Kelly Fuller Gordon on the Human Visibility Gap in Cy
Kelly Fuller Gordon on the Human Visibility Gap in Cy
Publish Date: 2026-03-11 15:50:00
Source Domain: www.usatoday.com
Using an unordered list, summarize the following article with between 4 and 8 key points. March 11, 2026, 3:16 p.m. ETExecutives have spent decades fortifying their digital estates, deploying firewalls, endpoint detection, network monitoring, and layered incident response. Modern cybersecurity, Kelly Fuller Gordon, founder of Risx, explains, has matured around protecting infrastructure. Yet, she argues that the rapid adoption of artificial intelligence has revealed a different flaw in the system: exposure at the human layer.“Cybersecurity has been built and matured around protecting systems,” says Gordon. “We protect infrastructure, devices, and nodes. What AI has exposed is this vulnerability around human visibility. We live digitally, but we don’t yet have strong approaches to protect ourselves at that level.”In Gordon’s view, AI hasn’t created digital risk, but has accelerated surveillance. Her argument lies in the belief that large language models rely on vast amounts of data for training, including text from the internet, publicly available datasets, or proprietary sources, potentially leading to identifying patterns and replicating tone, voice, and behavioral cues with precision. According to PwC, a recent study highlighted that human error and exposure were a significant contributing factor in 74% of all cybersecurity breaches. “It’s not getting better, and we can’t address it through more awareness training alone,” Gordon says. “AI correlates information incredibly well. It sees patterns about us and can fabricate something just believable enough that our trust signal says yes.”A deepfake, she insists, does not need to be flawless. It only needs to feel familiar. With further voice cloning, spoofed internal emails, QR-code phishing sent via calendar invites, she observes that attack methods are evolving in sophistication. In regulated industries such as banking, where identity verification is foundational, she believes the implications are immediate. “AI can mimic our voice extremely well,” she says. “If you combine that with publicly available data and behavioral patterns, it becomes easier to fabricate something that feels authentic.” According to Gordon, the issue lies in structural lag. She insists that cybersecurity was designed to protect systems. It was never architected to govern human digital exposure. She refers to this as an “upstream risk.” Offering a house analogy, she explains, “Cybersecurity is the locks and cameras on your house that protect you when someone arrives at the door. The upstream of that is all the visibility about you online, your address, your routines, your family connections. That’s how an attacker can choose your house to attack in the first place.” AI, in her view, has simply made that upstream visibility easier to access, as it could consolidate all the online information in a single output. Gordon points to the reality that home addresses are searchable, family members are tagged, and professional networks are mapped. The social graph, she notes, can reveal who emails whom and who is connected to whom. She says, “Your identity goes beyond passwords. It’s your digital likeness, your voice, your face, the way you write, and the web of relationships around you. AI can correlate that and use it to impersonate you convincingly.”She adds that high-net-worth individuals often face an expanded attack possibility, with multiple properties, assistants with privileged access, and family members posting publicly. Organizations, she argues, face similar complexity. As IT teams focus on system controls while business operators focus on growth and efficiency, Gordon notes that they may both adopt AI to streamline those processes, and in doing so, potentially invite exposure risk. “As AI shifts how we function, it should shift how we think about protection,” Gordon says. “Security tools are still largely system-focused. There’s an expanded mental shift required.” That shift, she emphasizes, begins with visibility.“We start by asking: where are you exposed?” Gordon says. “We conduct what you could call reconnaissance on our clients, looking at their digital footprint the way an adversary would, not to cause alarm, but to gain perspective. Most people have never seen the full digital picture of themselves.”She refers to this process as a visibility audit, which examines publicly accessible data, data broker listings, executive exposure, and social connections. The objective, she highlights, is intentionality. “Some exposure may be acceptable, some may require reduction, and some may simply require acknowledgment and monitoring,” Gordon explains. She is explicit that her position is not anti-AI. “We love AI. It’s powerful, and it’s not going anywhere,” she says. “I’m not saying it makes risk greater. It gives us a different lens. It makes it easier to gather and correlate data. The risk was always there.” What changes now, she argues, is governance.Gordon distinguishes between cybersecurity tools that protect devices and networks and what she calls digital governance, protecting identity and visibility. In her framing, governance is a discipline. For organizations, she advises bridging conversations between IT and business operations. For individuals, she encourages recognizing that digital presence is an asset with risk implications and practicing vigilance. “Visibility should be intentional, not accidental,” Gordon says. “Digital risk can be governed. The first step is understanding what’s out there and deciding deliberately what you want to keep there.” Through that lens, Gordon posits that AI has illuminated the IT terrain; the opportunity now is to govern it, with clarity and strategy rather than fear.
