skip to main content
4.7/5
Customers rate us on G2
See our reviews on G2.

Insights, resources
& blogs

Discover our latest articles on cyber security and human risk management. Have a click around to explore blogs, news, tips, and more. Or subscribe to our newsletter to stay in the loop!

Loading...
Behind the Exploit

Scattered Spider and DragonForce:
A Case Study in Human-Centric Cyber Threats

In April 2025, large retailers were targeted by cyber attacks that caused disruption across their services. Although attribution is still being confirmed, indicators strongly link these attacks to Scattered Spider, a group known for aggressive, human-centric tactics and high-profile breaches.

CAI Headshot Roundel - Oliver Simonnet
By Oliver Simonnet6 May 2025
Read the article
Human Risk Management

Introducing The Human Threat Map: A Tool for Mapping and Defending the Human Perimeter

To help organisations understand and contextualise how human behaviours create risks and enable threats we have released our Human Threat Map to the public. This tool will serve as a reliable resource to help security teams build effective detections, mitigations, and interventions that defend or human perimeter.

CAI Headshot Roundel - Oliver Simonnet
By Oliver Simonnet29 April 2025
Read the article
Insights

Beyond Chat: This is the Operator Speaking
The Offensive Potential of Computer-Using Agents

Computer-Using Agents (CUAs), while intended to increase productivity, can be repurposed by threat actors for malicious use. In this post we will explore the cyber security implications of CUAs, showing how tools like OpenAI’s Operator can be manipulated to perform real-world attacks, and how we should prepare to defend against it.

CAI Headshot Roundel - Oliver Simonnet
By Oliver Simonnet16 April 2025
Read the article
Platform

Top 5 Cyber Threats CultureAI Detected in Q1 2025

In the first quarter of 2025, CultureAI’s platform detected critical or high-level risks across 50% of employees each month. This data highlights the urgent need for automated interventions to address the most common security threats.

Platform Icon
By The CultureAI Team1 April 2025
Read the article
Human Risk Management

Reflecting on the Q1 Threat Landscape: Attacks & Lessons Learned

The first quarter of 2025 has revealed critical vulnerabilities, data breaches, and novel attack vectors that highlight the importance of proactive security measures and automated interventions. Here’s a deep dive into the major cybersecurity events of Q1 and what organisations can learn from them.

Platform Icon
By The CultureAI Team31 March 2025
Read the article
Behind the Exploit

You're Not My Supervisor!
Researching My Own New Starter Scam

Within weeks of stepping into a new role, I found myself receiving multiple phishing emails impersonating our CEO. Rather than ignoring them, I thought it could be fun to play along and deep dive into the world of BEC and Gift Card scams.

CAI Headshot Roundel - Oliver Simonnet
By Oliver Simonnet27 March 2025
Read the article
Behind the Exploit

Trouble Brewing: Dissecting a fake homebrew update that stole user data

As attackers refine their techniques and the line between real and fake continues to blur, this Google Ads malware attack served as an effective case study for where human risk management could be combined with technical safeguards to protect users from these types of attacks.

CAI Headshot Roundel - Oliver Simonnet
By Oliver Simonnet5 March 2025
Read the article
Insights

The AI Hunger Games - The Rapid Adoption of DeepSeek: A Security Nightmare

With AI technologies evolving at an unprecedented pace, are we truly prepared to handle the security challenges they pose to individuals and businesses alike? Let's consider DeepSeek as a critical case study and review some issues that may arise with adoption of new AI tools.

CAI Headshot Roundel - Oliver Simonnet
By Oliver Simonnet5 February 2025
Read the article
Insights

The Future of Cyber Security Lies in Behavioural Analytics

In this article, we’ll explore what is meant by behavioural analytics, the types of attacks behaviour analytics can prevent, and how your security team can leverage these insights to improve human risk monitoring efforts.

Platform Icon
By The CultureAI Team30 January 2025
Read the article
Insights

The Growing Risk of Insider Threats in Cyber Security

In this article, we’ll explore the growing risks of insider threats, and how organisations can effectively address them.

Platform Icon
By The CultureAI Team16 January 2025
Read the article
Human Risk Management

How to Identify, Prevent, and Respond to MFA Phishing Threats

In this article, we’ll discuss the growing issue of MFA phishing attacks, highlighting the various vulnerabilities in current MFA solutions, how attackers exploit them, and the strategies that organisations can use to identify, prevent, and respond to MFA phishing threats effectively.

Platform Icon
By The CultureAI Team16 January 2025
Read the article
Human Risk Management

5 ways a Human Risk Management Platform could support SaaS Security Posture Management

In this article, we will discuss how your organisation can incorporate SSPM into its wider human risk management strategy.

Platform Icon
By The CultureAI Team8 January 2025
Read the article
Human Risk Management

Everything You Need to Know About Shadow IT

Understanding the various forms that shadow IT can take is crucial for managing and mitigating its risks. In this article, we look into how to detect and prevent shadow IT risks in your organisation.

Platform Icon
By The CultureAI Team2 December 2024
Read the article
Human Risk Management

Understanding SaaS Security: Risks and Best Practices

In this article, we’ll delve into why SaaS is so popular, what SaaS security entails, and how the associated security risks can be mitigated with the right processes and toolsets.

Platform Icon
By The CultureAI Team4 November 2024
Read the article
Human Risk Management

Separating Hype from Reality in HRM 

With the rise of HRM, a variety of new technologies have also emerged on the market. However, how do you navigate the sea of buzzwords and shiny promises to pick the solution that's right for you?

John Scott, Lead Cyber Security Researcher
By John Scott22 October 2024
Read the article
Insights

A trainer’s take: “Training alone won’t change behaviours” 

Training alone isn't enough to change security behaviours. Explore the different human error types and strategies for building a resilient security ecosystem.

John Scott, Lead Cyber Security Researcher
By John Scott22 October 2024
Read the article
Insights

Microsoft Teams Security: How Secure Is Microsoft Teams?

Businesses are increasingly asking: How secure is Microsoft Teams? This article will break down the core security features of Teams, explore its strengths, examine potential vulnerabilities, and offer practical steps to maximise security.

Platform Icon
By The CultureAI Team17 October 2024
Read the article
Insights

Security Awareness Isn’t Enough — It’s Time to Adapt 

Explore the limitations of Security Awareness Month and discover strategies for fostering a lasting cyber security culture. Learn how automation and AI-driven platforms can mitigate risks and enhance employee security behaviours.

John Scott, Lead Cyber Security Researcher
By John Scott16 October 2024
Read the article
Human Risk Management

More than a security alert: A guide to nudges

Security nudges not only help identify risks that might otherwise go unnoticed but also dramatically reduce the time needed to resolve incidents—from days to mere minutes, or even seconds.

Lexie Taylor-East, Content Marketing Manager
By Lexie Taylor-East4 September 2024
Read the article
Insights

Generative AI: Workplace Innovation or Security Nightmare

As AI becomes more commonplace, concerns about misinformation and misuse arise. So, how can we empower employees to harness AI without risking security?

Frederick Coulton
By Frederick Coulton16 August 2024
Read the article