editorially independent. We may make money when you click on links
to our partners.
Learn More
At RSAC 2026, I sat down with Rod Schultz, CEO of Bolster AI, and one message came through loud and clear: fraud is no longer a side problem — it’s now a core cybersecurity issue.
Over the past five years, the threat landscape has shifted dramatically, and much of that change is being driven by AI.
Schultz described the evolution in simple terms: what used to be opportunistic scams has become highly structured, scalable, and strategic.
Attackers are no longer just launching isolated phishing attempts — they are building full “buyer journeys” designed to guide victims from initial interaction to compromise.
These journeys mimic legitimate digital experiences, using trusted brands, realistic interfaces, and tailored messaging to increase conversion rates.
AI Lowers the Barrier and Amplifies Attacks
What makes this shift especially concerning is how AI has lowered the barrier to entry.
Sophisticated fraud techniques that once required advanced skills are now accessible to a much broader range of threat actors.
As Schultz put it, attacks that once felt like a “light rain” have turned into a storm — fast, scalable, and difficult to predict.
At the same time, skilled actors are using AI to accelerate and refine their campaigns, making them more convincing and harder to detect.
Why Fraud Is Now a CISO-Level Issue
One of the biggest changes we discussed is where fraud sits within organizations. Historically, fraud was often handled by legal or brand protection teams.
Today, that model no longer works. Schultz emphasized that fraud has quickly become a CISO-level issue because it directly impacts security outcomes.
When attackers impersonate brands and target customers, they are effectively creating new entry points into the organization — bypassing traditional defenses entirely.
Customers Become the New Attack Surface
This aligns with a broader industry shift. Attackers are increasingly targeting customers as the primary attack surface, using impersonation, phishing, and digital fraud to gain access or steal sensitive information.
In other words, the perimeter has expanded beyond corporate infrastructure to include every customer interaction.
Evasive Phishing Breaks Traditional Detection
Another factor making fraud more dangerous is how evasive it has become.
Modern phishing campaigns are no longer static. Attackers are using techniques like geo-fencing, conditional delivery, and infrastructure filtering to control what different audiences see.
A legitimate user in a targeted region may see a fully functional phishing page, while a security scanner sees nothing at all. This creates a visibility problem that makes detection and response significantly more difficult.
Inside the Brand Guardian Approach
To address this challenge, Bolster AI announced a new partnership with Akamai at RSAC, powering a solution called Brand Guardian.
The goal is to shift from reactive, page-by-page takedowns to proactive, campaign-level disruption.
By combining Bolster’s AI-driven fraud detection with Akamai’s global infrastructure, organizations can identify impersonation campaigns earlier, observe them from the victim’s perspective, and take them down at scale.
What stood out to me is how this approach reframes the problem. Instead of asking, “Is this phishing page malicious?” the focus becomes, “What campaign is this part of, and how do we stop it entirely?”
This shift is critical in a world where attackers can spin up new domains and assets almost instantly.
Measuring Impact and Exposure
Brand Guardian also introduces the ability to better understand the scope of an attack. Security leaders are increasingly asking not just whether a threat exists, but how many customers may have been exposed and for how long.
By correlating infrastructure signals and campaign data, organizations can start to quantify impact — something that has historically been difficult in fraud scenarios.
Visibility Becomes the New Battleground
Throughout our conversation, one theme kept coming up: visibility.
If attackers can control what defenders see, traditional detection models break down.
Organizations need the ability to observe threats globally, adaptively, and in real time — essentially seeing the attack the same way the victim does.
Fraud and Cybersecurity Have Converged
From my perspective, the most important takeaway is that fraud and cybersecurity are no longer separate disciplines.
They are converging into a single problem space that requires shared ownership, new tools, and a different mindset.
Treating fraud as a downstream issue or delegating it outside the security function creates gaps that attackers are already exploiting.
What Security Teams Must Do Next
As AI continues to accelerate both the scale and sophistication of fraud, security teams will need to evolve just as quickly.
That means moving beyond static defenses, investing in real-time detection and disruption, and recognizing that the customer experience is now part of the security perimeter.
The bottom line is simple: if you are not thinking about fraud as a cybersecurity problem, you are already behind.
