When AI-Impersonation Turns Trust into an Attack Surface
By Gil Baram and Refael Franco
Over the past year, the Center for Long-Term Cybersecurity (CLTC) and Berkeley Risk and Security Lab (BRSL), together with Fortinet, have supported an initiative entitled “AI-Enabled Cybercrime: Exploring Risks, Building Awareness, and Guiding Policy Responses,” led by Gil Baram, a Non-Resident Research Fellow at CLTC. Designed to study how AI affects daily life and human security, the initiative is examining how generative AI is transforming cybercrime — from phishing to identity theft — through a series of scenario-based workshops with diverse stakeholders worldwide.
The article below provides an overview of key insights from “Operation Black Ice,” the third in a series of tabletop exercises (TTX) conducted as part of the AI-Enabled Cybercrime initiative. Following exercises in Berkeley (December 2024) and Singapore (October 2025), the December 2025 session was held in Tel Aviv, Israel, and brought together cybersecurity leaders, executives, and government officials to explore how organizations make high-stakes decisions when AI-enabled impersonation, third-party vulnerabilities, and ransomware pressure converge.
In the article below, Dr. Baram and Refael Franco, founder and CEO of Code Blue, share an overview of key insights from the exercise.
Operation Black Ice, our third tabletop exercise, led by Code Blue, was not designed to teach leaders how ransomware works. Its purpose was more fundamental: to reveal what fails first when organizational trust becomes a technical dependency and is exploited at machine speed.
The scenario highlighted how AI-powered social engineering and deepfake capabilities enabled the initial compromise of a supplier, giving the attacker access to core business systems. As the crisis unfolded, participants faced cascading consequences: full-scale ransomware encryption, massive, verified data exfiltration, operational disruption, partner disconnection, and intense regulatory scrutiny.
The scenario deliberately combined three pressures that increasingly converge in real-world incidents: third-party fragility, extortion economics, and AI-enabled impersonation. Yet the most enduring insights had little to do with the fictional attacker. Instead, they emerged from observing how senior teams make high-stakes decisions when the information they most need is precisely what they cannot yet verify.
Deepfakes are a governance failure mode, not a detection problem
The most important lesson is easy to overlook: the “deepfake problem” is rarely solved by better deepfake detection.
In the exercise, the fictional attacker’s impersonation succeeded not because the synthetic voice was flawless, but because it exploited authority, urgency, and familiar workflows — the very conditions executives rely on to move quickly. AI-enabled impersonation is therefore best understood as a governance challenge, one of verification discipline, escalation norms, and clearly defined decision rights.
Crucially, success does not require perfect deception. Voice fraud does not need cinematic realism; it needs plausibility, just enough to trigger an exception, bypass a control, or prompt compliance under time pressure. This is why many public-sector and industry advisories emphasize process over tools, including multi-channel verification, clear reporting pathways, and deliberate friction for high-impact decisions, even when the voice “sounds right.”
For leaders, the implication is straightforward but uncomfortable: the control is not to “spot the fake,” but to never allow identity to rest on a single channel when a request carries significant risk.
A crisis runs on two clocks, and both are unforgiving
The Operation Black Ice scenario intentionally compressed timelines. The attacker imposed a 72-hour ransom deadline. At the same time, the organization confronted the legal reality that data-breach notification regimes often operate on similar clocks.
Under the EU General Data Protection Regulation (GDPR), for example, organizations must notify the relevant authority “where feasible” within 72 hours of becoming aware of a personal data breach, with delays requiring justification (GDPR, Article 33). In practice, this can force external action while critical internal questions, such as scope, exfiltration, containment, and data integrity, remain unresolved.
Leaders are therefore deciding not only how to respond to criminals, but whether they can assemble a defensible narrative quickly enough to meet regulatory, customer, and market expectations. The exercise reinforced the need for disciplined decision cadence and predefined playbooks to help ensure that legal, technical, communications, and executive stakeholders are not inventing coordination mechanisms in the middle of an incident.
The exercise reinforced the need for disciplined decision cadence and predefined playbooks to help ensure that legal, technical, communications, and executive stakeholders are not inventing coordination mechanisms in the middle of an incident.
“Pay or not pay” is not one decision, but a bundle of coupled bets
Board-level discussions often frame ransom payment as a binary choice. The tabletop exercise demonstrated why it never is. Even considering whether to make a payment requires making multiple interdependent judgments in parallel:
- Containment: In the exercise, leaders were required to decide whether to isolate internal systems, disable integrations with third-party providers, and accept immediate operational downtime in order to prevent further spread of the ransomware.
- Credibility: Decision-makers also had to judge the credibility of the attacker’s claims, particularly regarding data exfiltration and persistence. With limited forensic visibility, participants struggled to determine whether extortion threats reflected actual compromise or were designed to accelerate payment and disclosure decisions.
- Disclosure posture: At the same time, leaders faced pressure to define a disclosure strategy. The exercise required participants to decide what to communicate to regulators, customers, employees, and the public, and when. Early disclosure risked amplifying unverified claims, while delayed communication increased the risk of regulatory penalties and loss of stakeholder trust.
- Legal considerations: Directors should coordinate closely with legal counsel to address chain-of-custody requirements, engage insurers appropriately, and assess potential litigation exposure early in the incident response process.
In other words, the payment discussion cannot be separated from the organization’s ability to restore operations, validate what occurred, and communicate credibly while uncertainty persists.
Third parties add risk and multiply ambiguity
When a third party is involved — for example, a vendor that was affected by the attack — leaders must make consequential decisions. These include system disconnections, public communications, and contractual responses, without clear visibility into the incident’s root cause, scope, or likely duration.
The exercise highlighted a recurring tension: executives seek definitive answers from suppliers, while suppliers are often unable to provide certainty in the early stages and may be structurally incentivized to limit disclosures until their own assessments are complete.
This asymmetry amplifies uncertainty precisely when decisions are most consequential.
A trained crisis management team plays a crucial role
One of the clearest insights from Operation Black Ice was the value of a predefined, cross-functional crisis management team (CMT). Effective recovery depends not only on technical containment, but also on governance, including clear decision rights; rehearsed coordination among legal, communications, the CISO, CIO, and executive leadership; and the capacity to operate when data integrity and trust are degraded.
Organizations with trained CMTs will be better able to separate emotion from process, slow down high-risk actions, and frame board-level decisions earlier and more coherently.
The most realistic variable wasn’t technical. It was emotional.
Perhaps the most operationally significant observation was also the least technical: emotion influenced early decision-making. In the exercise, initial reactions were driven more by anxiety about reputational damage, fear of regulatory scrutiny, and pressure to demonstrate control than by verified information.
The purpose of the tabletop exercise was to surface this dynamic safely and then build guardrails, such as structured verification steps, a slower decision cadence, clearer escalation thresholds, and agreed-upon language for communicating uncertainty.
Operation Black Ice is fictional. The pattern it reflects is not.
AI-enabled impersonation as an entry point, third-party dependency as an amplifier, and ransomware-style extortion as the pressure mechanism are increasingly appearing together in real incidents. The exercise made clear that the hardest failures are rarely technical, but are failures of trust, governance, and decision-making under uncertainty.
About the Authors
Dr. Gil Baram is a cyber strategy and policy expert with more than 15 years of experience leading innovative research, lecturing, and consulting senior business leaders and government officials. Currently, she isa Senior Lecturer (Associate Professor) at Bar-Ilan University’s Department of Political Studies, and a non-resident research scholar at the Center for Long-Term Cybersecurity and the Berkeley Risk and Security Lab at UC Berkeley. Her research interests span cybersecurity, emerging technologies, security, and society.
Refael Franco, founder and CEO of Code Blue, holds over 25 years of experience in operations management, security, cyber, and technology. His background includes serving as deputy head of Israel’s National Cyber Directorate, head of the defense arm, and head of the cyber regulation division.
