How I Would Hack You—With AI (And How to Stop Me)

Cybersecurity threats aren’t what they used to be. The days of obvious phishing scams and brute-force attacks are giving way to sophisticated, AI-powered strategies that mimic human behavior and scale at alarming speed.

At Snap Tech IT’s August 2025 webinar, “How I Would Hack You – With AI,” ethical hacker and Director of Information Security Chuck Wiley pulled back the curtain on modern hacking techniques. Spoiler alert: if you think your small or mid-sized business is too small to be a target, think again.

Let’s walk through the highlights—and some of the scariest realities of today’s AI-enhanced threat landscape.

Step 1: Reconnaissance—The Silent Stalker

Before hackers touch your systems, they spend time getting to know you. Publicly available data, employee emails, PDF documents, and even LinkedIn profiles are all fair game in Open Source Intelligence (OSINT).

Chuck demonstrated “Google dorking”, a technique that uses advanced search operators to dig up sensitive files like PDFs and .env files (think: passwords, secrets). Combined with tools like Shodan, which catalogs every internet-connected device, hackers can find exposed systems like remote desktops and vulnerable servers in seconds.

Now add AI to the mix—and reconnaissance goes from hours to milliseconds.

Step 2: Phishing Gets a Brain

Phishing isn’t going away—it’s evolving.

Hackers can now use AI to analyze real email threads and mimic writing styles. In Chuck’s example, a compromised vendor account (Waldo from Electric Grid Solutions) was used to send a legitimate-looking Dropbox link to Sally, a global administrator at another company.

The email looked right. It sounded like Waldo. And it came from Dropbox’s real domain—bypassing filters and lowering Sally’s guard. Once she clicked the link, she entered her Microsoft credentials on a spoofed site, which harvested not only her password, but also her MFA token.

Game over.

Step 3: Let’s Talk CoPilot—and Misconfigurations

What happens if the hacker logs in as Sally, who has Microsoft CoPilot enabled?

They use AI against you.

By prompting CoPilot with clever searches (e.g., “find files with password or secret”), they can instantly scan SharePoint and OneDrive for sensitive files—thanks to misconfigured permissions or “share with everyone” folders.

The point? CoPilot doesn’t check judgment at the door—it checks permissions. And if those are wrong, “Congratulations, you’ve just given hackers their new wingman.”

What You Can Do Today

If you’re feeling a little uneasy right now, good. That means you’re paying attention and likely ready to make a change to protect yourself from hackers!

Here’s what Chuck and the Snap Tech team recommend:

• ✅ MFA everything.

  Yes, it can be bypassed—but it still blocks most basic attacks.

• ✅ Invest in Security Awareness Training.
  
  Teach your team how modern phishing works.

• ✅ Deploy Endpoint Detection & Response (EDR).

  Tools like Sophos XDR can spot and stop post-breach activity.

• ✅ Audit SharePoint and CoPilot use.
  

  Know what’s shared. Know who can access it.

• ✅ Simulate phishing.

  Regular tests = better-trained users.