Blog

Your CFO joins a Zoom call and asks the finance team to wire $25 million. The face looks right. The voice matches. Forty minutes later, the real CFO finds out nothing was scheduled. The Arup fraud in early 2024 unfolded exactly this way because detection did not save them. No Zoom plugin flagged the deepfake. No audio analyzer caught the clone.

The obvious question follows: can AI detect deepfake video calls in real time? And if the tools exist, why did Arup lose $25 million?

SCORM turns 25 this year. The standard has been declared dead at least once every two years since 2015, and every time, the corporate LMS market responds by continuing to ship it as the default option.

If you are evaluating a training platform in 2026, the SCORM question is real. You want to know whether the format will still be supported five years from now, whether newer standards like xAPI or cmi5 offer meaningful advantages, and whether your LMS can actually read them.

The short answer: SCORM is not dead, not replaced, and not going anywhere in the enterprise training stack this decade. The longer answer has caveats.

Samsung’s semiconductor division banned ChatGPT in May 2023 after three employees leaked confidential data in under a month. One engineer pasted proprietary source code to debug an error. Another submitted internal meeting notes to generate a summary. A third uploaded chip manufacturing measurements to get yield calculations. Each person was trying to do their job faster. Each left a copy of Samsung’s trade secrets on an OpenAI server.

Within weeks, Apple, JPMorgan, Bank of America, Verizon, Amazon, Goldman Sachs, and Deutsche Bank had followed with their own restrictions. The calculus was the same at every company. The productivity gains were real, but so was the risk of employees turning consumer AI tools into a data exfiltration channel nobody had authorized.

Two years later, the bans have softened into policies, and the policies have softened into training gaps. Most employees still don’t understand what happens to the text they paste into an AI chat window. This is the core of OWASP LLM02, the sensitive information disclosure risk that sits second on the OWASP Top 10 for LLM Applications.

Every risk category in the OWASP Top 10 for Agentic AI Applications now has a dedicated training exercise on RansomLeak. Ten exercises covering ten attack scenarios where AI agents act on their own and things go wrong. All free, no account required.

The OWASP Top 10 for Agentic AI Applications is the industry framework for categorizing security risks specific to autonomous AI agents. This course turns each category into a hands-on simulation where employees experience these attacks in realistic workplace scenarios.

Every risk category in the OWASP Top 10 for LLM Applications now has a dedicated training exercise on RansomLeak. Ten exercises covering ten attack scenarios, from prompt injection to denial-of-wallet. All free, no account required.

The OWASP Top 10 for LLM Applications is the industry standard for categorizing AI security risks. This course turns each category into a hands-on simulation where employees experience these attacks firsthand in realistic workplace scenarios.