Why AI Defenses Fail Without Data and Identity Fundamentals
Data Breach TodayArchived Jun 15, 2026✓ Full text saved
RPC's Spencer Scott on Why Security Basics Must Come Before Agentic AI Adoption Organizations are racing toward agentic AI defenses, but without clean data, identity and asset management in place, those defenses will fall short. Security fundamentals must come first, said Spencer Scott, head of information security at RPC.
Full text archived locally
✦ AI Summary· Claude Sonnet
AI-Based Attacks , Artificial Intelligence & Machine Learning , Events
Why AI Defenses Fail Without Data and Identity Fundamentals
RPC's Spencer Scott on Why Security Basics Must Come Before Agentic AI Adoption
Anna Delaney (annamadeline) • June 15, 2026
Share Post Share
Credit Eligible
Get Permission
Spencer Scott, head, information security, RPC
Artificial intelligence has transformed the social engineering threat, enabling attackers to deploy deepfake-led attacks, voice cloning and advanced phishing at low cost and high velocity, leaving defenders scrambling to match the pace.
See Also: Know Thy Enemy: Threats to Cyber Resilience
Shadow AI compounds the challenge, with employees introducing unsanctioned tools that expose organizations to risks outside the visibility of security teams, making an already complex attack surface harder to govern and nearly impossible to audit.
"A lot of companies are racing toward this agentic capability, but they're leaving their dirty laundry behind, which they haven't got in place at that fundamental level," said Spencer Scott, head of information security at law firm RPC.
In this video interview with ISMG at Infosecurity Europe 2026, Scott also discussed:
Why the velocity of AI-enabled attacks means humans can no longer manage threat analysis alone;
How to incorporate AI-specific questions into third-party due diligence processes;
Why AI governance must follow the same board-level oversight applied to any infrastructure implementation.
Scott has more than 25 years of experience in IT and over 18 years of specialization in cybersecurity, risk management and operational resilience across global retail and enterprise environments. He has extensive expertise across the full security life cycle, including governance and compliance, SOC operations, cloud security, identity and access management, third-party risk, and AI-driven threat detection.