Kaspersky‘s Global Research and Analysis Team (GReAT) has identified four emerging cybersecurity risks tied to the rise of cognitive AI — systems capable of analysing neural signals, modelling behaviour, and anticipating decision-making patterns — warning that while mass adoption remains distant, the threat landscape is already shifting.
Presented at Kaspersky HORIZONS, the company’s annual cybersecurity conference held in Rome on 19 May, the findings mark a shift in how the industry frames AI risk: from data exposure to cognitive manipulation.
Four cognitive AI threats enterprises need to watch
The first risk concerns social engineering. Large Language Models are already enabling more convincing phishing attempts; with cognitive AI, attackers can build psychological profiles from social platforms and large datasets to craft highly targeted, emotionally persuasive scams. Kaspersky’s latest Global Report by Kaspersky Security Services found that phishing accounts for roughly 15% of the most prevalent attack techniques — and serves as a key entry point for advanced persistent threats targeting businesses and government entities.
The second risk involves large-scale cognitive manipulation. AI enables influence operations that exploit cognitive biases and emotional triggers across entire populations, blurring the line between predicting behaviour and actively shaping it. The systemic effect extends beyond individual autonomy to public trust.
Third, AI-driven profiling enables predictive abuse. By aggregating data from social media and digital behaviour, AI can construct detailed psychological profiles of individuals — amplifying doxxing, targeted harassment, and identity-based attacks at scale. Critically, individuals can be targeted based on inferred behaviour rather than actual actions.
The fourth risk concerns brain-computer interfaces (BCIs). Although largely experimental, BCIs are already interpreting neural signals to enable communication and device control for patients. As these systems converge with IoT infrastructure — smart home devices, assistive technologies, medical equipment — the attack surface expands into physical systems and human agency itself.
Proactive collaboration needed across industry and policy
“Although cognitive AI is still at an early stage and far from mass adoption, it is developing rapidly. Advanced human-AI interaction models are still expected to become significantly more widespread in the coming decades. As adoption will grow, so too will the associated risks — and when it happens, we need to be prepared.” — Noushin Shabab, Lead Security Researcher, Kaspersky GReAT
Kaspersky is calling for collaboration between the cybersecurity community, AI developers, scientists, and policymakers to establish proactive safeguards for mental privacy. The company notes that current AI systems cannot directly read human thoughts, but their capacity to influence behaviour through recommendation systems, personalisation, and information control already represents a real and growing risk.
