The IT Nerd

Lookout today released the findings of an exclusive survey report conducted with ZK Research, titled “Solving for the Mobile AI Blind Spot: Executive Confidence Meets Technical Reality.” The independent study exposes a systemic architectural failure. An overwhelming 93% of security executives voice absolute confidence in their AI governance, yet traditional network perimeters are completely blind to a massive mobile shadow AI ecosystem.

The evolution of the mobile AI threat landscape

The rapid enterprise shift from desktop browsers to mobile applications has fundamentally broken traditional data security perimeters. When organizations block or throttle generative AI tools on corporate laptops, employee behavior shifts, rather than stops. To maintain productivity, employees rely on the ultimate shadow AI bypass route. Their personal devices. Today, 52% of all generative AI usage occurs on mobile endpoints, with global knowledge workers routinely uploading sensitive source code, corporate records, and intellectual property.

The technical reality: High spend, zero visibility

Driven by legacy, desktop-era security thinking, organizations are throwing an average of 19% of their 2026 security budgets at AI compliance. Despite this heavy spend, traditional security frameworks are experiencing a systemic structural failure when confronted with mobile-native generative and agentic AI:

• The Dark Traffic Route: 59% of mobile AI traffic is hidden from traditional network-discovery tools, routing directly between local apps and external clouds without ever crossing a corporate gateway.
• The Agentic Blind Spot: 68% of enterprises have zero technical visibility into autonomous AI agent workflows that inherit user identity and single sign-on (SSO) tokens to manipulate corporate records out of sight.
• The Hidden SDK Supply Chain: 72% of organizations are structurally incapable of auditing embedded AI Software Development Kits (SDKs) hidden inside benign-looking everyday mobile applications.

This total absence of mobile-native visibility has immediate operational and board-level consequences. The report confirms that 63% of organizations have actively investigated severe data leaks within the past 12 months where generative AI tools were a definitive contributing factor. Furthermore, 78% of security leaders admit they cannot generate the audit-ready evidence required by emerging frameworks like the EU AI Act, exposing organizations to devastating, tiered global statutory fines that reach up to €35 million or 7% of an enterprise’s total global annual turnover.

Lookout AI Visibility & Governance

To bridge the gap between false security confidence and technical reality, enterprises must abandon perimeter-tied discovery models and deploy a dedicated, mobile-native architecture.

The survey’s findings directly reinforce the critical importance of Lookout’s recent launch of Lookout AI Visibility & Governance. Purpose-built to eliminate the heavy operational friction and “virtualization tax” of legacy architectures, Lookout treats the physical endpoint as the primary control point for AI risk. Operating natively and non-disruptively inside the device environment, Lookout addresses the exact blind spots revealed in the ZK Research data through three primary pillars:

1. Comprehensive AI Application Discovery: Instantly unmasks every AI-enabled
   system, background process, and embedded SDK touching corporate data fabrics to
   neutralize the 72% supply chain visibility gap.
2. Agentic Behavior Mapping: Tracks autonomous agent actions and single sign-on permission extensions in real-time to proactively block unsanctioned workflowsbefore data exfiltration occurs.
3. Inline Mobile Edge Data Guardrails: Enforces real-time, content-aware data loss prevention (DLP) directly on the physical device, stopping sensitive corporate properties and PII from reaching unsanctioned AI models before it can ever leave the device perimeter.

Join the virtual panel discussion on June 11th

To help organizations navigate these findings and bridge the mobile AI visibility gap, Lookout will host an exclusive virtual panel on Thursday, June 11, 2026.

Moderated by Zeus Kerravala, Principal Analyst at ZK Research, the panel will feature top cybersecurity executives dissecting shadow permissions, embedded SDK exposure, and practical strategies for enforcing edge-based data guardrails.

● What: Solving for the Mobile AI Blind Spot (Virtual Panel)
● When: Thursday, June 11, 2026 at 8:00 am PT
● Moderator: Zeus Kerravala, ZK Research
● Registration: To secure your virtual seat, register now

Lookout today with the launch of Lookout AI Visibility & Governance, a mobile-native solution designed to provide organizations with the visibility needed to discover, govern, and secure AI adoption across their mobile ecosystem.

By extending AI agent discovery and policy control into the mobile environment, Lookout provides a missing layer of visibility, enabling organizations to identify “Shadow AI” activity on mobile devices, detect unauthorized agent behavior, and enforce policy where traditional controls have no reach.

The new offering delivers a real-time view of an organization’s AI footprint by identifying both sanctioned and unsanctioned AI use on mobile devices, exposing activity that traditional endpoint and cloud-centric discovery tools cannot detect. It provides actionable, evidence-based visibility to enforce policy, reduce risk, and maintain control over AI usage across the mobile domain. As a strategic extension of Lookout’s mobile security platform, it goes beyond device protection to directly govern AI activity, preventing unintended data exposure from both autonomous agents and “Shadow AI,” and securing the interactions users rely on every day.

Bridging the Mobile AI Governance Gap

A recent survey of CISOs and senior security leaders commissioned by Lookout highlights the magnitude of the challenge. Key findings from the survey include:

● Visibility gaps: Nearly 60% of surveyed organizations cannot monitor AI activity on mobile devices, leaving the majority of mobile AI activity operating in the shadows

● Agentic blind spots: 68% of surveyed organizations lack visibility into the workflows and permissions of autonomous AI agents on users’ devices.

● Hidden risks: 72% of surveyed organizations cannot identify AI Software Development Kits (SDKs) embedded in the apps their employees use.

Lookout AI Visibility & Governance acts as a strategic force multiplier across Lookout’s mobile security platform, extending protection from the device to the AI activity occurring on it. It strengthens a layered defense that secures not only devices and users but also the AI-driven interactions that operate on their behalf.

Key features and benefits include:

● Comprehensive AI App Discovery & Shadow AI Visibility: Obtain real-time inventory of all AI apps—sanctioned and unsanctioned—across corporate and BYOD devices, exposing hidden “Shadow AI” and turning mobile risks into governed assets.

● Agentic Behavior Monitoring: Continuously analyze AI-driven behavior and map permissions to ensure autonomous agents do not execute unauthorized workflows or access sensitive enterprise data.

● Intelligent Data Guardrails & Policy Enforcement: Prevent sensitive data from reaching unsanctioned AI services with real-time controls that stop unauthorized access and exfiltration.

● Automated Compliance Alignment: Generate audit-ready evidence aligned to the European Union’s Artificial Intelligence Act (EU AI Act), the U.S. National Institute of Standards and Technology’s AI Risk Management Framework (NIST AI RMF), and the international standard ISO/IEC 42001, delivering the traceability required for effective AI risk management and regulatory compliance.

To learn more about how Lookout AI Visibility & Governance is transforming mobile security:

• Read the blog
• Visit the website

A new global survey by Lookout, Inc. today unveiled concerning insights into the state of mobile cybersecurity preparedness, revealing a significant gap between security leaders’ confidence and the actual vulnerability of their organizations. The survey of more than 700 security leaders globally exposes a pervasive overconfidence in employees’ ability to detect modern mobile-centric threats, leaving businesses significantly more exposed than they realize.

The survey’s most critical insights include:

• 58% of companies have experienced incidents due to executive impersonation scams via text or voice, highlighting the severe impact of sophisticated social engineering tactics.
• 77% of respondents have experienced one or more mobile phishing attacks in the past six months, underscoring the ubiquity of these threats.
• 51% admit to having inconsistent visibility of social engineering attempts, creating massive security blind spots.

Despite these alarming statistics, the survey revealed pervasive overconfidence: 96% of leaders are confident their employees can spot a phishing attempt that comes via their mobile devices. Yet, over half reported incidents where employees fell victim to executive impersonation scams, leading to financial loss or sensitive data exposure. Furthermore, even with widespread security training efforts, “lack of training” remains the top reason cited for employees clicking suspicious links, suggesting current education may not be keeping pace with the rapidly evolving modern threat landscape.

These findings highlight core issues:

• A dangerous overconfidence gap: Organizations feel ready for threats but are demonstrably underprepared, leading to successful attacks.
• Inadequate visibility: Traditional security solutions often lack visibility into mobile-centric social engineering attempts, meaning many manipulative efforts go unnoticed until it’s too late.
• Outdated training: Security awareness training isn’t evolving fast enough to truly prepare employees for today’s sophisticated, mobile-focused threats.

To address these pressing challenges, Lookout emphasizes a multi-faceted approach to secure the “front line” – employees and their mobile devices. This includes:

• Implementing an AI-first social engineering and human risk solution: This provides baseline protection against today’s Modern Kill Chain.
• Integrating Mobile Endpoint Detection and Response (EDR): Gaining strategic mobile security data points, such as vulnerable assets and web traffic analysis, by integrating EDR into existing SIEM, SOAR, EDR, or XDR solutions.
• Sophisticated and ongoing security awareness training: Training specifically designed for mobile-centric threats, including simulated phishing and social engineering exercises that reflect current malicious tactics, fostering a culture of vigilance and easy, judgment-free reporting.

The report can be found here: https://mms.businesswire.com/media/20250710838048/en/2520234/1/lookout-2025-simplydirect-survey-report-us.pdf?download=1.

About the Survey

The data presented in this report is sourced from the independent research company Censuswide, which conducted the survey in June 2025. More than 700 security leaders globally were polled across various industries. Censuswide is a member of the British Polling Council and abides by and employs members of the Market Research Society and follows the MRS code of conduct and ESOMAR principles.

In the holiday spirit, Lookout Inc. is warning employees and businesses that phishing attacks across organizations and personal devices are expected to more than double this week, based on historical data. 

This week as the holiday shopping season kicks off, many employees will be working (and shopping) on their mobile devices, and, as this is part of a more modern business model, the mobile devices these employees use are traditionally neglected by corporate cyber security strategies. This creates a perfect environment for hackers to carry out socially engineered phishing attacks leading to credential theft and direct access to sensitive corporate data. 

Lookout surveyed 1,515 employees yielding the following notable data points: 

• 63% admit that they are more distracted during Thanksgiving week  
• 89% will capitalize on Black Friday and Cyber Monday sales  
• 57% admit they are more likely to click on unfamiliar links in search of good deals 
• 66% will shop on personal mobile phones  
• 47% reported their employer provides no mobile security platform 

“As employees are distracted by shopping on their mobile device, CISOs face a significant phishing risk. But rather than just focusing on the particular methods attackers may use this Thanksgiving, businesses should take a data-centric approach and monitor for changes in user behavior and anomalous data transfers,” said David Richardson, Vice President of Endpoint and Threat Intelligence, Lookout.

George McGregor, VP, Approov Mobile Security had this to say:

   “Half the employees surveyed report that their employers provide no mobile security for their devices! 

   “Two types of security leaders should read this report with trepidation: Enterprise leaders must ensure the enterprise apps their employees use are protected, and e-commerce app owners must put in place effective mobile security to protect their apps.”

Emily Phelps, Director, Cyware follows with this:

   “Phishing emails are like those ugly holiday sweaters: unwanted and sometimes hard to identify. They might promise you a free PlayStation 5 or a lifetime supply of gingerbread cookies, but don’t take the bait and never click on mysterious links or attachments! Always check the legitimacy of websites. A missing padlock icon in the address bar is an indicator to dash away, dash away, dash away all!”

Phishing attacks are dangerous to begin with. But at this time of year, they are insanely dangerous. That means everyone needs to be more focused on spotting these sorts of attacks so that they don’t become a victim.

Today, April 3rd, is World Cloud Security Day which raises awareness of the emerging threats individuals and organizations face when team members use their personal cell phones and computers to access corporate data remotely. These threats include malware, denial of service, and password attacks.

According to Lookout’s The State of Remote Work Security 2023 survey – a study of 3,000 remote and hybrid workers from enterprise companies in the United States, United Kingdom, France, and Germany — data results presented below highlight the behaviors of remote workers that put an organization at risk.

• 81% of CIOs report their company had experienced a Wi-Fi-related security incident in the last year, with 62% of Wi-Fi-related security incidents occurring in cafes and coffee shops.
• 43% of remote workers have downloaded, saved, or sent work-related materials to a personal account for convenience; and
• 57% of remote workers have sent an email from their work account to a personal one for convenience.
• 56% say they often do work and personal tasks on the same device.
• Fully remote workers (72%) are more likely to do personal tasks during work hours than hybrid workers (54%); and
• 32% of remote workers use apps or software for convenience reasons, which are not approved by their IT department. 

Please download the the full report here to find out: 

• What are the implications for IT security in the wake of the transition to remote work? 
• What sort of employee practices increase the risk of sensitive data falling into an insecure environment?
• How does an organization best protect its data when employees spend 20+ hours per week on their personal mobile devices. 

By Hank Schless, Senior Manager of Security Solutions at Lookout

This week is Fraud Awareness Week and the conversation is all about knowing how to best protect ourselves in a constantly evolving and quite scary cyberworld. According to the Better Business Bureau’s naughty list of the top 12 holiday shopping scams this Christmas season, the two most prevalent scams are misleading social media ads and social media gift exchange scams. 

The Internet Crime Complaint Center’s (IC3) 2021 reported that non-payment or non-delivery scams cost people more than $337 million. Credit card fraud accounted for another $173 million in losses. Lookout, the leader in delivering integrated Security, Privacy, and Identity Theft Protection solutions, is here in time with the perfect gift for keeping your wallet and data safe this season.  

Tips To Stay Safe This Holiday Season

Exercise Savvy Shopping

• If you’re purchasing from a company for the first time, do your research and check reviews.
• Verify the legitimacy of a buyer or seller before moving forward with a purchase. If you’re using an online marketplace check their feedback rating. Be wary of buyers and sellers with mostly unfavorable feedback ratings or no ratings at all.

Watch for “Red Flags” When Paying Online

• Avoid paying for items with prepaid gift cards. In these scams, a seller will ask you to send them a gift card number and PIN. Instead of using that gift card for your payment, the scammer will steal the funds, and you’ll never receive your item. 
• Use a credit card when shopping online and check your statement regularly. If you see a suspicious transaction, contact your credit card company to dispute the charge.

Avoid Shipping Pitfalls 

• Always get tracking numbers for items you buy online, so you can make sure they have been shipped and can follow the delivery process.
• Avoid buyers who request their purchase be shipped using a certain method to avoid customs or taxes inside another country.

Enable Security Protection To Block Shopping Scams & Threats

• Run security protection on your mobile devices – like Lookout’s security application – which is an app you can download from Google Play or the App Store. Security protection will automatically monitor and identify scam URLs in email, text messages, and on the web and block you from threats that can do harm.
• Gift Card Scams:
  • CVS, Walmart & Home Depot 
  • The FTC reports that around $10 million a month has been lost globally to these scams. 
  • About one in four people who tell the FTC they lost money to fraud say they paid with a gift card.(1) In fact, gift cards have topped the list of reported fraud payment methods every year since 2018. During that time, people reported losing a total of nearly $245 million, with a median individual loss of $840.(2)
  • https://www.kiplinger.com/personal-finance/603028/beware-of-gift-card-scams 

All consumers can scan their email for FREE on Lookout’s website to learn about breaches that may have occurred & take action to secure their data.

By Hank Schless, Senior Manager of Security Solutions at Lookout

With digital scams on the rise, it’s growing increasingly difficult to discern if an email, text message, phone call or website is legitimate or not. More people are reporting losing time and money due to online scams, and in particular, elderly individuals report falling victim. In 2021, over 92,000 victims over the age of 60 reported losses of $1.7 billion to the FBI’s Internet Crime Complaint Center (IC3). This is a whopping 74 percent increase over losses reported in 2020. The number one area of attacks were in tech support fraud, including identity theft and personal data breaches. 

Luckily, by taking a few key steps, people of all ages can reduce the risk of scams, and online fraud. In honor of Cyber Security Month, Lookout has provided the below tips that family members can take to best protect parents and elderly family members from digital risks.  

• Check the “sent from” email address: Real companies will send from their own domain. One easy way to check for authenticity is to make sure a company email isn’t coming from an address ending in “@gmail.com” or  “@yahoo.com”.

• Go directly to the source: If you receive an email requiring action from you, usually involving private information like social security, birthday, bank information, or more, immediately call the company this message is reportedly from. 

• Beware of urgency: Be wary of urgent demand or emails that require immediate action and divulgence of personal information. “Emergencies” can sometimes cause people to act without fully understanding the request or the implications of them, which make them a common tool for cybercriminals.

• Watch for obvious misspellings and grammatical errors: Professional newsletters, notifications, and other email messages go through several rounds of approvals before distribution, so emails that include spelling errors and odd punctuation can be a sign of a scam.

• Set Stronger Passwords 

• Use  Two-Factor Authentication: This makes it harder for hackers to access your account, and will alert you to any potential hacking attempts.  

• Password Changes
  Regularly change the password to your most important accounts. This will help prevent hackers from getting access. Make sure you use a combination of letters and numbers for the best protection. If your information has been compromised in a data breach, act immediately.

• Install Security Software On Your Devices
  Security protection, like Lookout, will automatically monitor and identify scam URLs in email, text messages, and on the web and block you from threats that can do harm.

By Hank Schless, Senior Manager of Security Solutions at Lookout. 

Online scammers create new and deceptive schemes every day in hopes of swindling unsuspecting victims out of their time, money and resources. Consumers reported $5.8 billion in fraud to the Federal Trade Commission last year, a 70 percent increase from 2020. Here are some of the trending scams:

• Romance Meets Cryptocurrency: In 2021, online daters lost a record $547 million to romance scams, according to a report from the Federal Trade Commission. Scammers are now using online dating platforms to trick victims into investing in cryptocurrency accounts before disappearing with their money. It’s a months-long trust building scam known as “pig butchering.”
• SIM Swapping: This is an attack where scammers fake your identity with a mobile carrier to gain access to your phone. From there, they use “Forgot Password” for critical online accounts – think banking, investments and social media – to intercept two-factor authentication text messages. In 2021, this scam resulted in losses over $68 million and is still a very popular and effective scam today. 
• Back To School Scams: In August, many parents post “first day of school” photos on social media with their child holding a chalkboard or sign with details about the child’s teacher, school, birth date, height, interests, favorite colors, etc. While it’s wonderful to share updates with friends and family, the Better Business Bureau issued a warning to families about oversharing personal information on social media due to privacy concerns and online scammers. The Federal Trade Commission also issued a warning about back-to-school shoppers being targeted by online scams. 
• Rental Scams: This scam is not necessarily “new” and traditionally targets consumers trying to rent a home, but with the red hot rental market and usage of social media websites to advertise rental properties, this scam has regained steam. According to the FBI, 11,578 people nationwide reported losing over $350 million through rental and real estate scams in 2021 with a major uptick of victims this summer. There’s even a spinoff of this scam for vacation rentals. 

By: Hank Schless, Senior Manager of Security Solutions at Lookout

Great news for student borrowers everywhere: the White House has announced a plan for student loan relief. There are currently 45 million borrowers in the U.S. with debt totaling over $1.6 trillion. Many borrowers are rejoicing at this news, and unfortunately, so are cybercriminals who see a new opportunity to exploit consumers. The Federal Trade Commission previously issued a warning about student loan scams because of the uptick in loan forgiveness scams during the pandemic and moratorium on payments. 

Now that a student loan relief program has arrived, Lookout, the leader in delivering integrated Security, Privacy, and Identity Theft Protection solutions, has provided proactive safety  steps borrowers can take to protect their identity, data, and bank accounts in anticipation of student loan forgiveness scams. 

• Check the “sent from” email address: Real loan servicers will send emails from their own domain. One easy way to check for authenticity is to make sure a company email isn’t coming from an address ending in “@gmail.com” or  “@yahoo.com”.
• Go directly to the source: If you receive a phone call or  email requiring action from you, usually involving private information like a social security number, birthday, bank information, or more, immediately go directly to the validated website of the  company or organization the message is reportedly from to locate a valid phone number or email to contact. When in doubt, go directly to the official loan forgiveness website:  www.studentaid.gov. 
• Beware of urgency: Be wary of urgent demand via phone calls or emails that require immediate action and divulgence of personal information. “Emergencies” can sometimes cause people to act without fully understanding the request or the implications of them, which make them a common tool for cybercriminals.
• Install security software on your devices: Security protection, like Lookout, will automatically monitor and identify scam URLs in email, text messages, and on the web and block you from threats that can do harm. The security software will also track if your information is compromised in a data breach. 

By Hank Schless, Senior Manager of Security Solutions at Lookout

Imagine your phone isn’t working. It’s odd, but this should be an easy fix. You contact your phone carrier and you’re told that you requested a new sim card. But you never requested a sim card or called before today. If this happened to you, then you could be the latest victim of a very popular, effective and nightmarish scam. 

Sim swapping is an attack where scammers fake your identity with a mobile carrier to gain access to your phone. From there, they use “Forgot Password” for critical online accounts – think banking, investments and social media – to intercept two-factor authentication text messages. In 2021, this scam resulted in losses over $68 million. 

Lookout, the leader in delivering integrated Security, Privacy, and Identity Theft Protection solutions, has gathered the top ways you can protect yourself from sim swapping: 

• Diversify Your Multi-Factor Authentication
  Think beyond SMS messages. Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.

• Don’t Overshare Online
  Avoid sharing your phone number, address or birth date in online spaces. This private information can be shared with a phone carrier to fake your identity and gain access to your sim card. 

• Use a Variety of Passwords 
  Use strong and unique passwords for each important online account and change them often.

• Don’t Share Login Details On The Phone 
  If you receive a call from your phone carrier requesting private account details, hang up and call the customer service line directly. 

• Install Security Software On Your Devices
  Security protection, like Lookout, will automatically monitor and identify scam URLs in email, text messages, and on the web and block you from threats that can do harm.