AI Risk Hub · 5 Threat Categories

AI risks for Canadian SMBs.

Five threat categories, Canadian context, and the free or low-cost controls that stop them. Written for business owners, not security researchers.

5 categories

What you are up against

Each section: how the attack works, real examples, the Canadian context, and what to do about it.

🎭

01.Deepfake Voice & Video Cloning

Attackers use AI to clone the voice or face of an executive, supplier, or known contact to authorize a wire transfer, password reset, or other sensitive action.

Real examples

CEO calls the finance team asking for an urgent wire transfer to a new supplier account
Vendor calls with a payment-redirection request, voice sounds exactly like the real contact
Helpdesk receives a video call from 'the CFO' asking to add a new MFA device

First line of defense

Mandatory callback verification on a known phone number

Free / low-cost protections

Reduce public voice/video footprint: opt out of voice data collection, watermark published videos
Establish a 'safe word' pattern between executives and finance staff for sensitive requests
Run quarterly tabletop exercises simulating a deepfake call

📤

02.Shadow AI / Data Leakage

Employees paste customer PII, source code, financial data, or confidential business information into public AI tools. The data may now be in the model's training set or stored on the vendor's servers — a real risk of significant harm (RROSH) under PIPEDA.

Real examples

Support agent pastes a customer complaint (with name + email + order history) into ChatGPT to draft a reply
Developer pastes proprietary code into Claude to 'refactor it'
HR pastes a confidential employee review into Gemini to 'summarize the feedback'

First line of defense

Enterprise AI licences with no-training guarantees + DNS-level block of public AI tools

Free / low-cost protections

Disable 'Improve the model' / 'Help train our AI' in user settings for ChatGPT, Claude, Gemini, Copilot
DNS-level block of public AI tools via NextDNS or Cloudflare Gateway (free tier)
Browser AI-blocking extensions (uBlock Origin with custom rules for chat.openai.com, claude.ai)
Deploy M365 Copilot audit logs so admin can see what users are sending to AI

🧬

03.Prompt Injection

Attackers hide instructions in documents, emails, or web pages that hijack AI assistants (Copilot, ChatGPT, custom AI agents) into doing things the user didn't intend — bypassing safety controls or exfiltrating data.

Real examples

Malicious instructions in PDF attachments processed by an AI assistant
Hidden white-text on a web page scraped by an AI agent
Email containing instructions read by an AI email assistant

First line of defense

Treat all AI outputs as untrusted; never let AI assistants take actions without human review

Free / low-cost protections

Awareness training: include prompt injection in your annual security training
Disable auto-actions on AI assistants (require human approval for send, delete, transfer, share)
Use AI vendors that publish their prompt-injection mitigation strategies
Test your AI workflows with adversarial inputs before deploying them in production

🎣

04.AI-Generated Phishing

LLMs let attackers produce polished, contextually accurate phishing emails at scale — in any language, with perfect grammar, mimicking internal voices. The volume and quality of phishing has surged in 2025-2026.

Real examples

Spear-phishing email referencing an actual project name and team member (scraped from LinkedIn)
Polished fake invoice from a 'vendor' whose email domain differs by one character
Multilingual phishing — attackers now write fluent French, Mandarin, and Spanish lures automatically

First line of defense

DMARC, DKIM, SPF on your domain + email filtering that sandboxes links

Free / low-cost protections

Enforce DMARC (p=quarantine or p=reject) on your sending domain
Annual phishing simulation with a click-rate KPI tracked over time
Require out-of-band verification for any payment-detail change (call back on a known number)
Use email security that rewrites and sandboxes links (Microsoft Defender for Office 365, Proofpoint, Avanan)

🛠️

05.AI-Generated Malware

Generative AI lowers the bar for creating polymorphic malware, evading detection, and automating reconnaissance. Expect more attacks, more variants, and faster evolution.

Real examples

Polymorphic malware that rewrites its own code to evade signature-based antivirus
Automated vulnerability discovery using LLMs to read source code and write exploits
Deepfake-driven social engineering combined with custom-built droppers

First line of defense

Modern EDR with behavioural detection, not signature-based antivirus

Free / low-cost protections

Replace legacy antivirus with a managed EDR (CrowdStrike, SentinelOne, Microsoft Defender for Endpoint)
Application allowlisting on servers and POS systems
Disable macros and run-only-signed scripts on endpoints
Daily vulnerability scans + monthly patching SLA on internet-facing systems

Policy

Your AI Acceptable Use Policy

One page that sets ground rules for which AI tools staff can use, what they can paste in, and what gets logged.

What to include

Approved AI tools list (e.g., M365 Copilot only — no public ChatGPT)
Data classes that may never be entered into any AI tool (PII, PHI, financial, source code)
Mandatory training acknowledgement
Reporting procedure for accidental disclosure
Quarterly review by the privacy officer

What to deploy

Microsoft 365 Copilot for sanctioned AI access (no-training guarantee)
DNS-level block of public AI tools on managed devices
Audit logging on M365 Copilot activity
Awareness training that includes deepfake & prompt injection
Annual tabletop: simulated AI-related incident

Need help implementing AI risk controls?

We deploy the technical controls, draft your AI policy, and train your staff — so you can use AI safely without slowing your team down.

Book a free assessment