AI in Action Podcast: Fighting Cyber Threats with AI
Kyle Ryan, Senior Manager of Engineering and AI at Dune Security, joined the AI in Action Podcast to discuss how generative AI is fueling hyper-personalized phishing and multi-channel social engineering, and how Dune is replicating these threats to lower user risk and strengthen enterprise defenses.
Kyle Ryan, Senior Manager of Engineering and AI at Dune Security, joined the AI in Action Podcast to explore how generative AI is reshaping the threat landscape. He shared how adversaries now use AI to create hyper-personalized phishing emails, clone voices with deepfake technology, and deploy automated agents on encrypted apps like WhatsApp to manipulate users and extract sensitive data. These developments push attacks far beyond the reach of traditional filters and controls, making user-layer defenses more critical than ever.
Kyle shows how Dune Security replicates these advanced tactics through red team simulations that mirror real-world adversaries. By exposing employees to the same AI-powered social engineering techniques used by sophisticated threat groups, Dune reduces user risk, strengthens resilience, and builds defenses that stop attacks exploiting trust and routine behavior.
[Music]
Narrator:
The Aldis Podcast is brought to you by Aldis International, supplying your expert AI and digital transformation staffing needs across the U.S. and Europe.
Today you’re listening to our AI in Action series, where leading minds in AI from across the world share their stories, successes, and advice. AI in Action cuts through the hype and explores the true impact of artificial intelligence in our world today.
JP Valentine:
You’re listening to the Aldis Podcast, AI in Action. I’m your host, JP Valentine. Our guest today is Kyle Ryan, Principal Engineer and Senior Engineering Manager at Dune Security.
Kyle, welcome to the show.
Kyle Ryan:
Thank you so much for having me.
JP Valentine:
We’re delighted to have you, Kyle. Let’s start with your background. Could you give us a quick summary of your journey in technology and AI — where you got started and how you arrived at Dune Security?
Kyle Ryan:
I started my career as a data scientist at Marist University in their IT department, working on what was then just a basic chatbot using a transformer model — which, funny enough, ended up being the same foundational technology behind ChatGPT. It’s interesting that my first exposure to AI was with a technology I’m still using a decade later here at Dune.
Since then, I’ve worked at a variety of telecommunications companies in AI and ML engineering roles. I went to grad school at Fordham University and worked in research labs focused on natural language processing, robotics, and other applied AI projects.
For the past almost three years, I’ve been at Dune Security. I started as a founding engineer, and now the team has grown more than five to ten times the size it was when I joined.
JP Valentine:
Talk to us about Dune Security — who you are, what you do, and the mission of the business.
Kyle Ryan:
Everyone gets phishing emails — whether to your personal inbox or through smishing texts. I’m sure you’ve also had spam calls; some sound robotic, others sound like someone you know.
What Dune Security does is simulate these same types of social engineering attacks for our clients. These threats have become dramatically more sophisticated over the years.
Five or ten years ago, phishing emails were generic — maybe pretending to be HR offering a free Starbucks gift card or a relative asking for money. Now they’re personalized, tailored to the individual, and often slip past traditional security tools.
Anyone can look me up on LinkedIn and see that I’m an engineer and an adjunct professor at Fordham University. Attackers can use generative AI to craft a phishing email that looks like an invitation to collaborate on new research, complete with references to public information or papers I’ve published.
At Dune Security, we replicate those same tactics — safely. We run simulated phishing, smishing, and vishing campaigns that mirror real attacker behavior. We then provide organizations with a detailed reporting dashboard and deliver awareness training videos tailored to each user’s mistakes — whether they clicked a link, responded to a call, or fell for a voice impersonation.
JP Valentine:
Let’s talk about your role. You started as a founding engineer, then became Head of AI, and now you’re a Senior Engineering Manager while still being hands-on. What does your day-to-day look like, and how are you using AI to stay ahead of evolving threats?
Kyle Ryan:
Like any startup, you wear a lot of hats. I’ve worked on backend development, DevOps, infrastructure, even our own internal security. Early on, you touch a bit of everything.
Over time, my focus shifted toward advanced R&D. Just a few years ago, it would have been impossible to generate realistic AI-driven phishing emails or voice-based vishing calls at scale. That would’ve sounded like science fiction. Now, we do it every day.
We can make dozens of AI-generated calls daily and send hundreds — even thousands — of tailored phishing emails, as many as our mail servers can handle.
These models can now create authentic text and voices that sound human — complete with natural pauses and tone. If something sounds robotic, people won’t fall for it. But now these attacks sound real, and that’s what makes them so dangerous.
We’ve seen attacks become scarily accurate. Reviewing threat intelligence, it’s clear that adversaries are scaling up fast. It’s a multibillion-dollar industry, and attackers are highly motivated to stay on the bleeding edge. Our job is to match that pace on the defensive side.
JP Valentine:
Can you give us some examples — without naming names — of organizations that are benefiting from Dune Security’s work?
Kyle Ryan:
Sure. Some of our Fortune 500 clients struggled to deliver realistic, scalable threat simulations with legacy training providers. They couldn’t simulate things like phishing calls or AI-based spear-phishing emails.
With Dune, they can. We also run more advanced red-team engagements that help identify which employees create the most risk. For example, if two people in the finance department can separately initiate and authorize payments, compromising both could allow an attacker to move money undetected.
We’ve seen real-world cases where attackers use AI to build fake Salesforce portals. They send perfectly designed phishing pages that look identical to the real thing. When a user logs in and enters their MFA, their credentials are stolen — leading to massive data exposure. Those incidents can cost companies tens or even hundreds of millions of dollars.
Dune gives organizations a full picture of risk: who’s most vulnerable, what systems or data they can access, and what that means for the company’s overall exposure.
JP Valentine:
Looking ahead to the next 12 to 18 months, what are you most excited about, and what do you see as the biggest challenges?
Kyle Ryan:
The biggest change we’ll see is hyper-personalized, cross-channel attacks. Threats will move seamlessly between platforms — from email to text to voice to encrypted apps.
Take WhatsApp, for example. In much of the world, it’s the dominant communication platform. Attackers are already using AI agents to hold full conversations over encrypted messaging apps, trying to get victims to share data from personal devices — places where companies have zero visibility.
If the user then decides to call the number that’s been messaging them, the AI picks up with a cloned voice. That’s not hypothetical; we’ve seen it happen. It’s also part of our current R&D roadmap — replicating these scenarios in a controlled way so organizations can prepare.
Even if some attackers use large, manual operations, like nation-state groups with huge resources, our goal is to use AI to automate and scale these defenses. That lets us deliver realistic, high-fidelity threat simulations to help clients prepare for what’s coming next.
JP Valentine:
Final question — and it’s two parts. First, what advice would you give to AI professionals thinking about their future in this rapidly evolving field? And second, what makes Dune Security such an attractive place for top engineering talent?
Kyle Ryan:
For anyone in AI, my advice is to stay as close to academic research as possible. Read the latest papers, follow professional blogs — innovation happens daily.
AI development cycles are getting shorter and shorter. If you can take a new research breakthrough — like improvements in large language model reasoning — and quickly apply it to real-world problems in your industry, you’ll always have meaningful work.
At Dune, we attract people who love solving hard problems. We’re essentially building white-hat versions of advanced persistent threats — realistic simulations that replicate what adversaries are doing in the wild.
That means constantly figuring out how to scale these simulations, make them more convincing, and deliver them safely to tens of thousands of users.
If you’re passionate about AI and cybersecurity and want to work on challenges that truly push technical and ethical boundaries, Dune Security is an incredible place to do that.
JP Valentine:
Kyle, thank you so much for joining us today. It’s been a fascinating look into your work and Dune Security’s mission. Best of luck to you and the team — and we look forward to having you back soon.
Kyle Ryan:
Thank you — it’s been a pleasure speaking with you.
[Music]
Narrator:
Thanks for listening to The Aldis Podcast. If you enjoyed today’s episode, don’t forget to subscribe, rate, and review.
You can find us on Apple Podcasts, Spotify, and other major platforms. Visit www.aldis.com to listen to more episodes and explore open roles in AI and digital transformation.
Key Takeaways
- Generative AI has changed both the threat landscape and defense. Attackers are now using generative AI to craft hyper-personalized phishing emails, cloned voices, and multi-channel deception at scale. At Dune Security, Kyle Ryan and his team use that same technology to safely replicate these attacks, allowing enterprises to prepare their users for what’s actually happening in the wild.
- Today's attacks don't stop at the inbox. As Kyle Ryan explains, the threat is going cross-channel. AI-driven adversaries are already moving between email, text, WhatsApp, and voice calls on personal devices where organizations have no visibility. Dune’s R&D team is developing simulations to test and prepare for these off-channel threats before they strike.
- Legacy Security Awareness is Broken. Most awareness programs rely on generic videos and predictable phishing tests that users can spot a mile away. Dune Security replaces those outdated methods with realistic, context-rich simulations that mirror actual attacker behavior and drive genuine behavioral change.
- Automation is now essential to keep pace with attackers. Generative AI has removed the manual limits on both offense and defense. Dune Security uses automation to generate hundreds of thousands of realistic attack simulations daily, helping enterprises train, test, and adapt at the same speed adversaries evolve.
- Visibility into user risk is the real differentiator. Most organizations still lack a clear picture of where their user-layer risk actually sits. Dune Security gives security teams that visibility, identifying which users pose the greatest risk, what systems they can access, and how that risk could propagate, turning user behavior into measurable, actionable intelligence.
Featured Speakers
Never Miss a Human Risk Insights
Subscribe to the Dune Risk Brief - weekly trends, threat models,and strategies for enterprise CISOs.
FAQs
Complete the form below to get started.
Cybersecurity Training Gets Personal: The Dune Approach
Dune Security CEO David DellaPelle joins Wharton Tech Talks to discuss how AI and behavior-based intelligence are reshaping the future of enterprise cyber defense.
Never Miss a Human Risk Insights
and strategies for enterprise CISOs.
Ready to See Dune in Action?