Episode 141: Carter Zupancich - Vishing with AI
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “Episode 141: Carter Zupancich - Vishing with AI” inside PodZeus.
In this episode of the Layer 8 Podcast, host Patrick welcomes Carter Zupancic, HRM Architect at Doppel, to discuss the evolving landscape of vishing—voice phishing—now increasingly powered by AI. Carter shares how AI-driven voice agents are becoming indistinguishable from humans, using advanced text-to-speech models with natural pauses, emotions, and even real-time OSINT to build rapport during calls. These agents can dynamically query the web mid-call to verify office locations, confirm personal details like sports fandom, or adapt pretexts based on real-time interactions. While human vishers still excel in nuanced influence and improvisation, AI enables massive scale, low cost, and continuous learning across campaigns. Carter emphasizes that the real risk lies not in isolated data points like a manager’s name, but in the cumulative picture these pieces form for attackers. He advocates for a defense strategy built on three pillars: clear communication channels, verification checks, and regular, bite-sized training with real-world simulations. Looking ahead, Carter envisions fully autonomous vishing campaigns where AI learns from every interaction to refine future attacks. He also explores the possibility of AI-powered defenses, where AI agents screen inbound calls to detect and block both human and AI vishers—though he warns that this shifts the battleground to prompt injection attacks against AI assistants themselves.
AI voice agents now mimic human speech with natural pauses, emotions, and real-time OSINT, making them nearly indistinguishable from humans in short calls.
The real danger isn't single data points like a manager's name, but the cumulative intelligence built across multiple calls to enable sophisticated social engineering.
Effective defense requires a layered approach: clear communication channels, verification checks (e.g., domain validation), and timely, engaging training after real-world simulations.
Future vishing will be fully autonomous, with AI agents learning from every interaction to improve targeting and pretexting in real time.
AI-powered call screening is emerging as a defensive tool, but attackers will shift to targeting AI assistants via prompt injection, changing the nature of the threat.
Introduction & Guest Overview
Patrick introduces Carter Zupancic, HRM Architect at Doppel, who leads teams using AI and human-led vishing to test organizational resilience. The episode sets the stage for a deep dive into modern voice phishing techniques.
The Rise of AI-Powered Vishing
“If you see in the OSINT that they're a Red Sox fan, and somehow you find out they went to the game last night. Now imagine this AI bot saying, oh yeah, I see that they lost last night 8-6, and Trevor Story had three hits. Did you have fun at the game? That kind of stuff is just not going to be fair coming from an AI bot.”
Human vs. AI: Strengths and Synergy
“The bottleneck for human labor is kind of the that's been removed in this case. And one of the things that my team has been focused on is really creating the framework or structure for scale, but also for model improvements.”
Defensive Strategies: Channels, Checks, and Drills
“If you receive X communication through this channel, end the call or end or don't engage and notify through this channel. So our team is aware of it or our security or incident response team is aware of it.”
The Future: Autonomous Vishing & AI vs. AI
“If I could wave the magic wand, that's where we would be at. But that's definitely where we're headed.”
“If you see in the OSINT that they're a Red Sox fan, and somehow you find out they went to the game last night. Now imagine this AI bot saying, oh yeah, I see that they lost last night 8-6, and Trevor Story had three hits. Did you have fun at the game? That kind of stuff is just not going to be fair coming from an AI bot.”
“We're not talking about influencing an individual and trying to kind of do the classic amygdala hijack and make them take in emotional action. Now we're talking about prompt injection and how we can engineer the other agent to step outside of its guardrails or its parameters.”
“If I could wave the magic wand, that's where we would be at. But that's definitely where we're headed.”
Host
Guest
Carter Zupancic
person
Doppel
organization
Layer 8 Podcast
media
Layer 8 Conference
other
Scattered Spider
other
Compass CyberGuard
other
CrowdStrike Global Threat Report
other
B-Side Chicago
other
iPhone
product
Android
other
Episode 142: Learning Covert Entry with Brian Harris
Layer 8 Podcast • 52m • 4/20/2026
Episode 143: OSINT Keynote, Training and Mistakes!
Layer 8 Podcast • 45m • 4/27/2026
Episode 144: Gunther Royen and Scott McLean
Layer 8 Podcast • 33m • 5/5/2026
Episode 145: Brett Redman of OSINT Industries
Layer 8 Podcast • 40m • 5/11/2026
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “Episode 141: Carter Zupancich - Vishing with AI” inside PodZeus.
Start discovering podcast insights today
Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.
No credit card required • 7-day trial • Cancel anytime