The AI Paradox: Faster Threats & Workforce Risks

On the 25th episode of Enterprise AI Defenders, hosts Evan Reiser and Mike Britton, both executives at Abnormal Security, talk with Joshua Brown, former Vice President and Chief Information Security Officer at H&R Block. H&R Block is one of the largest tax preparation companies in the United States, with tens of millions of customers relying on its services yearly. Managing security for a global tax enterprise requires defending against large-scale fraud, identity theft, and AI-powered social engineering attacks—all while ensuring compliance with strict regulatory requirements. In this conversation, Joshua discusses how AI is accelerating cyber attacks, the challenges of using AI for fraud detection in financial services, and the impact of automation on the next generation of cybersecurity teams.

With AI accelerating cyber threats, financial fraud, and workforce transformation, security leaders must rethink how they defend against increasingly sophisticated attacks. As fraudsters leverage AI to automate reconnaissance and adapt their tactics, traditional detection methods struggle to keep up. At the same time, automation is reshaping security teams, raising concerns about how organizations will develop the next generation of cybersecurity professionals. Joshua compares today's AI-powered attackers to the rise of script kiddies, who used pre-built tools without fully understanding them. "AI is enabling people to leap forward in what they're able to do as attackers. It makes it easier and faster, which concerns me," he explains. Attackers can automate reconnaissance, generate compelling phishing and smishing campaigns, and launch attacks in minutes. "They can register a domain, find everything about a target, and send out a phishing email—all automatically, all within minutes." This acceleration means security teams can no longer rely on traditional detection methods. Joshua emphasizes the shrinking timeline between attack execution and response, warning that organizations must move beyond reactive security measures and adopt AI-driven threat intelligence to keep up. "What we were seeing already, just in the last year, was a proliferation of much more sophisticated phishing attacks, smishing attacks—like all of the 'ishings.' A lot of them, you could tell, were AI-generated, but they can go from registering a domain and sending out that first attack in a matter of minutes."

As cyber criminals automate fraud operations, financial institutions must augment their security frameworks to pace. Joshua shares a real-world example from H&R Block, where AI-driven identity theft surged during tax season. "All the information you need to file with the IRS is already out there. Social security numbers, former places you've lived—all of it. And all of those knowledge-based questions that platforms used to validate that you are who you say you are can be easily gamed." Even when security teams deploy machine learning models to detect fraud, attackers adapt quickly. "We trained a machine learning model on one year’s fraud data, and it worked well. Then we fed it the next year’s data, and it was garbage. The fraud patterns had completely changed." This highlights a significant challenge in fraud prevention—AI-driven fraud is dynamic, not static. Organizations can't rely solely on past fraud patterns, as criminals continuously adjust their methods. "If you're talking about a normal year, you might see a thousand potentially fraudulent returns, and then suddenly it jumps to a million or more. You don't have enough analysts to look through that. It's not possible. You have to do something with machine learning or AI to be able to narrow that down and help make faster decisions."

Beyond attacks and fraud, AI is transforming the cybersecurity workforce itself. While AI and automation improve security efficiency, Joshua warns they may also disrupt the pipeline for future security leaders. He compares this shift to AI copilots in software development, where businesses aim to boost productivity. "Businesses are using AI to boost productivity by 20 to 30 percent. But will they use that to build more things, or will they just reduce headcount by 20 to 30 percent?" The same concerns apply to cybersecurity. If AI eliminates entry-level security tasks, how will junior employees gain the experience they need to become senior leaders? "If we're not careful, we're going to end up with a senior workforce and no way to develop new security talent." Joshua also emphasizes the importance of workforce development alongside automation. He highlights how H&R Block built a diverse talent pipeline, bringing in second-career professionals, ex-military personnel, and even an undercover narcotics officer who transitioned into forensics. "We want AI to remove repetitive work so that our best people can focus on big problems. But if we don't think ahead, we may end up without a pipeline of future experts."

Joshua's insights highlight a critical turning point for cybersecurity. While AI is accelerating threats and reshaping the workforce, it also presents an opportunity to enhance security operations, improve fraud detection, and empower teams to focus on higher-value work. However, Joshua warns that this shift must be handled strategically. Organizations prioritizing efficiency over talent development may have a knowledge gap that AI alone cannot fill. "We already have a talent shortage in this industry. AI can help, but it could worsen the problem if we don't think ahead." The future of cybersecurity will belong to those who balance automation with mentorship, ensuring that AI strengthens security teams rather than replacing the next generation of leaders. "You need those people to be able to grow and learn, and we already have a talent shortage in the industry. AI can help, but it could also really hurt long term if we're not careful." By embracing AI thoughtfully, investing in workforce development, and adapting to evolving threats, security leaders can build a more resilient future where technology enhances security without undermining the expertise that makes it effective.

‍

Listen to Joshua's episode here and read the transcript here.