CIO Influence Interview with Jim Dolce, CEO of Lookout

Jim Dolce, CEO of Lookout weighs in with a few pointers on what modern organizations should do to protect themselves from ‘smishing’ threats in this CIO Influence Interview:

_________

Tell us about Lookout Smishing AI and how it enables end users?

Even as organizations deploy advanced defensive technologies to protect their data and infrastructure, the unfortunate truth about cybersecurity is that humans remain vulnerable to attacks. Threat actors target individuals with SMS phishing (smishing) messages that appear convincing and often create threatening scenarios that exploit emotions like fear, curiosity, uncertainty, and urgency to prompt immediate action. Now, with generative AI enabling more realistic and even personalized smishing messages at scale, users are being manipulated into allowing threat actors to bypass even basic security measures.

Lookout Smishing AI is designed to protect the human layer. It fights AI with AI by analyzing language patterns and contextual cues to identify and block threats before humans fall victim. Its proactive defenses keep employees and enterprise data safe from the most effective tactics hackers use to gain entry.

What pointers should organizations be most aware of when it comes to SMS phishing attacks?

While smishing is very common, attackers are becoming more subtle and clever, focusing on getting the victim to respond to, engage with, and trust the message sender before launching their attack. The initial message might be as simple as a fake update from IT or an urgent request from someone impersonating your CEO, but then it escalates into a situation that tricks the user into giving the attacker credentials or data, all without clicking a link or leaving their texting environment.

The era of simple phishing links is over. Generative AI now fuels highly convincing scams that blur the line between real and fake. To stay protected, organizations must continuously educate their workforce and adapt defenses to meet the new realities of the mobile threat landscape.

However, traditional security awareness training is no longer sufficient. Cybercriminals adapt faster than training programs can keep up, especially with the speed and sophistication of modern smishing attacks. To stay protected, organizations need real-time, AI-driven defenses that can close the gap between awareness and action.

How effective are LLMs in blocking threats today? How do they work here?

Large Language Models (LLMs) can now interpret the context and intent behind a message—not just its words. In effect, they can read between the lines with an unbiased, emotion-free lens to determine whether a message might be a social engineering attempt, even when no obvious red flags exist. When users face high-pressure situations, as often happens in smishing attacks, human judgment can falter. That’s where LLMs step in, providing an intelligent “second opinion” to help protect the user.

How do AI-first capabilities enhance security protocols for modern organizations?

For any modern security company, AI-first capabilities are no longer optional. They’re essential to stay ahead of adversaries who are rapidly enhancing their tactics, techniques, and procedures with AI. The threat landscape is evolving, driven increasingly by malicious AI. Defending against it requires fighting AI with AI, because attackers only need to succeed once — while we must get it right every time.

What thoughts do you have surrounding the state of security and online threats today that you’d share with fellow security experts and CISOs?

CISOs and security leaders must recognize that mobile devices are no longer peripheral; they are core enterprise endpoints, central to productivity, communication, and authentication. Recent attacks by groups like Scattered Spider highlight the urgent need to secure mobile devices with the same rigor applied to traditional endpoints.

Today, credential theft and social engineering are the most common forms of attack. Threat actors are increasingly weaponizing AI-powered smishing campaigns, exploiting the fact that every employee carries a mobile device. Generative AI has made these attacks more personal and scalable, enabling messages that reference recent purchases, hobbies, or life events to appear authentic. Since the introduction of commercial AI models like ChatGPT, AI-driven phishing attacks have surged exponentially, reshaping the threat landscape.

Email security has long been central to enterprise security discussions and remains a primary target for phishing, credential theft, and social engineering. However, the threat landscape has evolved. Subtly but definitively, attackers are increasingly bypassing the inbox and spreading their attacks across multiple channels.

Recent data shows that 41% of phishing incidents now use multichannel tactics, including SMS (smishing), voice calls (vishing), and QR codes (quishing). The trend is clear: While email remains a threat, attackers are shifting toward mobile-first platforms, such as text messages, iMessage, WhatsApp, and social direct messages. These attacks are harder to detect, more difficult to manage, and more likely to succeed because they target the most vulnerable point in the chain: the human behind the screen.

Data from over 700 security leaders shows a clear disconnect: 96% believe their employees can spot phishing attempts on mobile, yet more than half have experienced executive impersonation scams delivered via text or voice. This underscores the urgent need for stronger protections at the human layer to stop attackers before they gain access through employees. In security, the first — and last — line of defense is your people.

Catch more CIO Insights: The CIO as AI Ethics Architect: Building Trust In The Algorithmic Enterprise

[To share your insights with us, please write to psen@itechseries.com ]