Cyber Security with AI: Do Not Overlook Insider Threats

May 21, 2026

Another dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold.

I read reports about the wonderful work of smart software. It finds bugs. It finds simple mistakes. It finds all sorts of things. Cyber security professionals are working to tap the remarkable power of “Attention is all you need.”

I do want to remind anyone involved in cyber security that interesting new threats arrive daily. One example was Telegram’s announcement that it has used smart software to make programming Telegram smart contracts easier. Let’s assume that this statement is true. Who will be among the first to poke, prod, and explore this lowering of the learning curve for adding intelligence to Telegram-enabled bots, mini apps, and dApps (distributed applications)?

It will not be the frontier model folks. When content turns up and the frontier bros do some training, then the magical Mythos-type cyber security apps will get a boost.

Which employee is the insider threat? Thanks, Midjourney. Good enough.

However, let’s slow the hype train to make sure the wheels are not wobbling.

“Twin Brothers Wipe 96 Gov’t Databases Minutes after Being Fired” does not report about smart software preventing a breach. The article includes a reference to the use of OpenAI’s ChatGPT for guidance. The cyber threat was background checks, questionable personnel processes, and humans with a history of creating digital excitement.

The government agency losing some data was the Department of Homeland Security. But a total of 96 government databases were eliminated after the twin brothers were terminated. The company responsible for the hiring of these two clever lads is identified in the source article. I suggest you locate that firm in case you are working with the outfit. I won’t name the company.

My focus is on the massive craziness about how wonderful LLMs are at finding bugs. That over-the-top response to a function most of the LLMs my team and I have tested can do this type of work. Sure, one has to fiddle around with prompts and being clever with query sequences, but the capability is there. It seems new, unique, novel, and monetizable. Absolutely.

But the big time cyber threats are often the ones created by:

Slipshod vetting of employees who will have access to digital systems. One cannot do a Google search for an entity like “Janet Louise Lovell” and conclude, “Oh, she’s a low profile person. She’s not a problem.” This means that hiring processes have to shift from amateur hour mode to professional grade investigative probes. Insiders are a big time cyber security risk.
Management like those lovable MBAs, lawyers, and engineers who run companies doing important work have to manage. I know this is a radical concept, but I think that most senior executives chase sales, pitch for money or contracts, and show up at conferences to watch people the way a wolf tracks a lone sheep. The procedures followed for the termination of the brothers did not cut off system access for both brothers. One slipped through the cracks and deleted the data. That’s a management problem.
Cyber security providers need to make sure that “insider threat” appears in their marketing materials, is articulated in face-to-face meetings, and included in any explanation of the risks bad actors pose. To compromise an employee, a skilled operator can use specific techniques to gain access. LLM powered cyber security might assist in preventing a problem, but humans are vulnerable. Some need money. Some harbor a grudge. Most don’t want a loved one harmed.

Net net: Senior managers need to manage procedures, processes, and policies. Most don’t want to do this work. What’s the editorial policy at Google? How does OpenAI screen employees? How does Microsoft prevent disgruntled employees from revealing proprietary information? Mythos-type systems are useful, but ignoring insider threats is not a good idea.

Just ask someone at DHS about that disappeared “dhsproddb.”

Stephen E Arnold, May 21, 2026

Written by Stephen E. Arnold · Filed Under AI, cybercrime, cybersecurity, Management, News

Comments

Got something to say?

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.