Your organisation spent two years getting governance right. The person at the top is still wide open.
Here is a question I have started asking directors. The company has an AI policy, an asset register, an incident response plan and a board risk committee that meets every quarter. Good. Now: what protects you, personally, on your own phone, on your personal email, in your home, with your family?
Silence, mostly.
That silence is the subject of this piece.
For two years, boards have governed AI as an enterprise system. Policies. Controls. Oversight. Accountability under a named executive. I have written about that work at length, from the case that nobody had actually solved AI governance to APRA's step change letter telling every regulated entity the gaps must close.
All of it points inward. At the organisation.
Meanwhile, the individual at the top has quietly become one of the most valuable personal targets in the country. And almost nobody has done anything about it.
The controls you approved protect the company. They do not protect you.
What actually changed
The mechanics of targeting a specific, named human used to be expensive.
To impersonate a chief executive convincingly, you needed time, skill and luck. To build a relationship with a senior official and draw out secrets, you needed a trained operative and months of patience. To craft a lure tailored to one person, you had to research that person by hand.
AI collapsed all of it.
Voice cloning now works from a few seconds of audio, and a keynote, a podcast or an earnings call hands an attacker more than enough. A model can read a director's LinkedIn, their media interviews, their conference talks, the annual report and the AGM transcript, then produce a bespoke lure written in the target's own idiom.
The same tooling scales. The Age documented custom-built criminal models that craft phishing tuned to a person's psychology and fire it off at volume, no grammar mistakes, no tells. What used to be a clumsy mass email is now a precise, personalised approach produced by the thousand.
The cost of hunting one specific person fell to near zero. The persuasiveness went up.
That is the change. Not that attacks exist. That targeting a named individual is now cheap, scalable and convincing all at once.
Seniority, authority and public profile. That combination used to be a career reward. It is now an attack specification.
What the executive looks like from the other side
Think about what a senior leader actually is, seen from an attacker's chair.
Authority to move money, or to instruct someone who can. A public schedule. A documented voice and face. A network of staff trained to act on their word. A personal life running on personal devices the organisation never sees.
Every one of those is an asset to somebody.
In early 2024, a finance worker at a multinational firm, later confirmed to be the engineering group Arup, transferred about US$25 million after joining a video call on which the chief financial officer and several familiar colleagues were all AI deepfakes. One real human on the call. Everyone else fabricated. CNN reported the scam on 4 February 2024.
That was two years ago, built with what now counts as early technology. The tooling has not stood still since.
Closer to home, the reporting is blunt about where this goes. In her feature for The Age on 21 June 2026, Sherryn Groch describes criminal gangs using AI to impersonate chief executives and family members in a wave of live, hyperrealistic deepfake frauds.
Live. As in, on the call with you, answering your questions in real time.
What a honeypot looks like when it is patient
The crude version steals money. The patient version steals you.
The same Age investigation, one I was interviewed for, sets out a second threat that should worry any board with directors who hold security clearances, government relationships or market-sensitive knowledge: AI chatbots deliberately laid as blackmail or espionage traps for unsuspecting public servants and other foreign interference targets.
The mechanism is simple, and it is human. People increasingly tell AI companions things they would never say to a colleague. Security researchers cited in the same reporting warn that this turns those conversations into a ripe honeypot for a foreign actor or a criminal crew looking to extort.
Picture a director confiding in what feels like a private, tireless, helpful assistant. Picture a model on the other end, patient, harvesting, building the relationship over weeks. Nobody in the security operations centre sees a thing, because none of it touches the corporate network.
I have said this publicly for a while now, on national radio, in print, and in my own writing. The guardrails are not where people assume they are. We are all being encouraged to use these systems as though they were safe and finished, right up to the people handling the most sensitive material in the country. They are neither.
The guardrails are not where you think they are. We are told to treat these systems as safe and finished. They are neither, and the people with the most to lose are being told it the loudest.
That gap between the assumed safety and the real safety is not an abstraction. It reaches your boardroom directly.
Why your existing controls do not reach
Here is the uncomfortable structural point.
Everything the organisation built stops at the organisation's edge.
The managed laptop is hardened. The personal phone is not. The corporate email has filtering and detonation. The personal inbox does not. The office has building security. The home study does not. The staff have completed the training. The executive's teenager, who posts the family's holiday movements to a public account, has not.
The attack does not respect the boundary you spent the budget defending. It walks around it.
You hardened the perimeter. The target walked out of it every evening and went home.
I have argued for years that Australian cyber failure is a governance and culture problem before it is a technology one, right through the corporate cyber crisis and the leadership gap between boards and the people who actually run security. This is that same failure wearing a new coat. The governance matured. The threat model never followed the person out the door.
And the more visible you are, the worse it gets. A public profile is now a training set. The keynote you gave, the interview you did, the flattering profile piece. All of it feeds the model that builds the lure aimed squarely at you.
That is not an argument to disappear. Visibility is part of the job. It is an argument to govern the exposure that comes with it.
What your board should demand this quarter
None of this calls for panic. It calls for the board to extend the discipline it already applies to the enterprise so it also covers its own members and executives. Five things, in order.
- Put "protection of directors and executives as individuals" on the risk agenda. Name it explicitly. If the enterprise AI risk register has an owner but the personal exposure of the people at the top has none, you have just found the gap. Close it the way you closed the others.
- Map each senior leader's personal attack surface. Personal email, personal devices, the home network, family social media, and the public footprint an attacker can scrape in an afternoon. You cannot govern what you have never listed. Do it with consent and discretion, but do it.
- Establish an out-of-band verification rule for money and authority. Any instruction to move funds, change payment details or release sensitive information, arriving by voice, video or message, gets confirmed through a second, pre-agreed channel before anyone acts. Assume the voice and the face can be faked, because they now can.
- Brief directors on the honeypot and companion risk directly. Not a generic phishing module. A frank conversation that AI companions and unsolicited online relationships can be espionage or extortion traps, and that clearances, government ties and market-sensitive knowledge make a director a specific, named target.
- Extend the incident plan into the personal domain. If a director is deepfaked, voice-cloned or compromised at home, who do they call, what happens in the first hour, and who manages the disclosure? Decide it before it happens, not while it is happening.
Management owns the enterprise map. The board must now own the question of who protects the people reading the map.
What this is really about
The regulator has made clear that AI risk is board risk, and I have written about AI moving from a technology choice into a political and operating dependency. This is the missing half of that conversation.
The organisation is a system. You governed it. Well done.
The director is a person. Cheap to research, easy to imitate, patient to trap, and standing entirely outside the controls the board approved.
AI did not invent the executive as a target. It made the executive affordable to target at scale, and convincing enough that a real person on a real video call will wire the money.
The board hardened the company. The work now is to harden the people who run it, before somebody else demonstrates exactly why that was the gap.
If your governance protects the organisation but nobody can say what protects its directors, that's a conversation worth having.
Sources
- Sherryn Groch, "ChatGPT's evil twin: how criminals and extremists are using AI to lay traps", The Age, 21 June 2026. https://www.theage.com.au/national/chatgpt-s-evil-twin-how-criminals-and-extremists-are-using-ai-to-lay-traps-20260508-p5zv6x.html
- "Finance worker pays out $25 million after video call with deepfake 'chief financial officer'", CNN, 4 February 2024. https://www.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html
