Rachel Tobac
@RachelTobac
Friendly Hacker & CEO @SocialProofSec security awareness/social engineering prevention Training, Videos, Talks | 3X @DEFCON🥈| Chair @WISPorg | Ex @CISAgov TAC
*ANNOUNCEMENT* Presenting: the trailer for our new 🎶MUSICAL🎶 & spoken Security Awareness Videos! After the infosec sea shanty, dozens of teams DM’d me saying "The song worked! MFA usage up, reporting way up, pls make more songs!" So we got to work & you all it's finally here!🤖
A round of applause for SocialProof Security @socialproofsec - as our Platinum sponsor, thanks for helping us hack human hearts! 💚 🌐 socialproofsecurity.com
Join us Aug 20 for a live hacking demo + fireside chat with ethical hacker @RachelTobac as she exposes how AI-assisted impersonation attacks are defeating traditional defenses. Register: us02web.zoom.us/webinar/regist…
Remember when @KnowBe4 put out that blog post about inadvertently hiring a North Korean criminal who started uploading malware to the network immediately! They caught one of the US citizens involved in the attacks on the hiring system at 300+ US companies.
Arizona Woman Sentenced for $17M Information Technology Worker Fraud Scheme that Generated Revenue for North Korea fbi.gov/news/press-rel… @FBIPhoenix
Google Threat Intel is tracking widespread exploitation of on-prem SharePoint vulns: CVE-2025-53770 & CVE-2025-53771. This is a severe threat. We recommend patching, threat hunting and rotating keys. Learn more, incl. how to detect this threat in Google SecOps:…
Join us on August 20th for a live hacking demo and fireside chat with ethical hacker @RachelTobac as she exposes how AI-assisted impersonation attacks are defeating traditional defenses and targeting real-world enterprise workflows. Register now: us02web.zoom.us/webinar/regist…
THIS IS CRAZYYYYYYYY
AI voice clones have hit the White House AGAIN, now impersonating the Secretary of State to other Gov officials to try to steal secrets/access. Here is a video of me live demoing how quick and easy it is to clone a voice to hack and how to catch AI voice clone attacks in action!
Fantastic stuff! Just a few years ago, nobody could have imagined any of this:
Now can you use the ChatGPT Agent to: - download malware instead of that free software you were looking for online - accidentally leak your emails to the public - inadvertently share your private photos to social media - book a nonrefundable $10k first class flight to Europe
The saying, "To err is human, but to really screw things up you need a computer" goes back at least to the 80s. Now we can update it with how haphazard AI integration into our lives and tools is enabling whole new categories of blunder!
Fantastic stuff! Just a few years ago, nobody could have imagined any of this:
DuckDuckGo now lets you hide AI-generated images in search results | TechCrunch techcrunch.com/2025/07/18/duc…
Why fake AI calls impersonating US officials are the new normal, featuring @RachelTobac: cnn.com/2025/07/12/pol…
Many @ring camera users discussing online that they had multiple unauthorized devices added to their Ring account recently. Curious about this — has anyone else seen unauthorized devices added to their Ring account lately?
We trained the model and implemented system mitigations to prevent harm and keep users in control, but agree with your concern and risk of these examples. I'm a fan of your work and would be great to collab to improve our models and educate people on the risks!