Blog
Inzichten & advies
Cybersecurity hoeft niet ingewikkeld te zijn. Wij schrijven voor ondernemers die het willen begrijpen.
When Your RAG System Becomes the Attack Vector: Prompt Injection via Content Optimization
The moment you connect an LLM to a retrieval system and allow external content to influence responses, you create an execution boundary that content authors can potentially cross. That risk becomes more significant as organizations begin optimizing content for AI retrieval systems — a practice increasingly referred to as Generative Engine Optimization (GEO). Much like SEO shaped search engine behavior, GEO aims to shape what LLMs retrieve, prioritize, and reproduce. In Retrieval-Augmented Gener
The Axios Hack: What Actually Happened and Why It Matters
The Axios hack is a reminder that in modern software, you don’t have to compromise the application—you just compromise what it depends on. At the end of March, attackers briefly gained the ability to publish to the widely used Axios npm package and pushed a malicious version to the registry. Although the window was short, the update could be automatically pulled into build pipelines, creating a supply chain risk where trusted software silently included attacker-controlled code. The Axios Hack
Defending CCaaS Agentic AI against Deepfake Attacks
A synthetic voice that passes your IVR's biometric check is no longer a hypothetical — it's a technique that has been used successfully against financial institutions with voice biometric authentication, and the same attack surface exists in every CCaaS deployment that uses voice as an identity signal. Agentic AI raises the stakes. When your contact center runs autonomous workflows that approve transactions, reset credentials, or route sensitive data without per-action human approval, a single
How a Roblox Executor Turned an Android Phone into a Global SMS Bot
A real-world incident analysis — March 2026 My son is very much into Roblox. It's a game with a big focus on rewards, endless grinds, and therefore screen time. It's a mixed age gaming platform obviously also attracting bad guys. My son, tired of the grinding, wanted to bypass some of it and get some cheat codes. He found a free tool that promises to unlock features in a game. Within minutes of downloading the tool, his phone sent hundreds of SMS messages resulting in the provider (luckil
The Rise of the Confused AI Deputy: Risks in Contact Centers
AI is increasingly used to automate tasks within contact centers, but this "AI deputy" model introduces novel risks. We're seeing unintended consequences when AI agents misunderstand context, misinterpret customer intent, or simply hallucinate responses. The Promise of AI in Contact Centers The promise of AI within CCaaS is substantial: reduced operational costs, improved agent productivity, and enhanced customer experiences through personalized interactions. AI-powered virtual assistan
Prompt Injection in Contact Center AI Agents: What the ServiceNow Breach Tells You
Your AI agent reads customer input, fetches knowledge base articles, queries the CRM, and sends follow-up emails — and any one of those steps is a potential injection point. Prompt injection is the technique of hiding instructions inside content that an AI agent processes, causing it to behave in ways the operator never intended. It has topped OWASP's LLM security list since 2025 and shows up in over 73% of production AI deployments assessed in security audits. In a contact center context,
From Chatbots to Agentic AI: Building Autonomous Resolution Networks That Actually Work
The contact center industry wasted a decade on chatbots. Despite billions in investment, most organizations struggled to automate routine interactions beyond basic FAQ responses, leaving customers frustrated and executives questioning the ROI. The architecture was fundamentally flawed: decision trees wrapped in natural language processing couldn't handle anything beyond scripted scenarios. Agentic AI changes the equation. Gartner now forecasts 80% autonomous resolution rates by 2029 (CXtoday, 2
Welcome to Jeroen Thinks
This blog explores the intersection of three critical domains: Security — Threats, compliance, architecture AI — Machine learning, automation, integration challenges Contact Centers — Five9, Genesys, WebEx, operations Most content in these spaces is siloed. Security blogs ignore contact centers. CCaaS blogs are vendor marketing. AI blogs ignore both. Here, we connect the dots. What to Expect - Technical deep-dives with working code and configurations - Threat models and security architect
Coming soon
This is Jeroen thinks, a brand new site by Jeroen Verwijmeren that's just getting started. Things will be up and running here shortly, but you can subscribe in the meantime if you'd like to stay up to date and receive emails when new content is published!