When the AI Sky Is Falling: Insights from the Indiana Security & Privacy Network Quarterly Meeting

There’s something uniquely energizing about a room full of security and privacy professionals in Indiana—especially when the conversation turns to AI, HIPAA, and the ever-evolving threat landscape. On November 6, 2025, the Indiana Security & Privacy Network (INSPN) gathered for its quarterly meeting, and the discussions were anything but routine. From legal risks to emerging cyber defense strategies, attendees walked away with both heightened awareness and renewed motivation to act.

HIPAA and the Website Tracking Reckoning

The legal community hasn’t lost its focus on website tracking technologies—and neither should we. Plaintiff firms continue to file suits alleging HIPAA violations tied to tracking pixels and cookies. The risk doesn’t end with tracking itself; it extends to how organizations implement user consent.

A key takeaway: allowing site visitors to opt out of tracking is not enough. If your site doesn’t technically honor that opt-out, your compliance posture is exposed. Validation testing, i.e. ensuring your website does what it says, remains essential. This is a simple but critical control too often overlooked.

AI Joins the Risk Register

Artificial Intelligence dominated the conversation, and not just in passing. The consensus was clear: AI must be explicitly added to security risk assessments. Its capabilities, and its vulnerabilities, are rapidly changing the attack surface.

In one of the more memorable moments of the day, INSPN’s Privacy Lead declared, “The AI sky is falling!!” before humorously adding that she’d be hiding in a tree chewing her fingernails. (Is there room for the rest of us up there?) The levity underscored a serious truth: AI’s risks are accelerating faster than most organizations’ governance frameworks can adapt.

When Code Fights Back

The meeting also highlighted new realities in cyber persistence. Imagine a piece of malicious code that rewrites itself every hour, automatically regenerating to avoid detection or removal. That’s not a concept; it’s a tactic already seen in the wild. The implication is sobering: even when you think you’ve eradicated malware, it may be quietly rebirthing itself on your network.

The Double-Edged Sword of AI

AI’s duality was a recurring theme. On one hand, it’s becoming a powerful ally for defenders automating lower-level security tasks so human analysts can focus on higher-impact work. Solutions like Drop Zone are helping teams streamline operations and accelerate response.

But the same technology that empowers us also enables attackers. One speaker noted that AI deepfake videos have dropped from $20,000 per minute to just $300 and the cost curve is still heading down, fast. Soon, creating convincing fakes could be effectively free.

And then there’s the danger of “vibing” with an AI tool, letting it help you “just write a program” for whatever task you have in mind. That’s where curiosity meets risk. As AI becomes more fluent in coding, it also becomes a potential accomplice in introducing vulnerabilities, intentionally or otherwise. Organizations should be asking their vendors not only what their AI tools can do, but how they know when something goes wrong.

Strengthening the Cyber Defense Core

Despite the ominous headlines, the fundamentals still matter most. Effective cybersecurity remains grounded in three key disciplines:

1. Reduce the attack surface. Eliminate unnecessary exposure points.

2. Complicate adversary access. Make intrusion as difficult and time-consuming as possible.

3. Accelerate detection and response. The faster the identification, the smaller the impact.

Even government agencies are confronting new forms of deception, with bad actors exploiting public records requests using contracts and invoices obtained via FOIA (Freedom of Information Act) to impersonate vendors and defraud agencies.

Moving Forward—Together

The INSPN meeting was a reminder that cybersecurity isn’t just a technical discipline—it’s a community conversation. Whether we’re mitigating cookie consent risks or debating AI’s role in security operations, progress depends on shared awareness and collaboration.

Yes, the AI sky might feel like it’s falling some days. But with insight, vigilance, and a bit of humor, Indiana’s security community is proving that we can weather the storm—and maybe even climb that tree together.