Most organisations think cyber risk begins with a suspicious email or an unusual login attempt. But many risks start much earlier, long before an attacker arrives. This week we showed how a simple copy-and-paste into an AI tool can leak sensitive information instantly.
It resonated for a simple reason:
The biggest risks in 2026 often begin long before an attacker arrives on the scene.
Modern cyber incidents emerge from a combination of two forces:
-
Technical weaknesses that still matter
-
Human behaviour that now matters even more because of AI
When these two forces meet, the smallest signals can create the largest exposures.
Today’s lesson explores the two silent risks behind a growing number of breaches: AI leakage and metadata.
1. AI leakage starts with good intentions
Teams increasingly use AI tools to save time.
They tidy emails, summarise notes, restructure documents and speed through admin. It feels efficient.
But the moment someone pastes internal notes, customer details or system information into a public AI model, three things happen:
-
The data leaves the business
-
It cannot be pulled back
-
It can shape future responses in unpredictable ways
No one does this deliberately.
Convenience creates the exposure.
And that is why AI leakage has become one of the most common behavioural causes of data loss inside real organisations.
2. Metadata shows more about your organisation than you expect
Metadata is the information around your activity, the digital exhaust you don’t notice.
It includes:
-
Browsing behaviour
-
Device patterns
-
Time-of-day interactions
-
Approval timings
-
Communication habits
Individually these signals seem harmless.
Combined, they form a behavioural fingerprint that can be used to:
-
Craft tailored phishing messages
-
Imitate trusted suppliers
-
Predict when teams are distracted
-
Build highly convincing scams with minimal skill
Attackers no longer need to guess.
Metadata tells them how your organisation behaves.
3. Why these risks now amplify each other
AI leakage reveals context.
Metadata reveals behaviour.
Together they give attackers both sides of the problem:
-
What your organisation communicates
-
How your people typically respond
This is why phishing attacks have become more precise.
It is no longer about sending thousands of random emails, it is about using small signals to create one message that lands at exactly the right moment.
This is also why traditional perimeter defences are no longer enough.
Modern cyber risk grows from patterns created inside the business.
4. What this means for organisations preparing for 2026
Strengthening cyber posture is no longer about waiting for an attack.
It is about reducing the signals and shortcuts that make attacks easier.
Organisations need:
-
Clear policies for staff using AI tools
-
Visibility of what data leaves the organisation
-
Awareness of how metadata is exposed
-
Verification habits that slow down phishing attempts
-
Proper controls in Microsoft 365 and email security
-
Regular simulations that build instinctive behaviour, not fear
Good cyber hygiene is not only technical.
It is cultural.
Practical next steps
Two free resources will help you understand your exposure today:
Phishing Defence Toolkit
Five practical steps you can implement immediately, covering MFA, inbox rule audits, external tagging, verification habits and recovery.
Cyber Health Check
A two-minute assessment that highlights:
-
Phishing risk
-
Behavioural exposure
-
Metadata vulnerabilities
-
Digital hygiene gaps
Your report arrives instantly with clear next actions.
What comes next
Tomorrow we explore how attackers use the information you unknowingly share, and why small behavioural patterns create outsized cyber risk.
More insight.
More clarity.
More lessons to strengthen your data, cyber and AI foundations.
Assured Digital.
