals. For example, AI can be used to gather personal data and build detailed profiles of potential targets.
“AI is helping hackers gather information in ways that were impossible just a few years ago. Whether it’s through social media, email, or even compromised AI platforms, the opportunities for attackers are growing,” he explained.
With the rise of AI comes growing concerns about privacy, security, and ethics. Alim highlighted the dangers of AI systems collecting personal data from users without their knowledge or consent. This data can be used maliciously or sold to third parties for exploitation.
“AI has the power to breach personal privacy in ways that weren’t possible before. Many people don’t understand how much data they’re giving away when they interact with AI platforms. Even if these platforms claim to be secure, there’s always the risk that this data will be misused,” Alim warned.
Alim advocates for a more rigorous approach to cybersecurity, especially in AI-driven environments. “There are security measures in place to ensure AI platforms are used responsibly. For example, if someone inputs harmful content, like asking how to commit suicide, AI platforms are designed to flag it. But even then, malicious users can still find ways to exploit vulnerabilities.”
How AI Is transforming organization security
Today, Alim works with organizations to ensure their AI infrastructure is protected. Whether it’s deploying machine learning models or securing enterprise-level AI applications, he is focused on ensuring robust security at all levels.
“AI-based systems are part of the future of cybersecurity. But we need to implement layered security strategies to protect these systems. From application firewalls to encryption and identity access management, every part of an AI system needs to be secure,” Alim said.
He also emphasized the importance of encryption, both for data in transit and at rest. “When data is transferred across a network, encryption ensures that it cannot be intercepted or read by unauthorized parties. Similarly, cloud providers like Azure, AWS, and Google offer encrypted storage solutions, but we must make sure that only authorized individuals can access this data.”
AI is not just transforming how cybercriminals operate — it’s reshaping the entire cybersecurity landscape.
“We need to stay ahead of the curve. The same technology that powers innovation can also be used for malicious intent,” Alim said. He believes cybersecurity professionals like himself must ensure AI is used responsibly to safeguard both organizational and personal data.
