Why Cybersecurity Professionals Need to Start Thinking Like Spies

The Solutions Review editors are expanding on insights from an episode of The Cyber Circuit by explaining why cybersecurity professionals need to start thinking like spies.

The dominant model in enterprise cybersecurity has been seen as a technology-based problem looking for technology-based solutions. Patch the vulnerabilities. Segment the network. Deploy the endpoint agents. Buy the platform. That model is not wrong, but it is increasingly insufficient, especially when the most sophisticated threat actors operating today are not leading with exploits. They are leading with people.

This is not a new observation in counterintelligence circles. It is, however, an underappreciated one in corporate security programs. Eric O’Neill, the former FBI undercover operative whose work helped bring down Robert Hanssen, one of the most damaging spies in American history, has spent the post-government phase of his career making exactly this argument: that the tradecraft of espionage and the tactics of modern cyber-crime have converged so completely that the discipline of counterintelligence is now the most relevant lens through which to understand and respond to the cyber threat landscape. His upcoming book, Spies, Lies and Cybercrime, and his appearance on Solutions Review’s The Cyber Circuit podcast make the case in granular, actionable terms.

The Threat Landscape by the Numbers

• The estimated annual cost of cyber-crime worldwide is increasing gradually and is expected to reach 15.63 trillion U.S. dollars by 2029 [Statista].
• If the dark web economy were ranked as a national GDP, it would currently place third behind the United States and China [Cybersecurity Ventures].
• The FBI’s 2025 Internet Crime Report shows cyber-enabled crimes defrauded Americans of nearly $21 billion, with cryptocurrency and artificial intelligence-related complaints among the costliest.
• “Threat actors use generative AI to draft phishing lures, translate content, summarize stolen data, generate or debug malware, and scaffold scripts or infrastructure” [Microsoft].

The Convergence of Espionage and Cybercrime

Foreign intelligence services and organized cyber-criminal syndicates use nearly identical operational playbooks. The reconnaissance phase looks the same: scrape LinkedIn for org-chart mapping, cross-reference social media for behavioral profiling, identify high-value targets in IT or finance, and build a pretext tailored to that specific individual. The difference is in the end goal. A nation-state actor wants persistent, quiet access to intellectual property and classified data, while a criminal syndicate wants money, fast. Both of them are targeting the human before they target the system.

This is where the counterintelligence framing adds something that the conventional frame misses. Traditional security awareness training focuses on artifacts: don’t click unknown links, don’t open unexpected attachments, enable MFA. Counterintelligence training focuses on recognition: this interaction has the structural features of a recruitment or manipulation attempt. Those are different cognitive modes, and the second is more durable because it does not depend on the attacker making a specific, recognized move.

O’Neill’s four-rule surveillance framework, discussed in the episode of The Cyber Circuit and developed from his field operations work, translates surprisingly well to this context: know your target, know your environment, blend in, and expect the unexpected. Applied to threat hunting, “know your target” means understanding the specific TTPs of the adversary group most likely to come after your organization.

“Know your environment” means having genuine visibility into your own network topology, data flows, and identity estate before an incident forces you to learn it under pressure. “Blend in” describes what threat actors do when they gain initial access using legitimate credentials, which is why behavioral analytics matter more than signature detection in a world where stolen credentials are a commodity. “Expect the unexpected” is the operational mandate for purple teaming and adversarial simulation, going beyond checkbox compliance.

The Virtual Trusted Insider: Stolen Identity as Attack Vector

One of the more clarifying concepts O’Neill introduces is the “virtual trusted insider,” a user whose credentials have been compromised and who unknowingly serves as a conduit for an external threat actor operating within their account. The victim has no idea, the access logs look clean, and the behavior appears normal until behavioral analytics catches a deviation. This reframes the insider threat problem in an important way.

Security teams have historically oriented insider threat programs around intentional betrayal: the disgruntled employee, the financially motivated contractor, the recruited asset. Those cases exist and matter. But the virtual insider, created by credential theft through phishing, infostealer malware, or dark web purchase of previously breached password databases, is orders of magnitude more common. And because the entry vector appears to be a legitimate user login, perimeter-focused defenses provide no signal.

The practical implication is that identity security cannot be a bolt-on. Zero-trust architecture, least-privilege access, continuous authentication, and anomaly detection on user behavior are not premium features for mature security programs. They are baseline requirements in an environment where passwords are a commodity and MFA bypass techniques are widely documented.

Deepfakes and the Collapse of Verification

The threat that has moved fastest in the last eighteen months is the use of generative AI to fabricate trusted identities in real-time. O’Neill describes scenarios documented in reported incidents in which finance employees received what appeared to be video calls from their CFO authorizing wire transfers. The CFO was an AI-generated avatar, voice-cloned and visually rendered in real-time. This is not a future risk but an operational present, and it invalidates one of the last remaining human defenses against social engineering: the assumption that a live video call with a known person in a recognizable environment is authentic.

The response cannot be purely technical, at least not yet. Detection tooling for synthetic media is improving but remains unreliable, particularly against real-time generation. The near-term defensive posture requires process changes: out-of-band verification for any high-stakes financial or access authorization request, regardless of the requester’s apparent identity; pre-shared code words or challenge-response protocols for sensitive communications; and explicit escalation paths that do not rely on the communication channel used for the request itself.

Shadow AI and the Agentic Expansion Problem

The current wave of agentic AI adoption is creating a shadow IT problem that dwarfs the bring-your-own-device era in risk surface. Users are granting AI agents access to email, calendars, file systems, financial accounts, and communication platforms in exchange for real, visible productivity gains. The security implications of those permission grants are not.

The security problem with agentic AI is that useful agents require broad, persistent access. An agent that can book travel, process invoices, draft communications, and manage a CRM calendar needs credentials for all of those systems. When that agent runs on infrastructure controlled by a third-party provider, the organization has effectively created an externally-accessible aggregation of its most sensitive operational data, with access permissions that may not be governed, audited, or revoked on any meaningful timeline.

Organizations that do not establish AI governance policies before employees begin using consumer-grade agents will find themselves in a data loss situation that looks nothing like a traditional breach. There will be no exploit, no lateral movement, no malware signature to detect. Data will simply have left the environment through a permission that a user voluntarily granted.

The prescription here is consistent: security must be part of the AI adoption decision from the start, not retrofitted after workflows are established. That means a CISO or security consultant in the room when departments are evaluating AI tooling, not reviewing it six months after deployment.

The Skill Gap That No Platform Can Close

Every conversation about AI and cybersecurity professionals eventually comes back to the question of talent. The cybersecurity workforce gap is well-documented. What gets less attention is the specific nature of the skills that AI cannot replace in security operations.

Pattern recognition across an ambiguous social context, adversarial empathy, and the ability to model what a sophisticated human attacker is trying to accomplish rather than what signatures they leave: these are cognitive skills developed through practice in adversarial environments, not through vendor certifications or platform training. They are the skills that counterintelligence officers develop throughout their careers. They are also, not coincidentally, the skills that make the difference between a security team that catches a threat actor who has been in the environment for six months and one that does not.

AI accelerates threat detection, reduces analyst fatigue on high-volume triage, and enables faster correlation across data sources that no human team could process manually. What it does not do is replace the officer who can look at a pattern of behavior and recognize it as a recruitment attempt rather than a policy violation. That distinction matters more now than ever.

FAQ: Counterintelligence, AI Threats, and Modern Cybersecurity

Q: What is the “virtual trusted insider” threat? A credential-compromised user whose account is being operated by an external threat actor. The legitimate user is unaware of the access, and the attacker appears to the network as a known, authorized identity.

Q: What does “verify then trust” mean in practice? Any request for high-stakes action, financial transfers, credential sharing, or access grants must be verified through a separate, pre-established communication channel before the action is taken. The channel used to make the request cannot be used to verify the requester’s identity.

Q: How should organizations approach shadow AI governance? Treat it the same way mature organizations treated shadow IT: assume it is already happening, create sanctioned alternatives that meet the underlying productivity need, and implement DLP and behavioral monitoring on data egress from AI-connected applications rather than attempting a blanket prohibition.

Want more insights like these? Register for Insight Jam, Solutions Review’s enterprise tech community, which enables human conversation on AI. You can gain access for free here!