In this episode of Full Tech Ahead, host Amanda Razani sits down with Patrick Sayler to explore the growing threat of AI-powered social engineering. As Director of Social Engineering at NetSPI, Patrick has seen firsthand how attackers exploit human psychology to breach even the most secure systems. From SMS phishing to voice cloning and Deepfakes, he explains how the lines between real and artificial are becoming increasingly blurred.

Patrick’s insights offer a sobering reminder that while cybersecurity defenses continue to evolve, the human element remains the most vulnerable link. He shares real-world examples from his work simulating attacks on major enterprises, along with practical advice for business leaders looking to strengthen their organizations against manipulation and deception.

Summary

Patrick Sayler, Director of Social Engineering at NetSPI, discusses the rising threats of SMS phishing and AI voice cloning. He highlights that SMS phishing is increasingly common, while AI voice cloning allows attackers to impersonate individuals using short audio clips. Saylor emphasizes the importance of secondary verification methods like email or Slack to prevent scams. He notes that phone calls remain a significant blind spot for security measures. For proactive defense in 2025, he recommends continuous training and phishing exercises. He also shares a personal anecdote about bypassing multi-factor authentication using a lab coat and mask, underscoring the human element's vulnerability to social engineering.

Key Quotes

• "AI voice cloning is the new big, big, hot thing to look out for."
• "Even with advanced technology, people remain the weakest link."
• "You can't trick someone if they don't respond to it."
• “The easiest way to stop it is to just not answer your phone.”
• “Phone calls are the biggest blind spot for both people and organizations.”
• “These attacks aren’t new — the barrier to entry is just lower now.”
• “You can’t trick someone if they don’t respond to it.”

Takeaways

• Voice cloning is the next major frontier in cyber deception.
• Secondary verification (e.g., Slack, Teams, or email) is critical before acting on phone requests.
• Continuous training and simulated phishing campaigns build awareness and resilience.
• Report incidents immediately—don’t hide mistakes.
• Human behavior is the weakest link, not technology.
• Low-tech methods still work because attackers exploit trust, not just tools.
  
  

Timestamps

• [00:00] Introduction to Patrick Sayler and NetSPI
• [01:20] Trends in social engineering: SMS phishing and AI voice cloning
• [02:50] How to defend against AI-driven deception
• [04:10] Human blind spots and phone-based attacks
• [05:30] Proactive social engineering defense for 2025
• [07:00] Financial fraud and voice cloning
• [08:20] Deepfake video risks and a real-world case study
• [10:00] Final takeaway: “Don’t talk to people — let it go to voicemail.”

Links/Resource

Website: netspi.com - https://www.netspi.com/

LinkedIn: Patrick Sayler - https://www.linkedin.com/in/psayler/

Podcast: Full Tech Ahead — Hosted by Amanda Razani

Find Amanda Razani on LinkedIn. https://www.linkedin.com/in/amanda-razani-990a7233/