Why Your AI Assistant Might Be the Security Problem

You trust AI without thinking about it. Your voice assistant orders groceries. Your bank's AI approves transactions. Your phone's facial recognition unlocks with a glance. These systems work so well that you forget they can be fooled.

Here's the problem: hackers aren't breaking into these systems anymore. They're tricking them. And your firewall can't stop it.

Traditional hacking breaks through walls. Someone steals your password, penetrates the firewall, accesses the database. AI manipulation is different. The AI already has access to sensitive data. It already has permissions to take actions. Security tools see normal activity. They don't know the AI is being tricked into making bad decisions with data it's allowed to see.

Data Poisoning: Teaching AI the Wrong Lessons

In 2019, a factory's AI predicted when machines needed maintenance. It suddenly started failing. Equipment broke down without warning. Critical repairs were missed. Routine maintenance happened on perfectly fine machines.

Hackers had accessed the sensors monitoring the equipment. They didn't corrupt everything at once. They made tiny changes:
temperature readings slightly off, vibration data nudged higher, performance metrics tweaked. Each change looked like normal sensor drift.

The AI learned from this poisoned data for months. It learned that warning signs meant nothing. By the time anyone noticed, the AI's entire understanding was wrong.

Think about your spam filter. It learns from emails you mark as spam. What if someone slowly trained it to ignore phishing emails? Your bank's fraud detection learns from transaction patterns. What if someone gradually normalized suspicious behavior? You'd never notice until it was too late.

Data poisoning works because AI systems are designed to adapt and learn. That's their strength. It's also their weakness.

Adversarial Inputs: Making AI See Things Wrong

A hospital's AI reads MRI scans and flags potential problems. Doctors started noticing odd mistakes. The AI saw tumors that weren't there. It missed ones that were.

Someone had tampered with the images before the AI analyzed them. They changed a few pixels here, adjusted brightness there. Doctors looking at the same scans saw nothing unusual. The AI saw something completely different.

This is like putting trick glasses on someone. They're looking at the same thing you are, but they see it wrong. Except you can't tell the AI is wearing trick glasses.

Your phone's facial recognition works the same way. Researchers printed specific patterns on glasses frames that caused the AI to misidentify people. The AI looked at the face, processed the features, and confidently returned the wrong answer. The system worked perfectly. Someone just learned its blind spots.

Adversarial attacks craft inputs designed to confuse AI while appearing normal to humans. The AI isn't broken. The input is the problem.

Model Inversion: Talking AI Into Breaking Rules

Banks use AI to answer customer service calls. The AI can check your balance, transfer money, verify transactions. It needs these permissions to help you.

Now imagine someone calls repeatedly, testing how the AI responds. Can they get it to summarize information about other customers? Will it generate reports it shouldn't? Can they phrase questions that make it leak data?

The hacker isn't breaking into the database. They're not stealing passwords. They're just asking questions cleverly enough that the AI gives away information it shouldn't.

Users of smart home voice assistants reported targeted advertisements based on private conversations. Investigators found that attackers had extracted sensitive information by reverse engineering the AI's responses. The assistant wasn't hacked in the traditional sense. The AI model itself became the vulnerability.

Your voice assistant works similarly. Researchers embedded commands in audio that sounded like noise to humans. Your phone heard "order 50 pizzas." You heard static.

Speed makes this dangerous. Hackers can use their own AI to attack yours, testing thousands of question variations per minute. Human security analysts can't keep up.

Hidden Backdoors: Secret Triggers Embedded in AI

A corporation used voice recognition for secure building access. They discovered that unauthorized people could enter by speaking a specific phrase. The phrase acted as a trigger embedded in the AI during training.

The AI worked normally for everyone else. Only that exact phrase granted access regardless of who spoke it. The company had purchased the AI model from a third-party vendor. Someone had planted the backdoor during training. Traditional security testing wouldn't catch this. You'd need to test millions of potential inputs systematically.

Scale makes this terrifying. One corrupted AI model affects millions of users simultaneously. When someone embeds a backdoor, every copy of that AI inherits the problem. Your voice assistant might be fine today, but an update could push the vulnerability to everyone overnight.

The Fake CEO Call: All Four Methods Combined

A company executive got a call from his CEO. Urgent matter. Need to transfer money immediately. The voice sounded exactly right: same accent, same tone, same speaking style. The executive sent the money.

The CEO never made that call. AI cloned his voice from YouTube videos and generated the conversation in real time. This happened in 2019. The technology is far better now.

This attack used adversarial inputs (synthetic voice designed to fool recognition systems) combined with model inversion techniques (analyzing how voice AI responds to craft convincing fakes). As deepfake technology improves through data poisoning of detection systems and potential backdoors in voice processing AI, these attacks become harder to detect.

You can clone someone's voice from a few seconds of audio. You can generate fake videos on a laptop. When money is involved, you can't trust what you hear or see anymore.

What You Can Do

Verify financial requests through multiple channels. Boss calls asking for money? Text them. Email them. Walk to their office. Don't rely on voice alone.

Use multi-factor authentication everywhere. Biometrics aren't enough when AI can fake voices and faces. Combine password plus phone plus fingerprint.

Question unusual AI behavior. When your voice assistant does something weird, when your bank's AI makes a strange decision, consider manipulation rather than malfunction.

Understand what AI can access. Voice assistants that can order products need payment information. AI customer service can view your account. Banking AI can transfer funds. Minimize what you share.

Review privacy settings quarterly. AI companies regularly update their systems. Disable features you don't use.

The Bottom Line

Most companies don't realize this yet. They apply old security measures to new problems. They assume their AI is protected because their network is protected. It isn't.

The attacks are already happening. The defenses are still being figured out. And your AI assistant doesn't know it's being fooled.

These threats are documented in detail in Mountain Theory's white paper "Emerging Threats to Artificial Intelligence Systems and Gaps in Current Security Measures" by Michael May and Shaun Cuttill. The research analyzes real world incidents and identifies critical gaps in current security frameworks that leave AI systems vulnerable to manipulation. Read the full white paper at https://mountaintheory.ai/emerging-threats-to-artificial-intelligence-systems-and-gaps-in-current-security-measures/

Pushing the Limits with AI-Integrated Online Engineering Courses

Online engineering courses have spent two decades trying to prove they could match classroom instruction. Personally and based on my experience - when built the right way - I know they can. But now.... AI integration forces a harder question: can they exceed it?

The traditional model relies on static content delivery. Students watch recorded lectures, complete assignments, and wait for feedback. AI changes the timeline. Students get immediate responses to questions, instant code reviews, and real-time troubleshooting assistance. The delay between confusion and clarity shrinks from days to seconds.

Consider circuit analysis. A student builds a simulation, gets unexpected results, and stops. Previously, they posted to a forum or waited for office hours. Now they describe the problem to an AI assistant that walks through their schematic, identifies the error, and explains why the voltage divider calculation failed. The learning happens in the moment of need, not after the moment passes.

This shifts the instructor role. You become the designer of AI-assisted learning experiences rather than the primary content source. Your expertise matters more, not less. You create the problems AI helps students solve. You build the scaffolding AI uses to guide discovery. You intervene when AI explanations miss the mark or when students need human judgment about design tradeoffs.

The data tells you things classrooms never could. Which concepts cause repeated AI queries? Where do students get stuck despite AI assistance? What questions reveal deeper misunderstandings? You see learning patterns across entire cohorts in real time.

Personalization becomes practical at scale. AI adapts problem difficulty based on student performance. It recognizes when someone needs a simpler explanation or a more complex challenge. It suggests prerequisite reviews when knowledge gaps appear. Each student gets a version of the course tuned to their current understanding.

Assessment changes fundamentally. Take-home exams become meaningless when students can query AI for solutions. You need problems that require synthesis, judgment, and creativity. Design challenges with multiple valid approaches. Optimization tasks where students must justify their choices. Projects that integrate concepts across the curriculum. AI becomes a tool students must learn to use effectively, like MATLAB or CAD software.

The limits matter. AI makes factual errors. It generates plausible-sounding nonsense. It cannot replace hands-on lab experience or teach professional judgment. Students need to know when AI helps and when it hinders. That metacognitive skill becomes part of the curriculum.

Cost drops while quality rises. You eliminate textbook expenses. Students access powerful tools without licensing fees. AI handles routine questions while you focus on complex guidance.

The technology moves faster than accreditation. ABET criteria assume traditional delivery models. Program reviews ask about contact hours and lab facilities. You need documentation showing that AI-assisted online courses meet outcome requirements. Early adopters provide the evidence later programs will need.

Engineering education has spent decades moving online. AI integration represents the next boundary. Courses that use it well will outperform traditional formats on learning outcomes, student satisfaction, and cost efficiency. The question is not whether to integrate AI, but how quickly you can do it effectively.

The limits are being pushed. Some will break.

Part 2 Writing NSF Grant Proposals Video Series: Intellectual Merit and Broader Impacts

A few weeks ago, I gave a talk at the University of Hartford about writing successful NSF grant proposals. I've written many proposals over the years, made plenty of mistakes, learned some things, and am still learning.

Part 1 covered getting started fundamentals: the parts and pieces of an NSF proposal, practical writing strategies to help you secure funding, and an introduction to Intellectual Merit (IM) and Broader Impacts (BI).

Part 2 digs deep into Intellectual Merit and Broader Impacts: what they mean, how reviewers evaluate them, and practical writing strategies to address both effectively.

Intellectual Merit covers whether your proposed activity can advance knowledge within its field or across different fields. Think of it as the contribution part of potential publications; it addresses the work itself and its findings.

Broader Impacts addresses how your work will benefit society. NSF provides examples: improving STEM education, increasing public scientific literacy, developing a diverse STEM workforce, building partnerships, improving national security, increasing U.S. economic competitiveness, and enhancing research infrastructure.

Here’s Part 2:

Each segment in the series addresses a specific aspect of proposal writing, from early planning questions to building budgets. Watch for Part 3, which will cover additional components of a complete and competitive NSF proposal.

The presentation series reflects conditions as of October 7, 2025. NSF programs and guidelines change, so verify current requirements for your program of interest before and during your writing.

Disclaimer: These opinions and advice are mine! They reflect my experience writing proposals, not official NSF guidance or institutional policy. What worked for me may need adjustment for your field or project.

Agentic Commerce: Can AI Shop Better Than You?

You send a text: "Reorder my usual coffee when I'm running low." An AI agent checks your inventory, compares prices across 50 retailers, selects the best option, and completes the purchase. you receive a notification after it's done.

 That's agentic commerce. AI software acts on your behalf to shop, compare, and buy without you clicking through websites or entering payment information for each transaction. You set preferences and spending limits. The agent operates within those boundaries.

 

The technology uses large language models to understand requests, APIs (Application Programming Interfaces) to access product catalogs and payment systems, and machine learning to improve recommendations over time. Visa, Mastercard, PayPal, Amazon, and Google have all launched or have plans to launch agentic commerce platforms (see Links to Watch below) in 2025. The agents can handle simple tasks like grocery reordering or complex ones like researching neighborhoods when you relocate.

 

Advantages

Time savings: You delegate research, comparison, and execution to software. No browser tabs, no manual price checks.

Price optimization follows: Agents scan thousands of retailers instantly and find better deals than human shoppers typically locate. They monitor price drops and act when conditions meet your preset criteria. Some negotiate pricing directly.

Personalization improvements through pattern recognition: Agents learn your preferences, budget constraints, and purchase history. They filter options against your actual behavior rather than generic demographic data. Recommendations get more accurate over time.

Cart abandonment drops: Friction disappears when agents complete multistep processes automatically.

 

Disadvantages

Trust gaps: Only 24% of US consumers feel comfortable letting AI complete purchases, according to Bain research. Liability remains unclear when an agent makes an unauthorized or incorrect purchase. Who pays when the bot orders the wrong item or books a nonrefundable flight you can't use?

Fraud risks: Agents can be tricked by fake listings, manipulated reviews, or spoofed sellers. Payment credentials become more vulnerable when stored for autonomous access. Data poisoning can skew agent decisions across many transactions.

Merchant disintermediation: Retailers lose direct customer relationships when agents make data driven purchase decisions. Brand loyalty weakens. Small and midsize retailers face higher costs to optimize product data for machine readability.

Pricing pressure increase: Agents search for the best deals automatically, which forces margins down across categories. Impulse purchases decline because agents buy only what you need.

Privacy concerns:  Agents require extensive behavioral data to function effectively. Transparency about data collection varies. Regulatory frameworks lag behind the technology.

You'll need parallel shopping systems: one for humans, one for bots: The transition period creates complexity without guarantees that consumer adoption will follow.

Links To Watch

Here are links to some major agentic commerce platforms:

Visa Intelligent Commerce: https://corporate.visa.com/en/products/intelligent-commerce.html

Mastercard Agent Pay: https://www.mastercard.com/us/en/business/artificial-intelligence/mastercard-agent-pay.html

PayPal Agentic Commerce (PayPal.ai) https://paypal.ai/

Amazon Buy for Me: https://www.aboutamazon.com/news/retail/amazon-shopping-app-buy-for-me-brands

Google AI Mode Shopping: https://blog.google/products/shopping/google-shopping-ai-mode-virtual-try-on-update/

Some Notes On These: Amazon's Buy for Me is currently in beta testing with limited users. Google's agentic checkout feature was announced at I/O 2025 but has not fully rolled out yet.

Writing NSF Grant Proposals Video Series: Part 1

A few weeks ago, I gave a talk at one of my favorite places that I’ve had the opportunity to  teach - the University of Hartford - about writing NSF grant proposals. I've written many proposals over the years, made plenty of mistakes, learned some things, and still learning. I decided to share what I know more broadly. 

This is Part 1. The presentation reflects conditions as of October 7, 2025. NSF programs and guidelines change, so verify current requirements for your program of interest before and monitor during your writing.

 

The video covers the fundamentals. I focus on practical writing strategies that help you secure funding, including how to address intellectual merit and broader impacts without using generic language.

 

One disclaimer: these opinions and advice are mine. They reflect my experience writing proposals, not official NSF guidance or institutional policy. What worked for me may need adjustment for your field or project.

 

Parts 2 and 3 will come soon. Each segment addresses a specific aspect of proposal writing, from early planning questions to building budgets.

If you're preparing an NSF proposal, I hope this helps. Watch for Parts 2 and 3 coming soon and good luck! Email me if you have questions at gordonsnyder@gmail.com

Lost in Seattle With Mete Mario

Me, Lynn Barnett, and Mete Kök
at the 1998 NSF ATE Conference in Washington, DC

The drizzle came down on the rental. Mete drove and Alberto sat beside him looking at his
watch. I was in the back seat.

"Six o'clock," Alberto said.

"I know it."

Mete's face was set. His jaw was tight but his hands were loose on the wheel. We had been driving through the neighborhoods for some time. There was no map. I had said I knew the way from the hotel but I did not know it. The houses were small with well kept yards. The streets all looked the same in the drizzle.

We had meetings for three days. Microsoft and the American Association of Community Colleges had set up a program called Working Connections. The three of us were community college faculty. Our colleges were part of the program. 1998 was a good time. The internet was taking off. Everyone was building websites. Microsoft was fighting Netscape for the browser war and spending big. Y2K was coming and everyone needed help. Windows NT was everywhere. Microsoft was winning and they knew it. You could feel the energy. The campus in Redmond was new buildings and green lawns. Long meeting days but they treated us like royalty. Community college faculty getting the executive treatment. Everything was first class. They fed us well - I fondly remember the swizzle sticks for our coffee. and of course - the chair massages. The presentations were sharp. Everyone wore business casual. One guy wore a kilt. No ties. The hotel was downtown Seattle. Marble floors and doormen. The beds were comfy. Views spectacular. We bussed back and forth to Redmond. Now, we were lost in the neighborhoods where people lived.

"Turn left," I said.

"You know?"

"No."

He turned his head but his eyes never left the road. He did not look worried. The street curved back. Alberto watched his watch. The drizzle was steady now.

"We need to ask," I said.

Mete was already stopping. He knew what to do. An old man came out with his dog. He had no umbrella. Nobody uses them in Seattle. The drizzle was on his head and shoulders. The dog was wet. Mete rolled down the window.

"The airport?"

The man came closer. He looked at us through the drizzle. Water was on his face.

"Sea-Tac?"

"Yes."

"End of the street. Turn right. Five blocks to Aurora. Go south. You'll see the signs for the interstate."

"Thank you."

Mete's face changed. Now he knew. His shoulders relaxed. He drove like he knew. We found Aurora. Then the signs. Then the highway. The drizzle kept coming. Mete's hands were steady on the wheel. His eyes were focused and calm. He moved between the cars and did not use the brakes much. The wipers went back and forth. He never rushed and he was efficient. There was no question we would make it. You could see it in his face.

Alberto looked at his watch at the airport exit. Mete did not look at anything but the road. He knew the time without looking.

Mete pulled to the curb at departures. Smooth. Perfect. Alberto took his bag and got out. The drizzle hit him. He ran for the doors.

We watched him go inside.

I climbed into the front seat.

"Will he make it?"

Mete looked at me. His face was calm. It had been calm the whole time.

"He will."

(He did)

I looked at Mete. He had driven like Mario Andretti. The racing driver. Fast and smooth and never rattled.

"Mario," I said.

"What?"

"Mete Mario."

He smiled a little. It was good.

What I Tell Students About AI and Their Careers

Yesterday I wrote about my experience meeting with first year engineering students at Wentworth Institute of Technology. Here’s a bit more on what was discussed. 

AI always comes up. Whenever I talk to students - AI - it's something we are all concerned about. We worry about career security, whether we will be replaced by a bot, how fast it is moving. I have my own opinions on this from both a career perspective and a classroom perspective. Here's my take.

 

AI is now standard equipment. You'll use AI to draft reports, run design iterations, and analyze data. These tools are already normal day to day for many engineers. I like to compare AI to CAD. In the 1980s, senior engineers worried that CAD would eliminate drafting jobs. It did. But it created more engineering jobs because projects got cheaper and faster. Engineers who learned AutoCAD (arguably the first CAD program to gain widespread adoption is the 1980s) early had an advantage over those who clung to drafting tables. The same pattern applies now.

 

Computers can't make decisions that matter. AI suggests solutions based on parameters you provide. You decide which parameters count. You recognize when outputs look correct but fail in reality. You know when code conflicts with physics. You take responsibility when designs fail. Software doesn't do that.

 

Hands-on work resists automation. Site inspections, equipment troubleshooting, and field verification require presence. Civil, mechanical, and construction engineering involve messy reality. Sensors lie. Materials behave unpredictably. You verify assumptions with your hands and eyes.

 

Communication grows more valuable. Clients need translation between technical reality and business needs. Regulators need convincing. Teams need coordination. AI generates text; you read people and adjust strategy accordingly.

 

Choose your specialization carefully. Deep technical knowledge in stable domains (structural analysis, thermodynamics, electromagnetics) pairs well with computational tools. You provide expertise; computers handle calculations. Broad systems thinking also works. You connect disciplines; software optimizes within constraints you define.

 

Skills that will protect your career with reference to AI:

·       Learning new tools quickly

·       Critical evaluation of automated outputs

·       Client and stakeholder management

·       Hands-on troubleshooting

·       Ethical decision making

·       Cross-disciplinary thinking

 

Many engineering faculty disagree on this topic. Now for the fun stuff. Some professors ban AI tools in their courses. They have concerns about academic integrity and skill development. I understand the concerns and have the same ones, but this stuff is not going away. Employers today expect engineers to use AI tools day one, so I've shifted (and continue to shift) my courses to incorporate AI into assignments and labs. Students need practice evaluating AI outputs and knowing when to trust them. Learning these skills in school sure beats learning them under deadline pressure at a first job.

 

Advice to students. Use AI tools in your coursework when allowed. Learn their limitations through experience. Discover where they fail. If a professor bans AI, respect that rule. But seek out courses that teach you to work with these tools effectively.

Your generation will work alongside AI throughout your careers. Good engineers get better with better tools.