Problem → executives are being profiled, then attacked with precision. CISOs are hamstrung; they can’t be proactive because of employee privacy

Security teams are excellent at their jobs. Their Infrastructure is hardened, vulnerabilities are patched, access controls are tightened and more. But most enterprise security programs stop at perimeter, with some threat intel extending beyond. By and large, the personal digital exposure of executives is an afterthought. Many are confident zero trust will prevent a personal compromise from threatening their environments. But others are limited from extending to this area because of compliance or legitimate privacy concerns of the executives. 

Threat actors know this and they're getting better at exploiting it. The recently published 2025 FBI IC3 Report and the 2026 CrowdStrike Global Threat Report both document how attackers are deploying AI to prospect and compromising individuals at scale. Your CEO, CFO, and board members are being profiled as enterprise targets, except the reconnaissance is happening outside your perimeter, on forums, data broker listings, breach dumps, aggregator sites, and the broader open web.

An executive's personal online attack surface - emails, phone number, social media, home addresses, family members, personal accounts, credentials - is routinely unmonitored. Attackers have identified this as a cost-effective entry point. They start with whatever is publicly available, then move to the harder-to-find sources. Individual pieces of information get aggregated across sources until the fragments become a profile precise enough to launch a convincing spear phishing campaign, executive impersonation, or physical security threat. Exposed data rarely gets weaponized immediately either. It surfaces undetected somewhere, but doesn’t get acted on until weeks or months later, giving attackers time to keep enriching the profile before any symptom reaches your team’s environment. [We've written about this attacker workflow before: how attackers build a profile on your executives]

A great example of this problem came in 2025: a Disney developer was tracked online to be an avid gamer, who liked to customize their experience. Attackers fed him what appeared to be an AI art generation tool onto their personal computer. The software contained hidden malware that stole the employee's password manager credentials, including passwords for Disney's Slack, AWS infrastructure, and other corporate systems. The attacker accessed nearly 10,000 internal Slack channels and exfiltrated 1.1 terabytes of data, including unreleased project details, source code, login credentials, and internal communications. The employee's personal device became the entry point because they had saved both personal and corporate credentials in the same password manager.

Solution → we monitor their online profiles, alert them on new exposures.

Our Monitor, which is full of over a dozen OSINT sources, is built to monitor this kind of exposure, tracking mentions of your executives' names, accounts, personal information, and digital identifiers across the sources that feed attacker reconnaissance. Here is an example of a traditional mention we would pick up about Sam Altman.

‍

This week, we expanded that foundation with a new integration with Exa.ai to deploy OSINT agents that combine traditional keyword queries with neural search to find matches by conceptual meaning, not just exact words. That distinction is powerful because an article that references your CFO by title and company without ever using their name won't surface in a keyword alert, but it will surface here. This greatly expanded coverage includes podcast transcripts, low-authority sites, obscure forums and spelling variations. A great example is online threats are often more vague or intentionally misspelled to skirt content moderation. Here is an example of a mention we now can find:

Most executives assume their exposure is static, a fixed set of old accounts and forgotten profiles. It’s not. New mentions are appearing constantly, which means the profile an attacker is building on your leadership team is getting more complete every day whether you're watching or not. It has been 10 days since we released our upgraded Monitor. A couple statistics to close: 

• New mentions were found for 92% of Members
• The median is .48 new mentions per day, up from .19

Whether or not executive protection is officially in your mandate, it's already in your organizational threat model. Book a demo to see what attackers already know about your executives.