Introduction
May brings both opportunity and caution. This edition covers SafeComs’ AI Automation Service, the growing danger of AI misinformation, and the rapidly escalating threat of deepfake attacks. AI is transforming business – but transformation without governance is a risk, not an advantage.
“AI is a tool. Like every powerful tool, it is only as safe as the person holding it.” – SafeComs |
SafeComs News
NTCC COFFEE CONNECT – Powered by SafeComs
Every month, something quietly remarkable happens over coffee.
Since March 2026, SafeComs and the Netherlands-Thai Chamber of Commerce (NTCC) have been convening a gathering of business owners, C-suite executives, and senior managers united by a shared conviction: that the leaders who understand disruptive technology are the ones who will shape what comes next and those who don’t will simply absorb whatever it brings.
NTCC Coffee Connect is where that understanding gets built. Each session is tight, practical, and deliberately executive-level – no slides for the sake of slides, no vendor theatre. Just sharp people, a focused topic, and the kind of frank conversation that rarely happens outside a boardroom.
Our May session delivered exactly that. Andrew McBean from Grant Thornton led an authoritative and thought-provoking deep-dive into Digital Transformation – cutting through the noise to address what it genuinely means for ASEAN organizations in 2026. What separates the businesses leading through change from those quietly falling behind it? The answers were candid, specific, and well worth the early morning. Attendees left with renewed clarity on where to focus and, just as importantly, what to stop doing.
If you haven’t joined us yet, June is a very good time to start. (NTCC Members Only)
What’s Coming: Business Intelligence
Most businesses are sitting on more data than they know how to use effectively.
Spreadsheets that take hours to update. Reports that answer yesterday’s questions. Dashboards that do not drive action. Decisions still being made on instinct when they could be supported by clear, reliable evidence.
For industrial and operational environments, the opportunity is even greater. Modern operations generate large volumes of data across ERP systems, production records, quality controls, maintenance logs, databases, and connected equipment. Yet in many organizations, only a fraction of that data is being used to improve performance, reduce risk, or guide decision-making.
SafeComs is changing that.
We are building a dedicated Business Intelligence and AI-driven Industrial Intelligence practice to help organizations transform raw operational and business data into actionable intelligence. Watch this space.
AI GOVERNANCE
When AI Gets It Wrong – And Why It Matters
AI doesn’t “know” things – it predicts the most probable next word. When it hits a gap, it fills it confidently. This is hallucination – and it won’t be patched away.
The Numbers Tell the Story
AI models are 34% more likely to use confident language when wrong than when right. Even the best models hallucinate at least 0.7% of the time – some exceed 25%. On niche or recent topics, that figure rises to 35-55%.
Real Consequences Are Already Here
- Legal: U.S. courts imposed over USD 145,000 in sanctions against law firms in Q1 2026 alone for AI-generated filings with fabricated citations. A former assistant U.S. attorney was fired in April 2026 for the same reason.
- Medical: AI chatbots have provided dangerously inaccurate health guidance with no indication of uncertainty (Flinders University / Annals of Internal Medicine, 2025).
- Financial: Fabricated statistics and false market data from AI systems have been cited in documented cases of costly business decisions.
The SME Risk Is Specific
Without legal teams or compliance officers to catch errors, a hallucinated answer to a PDPA compliance question lands directly on the business. Under Thailand’s PDPA, good faith is not a legal defense.
The Fix: Governance, Not Avoidance
Leading frameworks – NIST AI RMF 1.0, ISO/IEC 42001, and the EU AI Act (high-risk obligations from August 2, 2026) – all point to the same principles:
01 | Human-in-the-loop verificationNo AI output should be acted upon without human review in high-stakes contexts – financial, legal, compliance, or customer-facing. |
02 | Approved toolsets onlyShadow AI – staff using unapproved tools with company data – is a serious, underestimated risk. |
03 | Data boundariesDefine what company data – especially PDPA-covered personal data – may and may not be entered into AI tools. |
04 | Output verificationCross-check AI outputs against authoritative sources before acting – always, for compliance and legal matters. |
| Want a simple AI Acceptable Use Policy for your business? SafeComs can help you draft a practical governance policy that protects your organization without slowing you down. Contact us at [email protected] |
FEATURED ARTICLE
Dark Web Hacking Services: The Threat Is Cheaper Than You Think
Comparitech’s latest analysis makes sobering reading. On the dark web today: website hacks average $394, social media takeovers $230, custom malware $318, DDoS attacks from $26/hour. Most services accept cryptocurrency and promise fast turnaround.
For APAC businesses, these are not abstract statistics – they represent a clear, affordable threat to operations, data, and regulatory standing. SafeComs delivers the proactive defense layer: penetration testing, vulnerability assessments, NIST/CIS/ISO 27001 alignment, and iComply for PDPA/GDPR/SEC readiness.
AI & EMERGING THREATS
Deepfakes: The Threat Your Team Might Not Recognize
That call from your CEO. The video from your finance director. The voice note authorizing a wire transfer. All of these can now be faked – convincingly, cheaply, and at scale.
Deepfake-enabled Business Email Compromise is no longer emerging – it’s here. AI-driven attacks rose 89% year-on-year in early 2026. The global average breach cost hit USD 4.9 million. SMEs are particularly exposed: smaller teams, fewer approval layers, and executives whose voices and faces are already publicly available online.
What to Do
01 | Establish a verbal verification protocolAny payment or access request must be confirmed through a pre-agreed second channel – not a callback to the same number. |
02 | Run deepfake awareness trainingYour team needs to know the warning signs: lip-sync delays, unnatural blinking, audio quality inconsistencies. |
03 | Tighten payment controlsTwo-person approval above a defined threshold. Written confirmation before acting on any verbal instruction. |
04 | Deploy continuous monitoringUnusual authorization requests and after-hours activity are often the first detectable signal. |
Want a top-notch security your business? SafeComs can help protecting your organization.
Contact us at [email protected]
NEWS BRIEF
Thailand’s TH-AI Passport: 1.6 Billion Baht to Bring 5 Million Thais into the AI Era
Thailand’s DE Ministry is launching the TH-AI Passport – giving 5 million citizens access to Pro-level AI across 12 models for one year, at just 324 baht per person per year. Built around a “Learn to Earn” framework with Google, Microsoft, and OpenAI, the project aims to lift Thailand’s AI adoption rate from 10.7% to 23% – above the global benchmark of 16.3%. Data privacy commitments include domestic cloud storage and anonymous-only access.
THREAT INTELLIGENCE – MAY 2026
This Month in Numbers
1,353+AI Hallucination CasesCharlotin Database, 2026 | 89%AI Attack Increase YoYIBM / SafeComs, 2026 | $4.9MAvg. Breach CostIBM Report, 2026 |
34%Confidence ParadoxMIT Research, 2025 | 35-55%Hallucination RateScienceDirect, 2026 | $145K+Legal Sanctions Q1 2026ComplianceHub.Wiki, 2026 |
SECURITY TIPS OF THE MONTH
01 | Verify AI Outputs Before ActingTreat AI responses as a starting point, not a final answer – especially for compliance, legal, financial, or medical matters. |
02 | Verify Before You TransferNever action a payment based solely on a call or video. Always use a pre-agreed second channel to confirm. |
03 | Enable MFA on Every AccountMulti-factor authentication blocks over 99% of automated credential attacks. No exceptions for admin accounts or financial systems. |
04 | Define What Data Goes Into AI ToolsNot all AI tools keep your data private. Clarify with your team what company data – especially PDPA-covered data – may be entered into AI tools. |
05 | Test Your Backup RestorationAn untested backup is no backup at all. Run quarterly restoration drills across critical systems. |
SOURCES & REFERENCES
All intelligence is sourced from verified public security advisories, government bodies, peer-reviewed publications, and reputable cybersecurity sources.
Dark Web / Cybercrime-for-Hire
[0] Comparitech (2023) – The cost of hiring a hacker on the dark web. comparitech.com/blog/information-security/hiring-hacker-dark-web-report/
AI Hallucination & Misinformation
[1] MIT Research (2025) – AI models 34% more likely to use confident language when generating incorrect information. Via: renovateqr.com/blog/ai-hallucinations
[2] Vectara / AllAboutAI (2025-2026) – Industry-wide hallucination statistics; best models hallucinate at 0.7%, some exceed 25%. allaboutai.com/resources/ai-statistics/ai-hallucinations/
[3] ScienceDirect / Magesh et al. (2025-2026) – GPT-4o and Claude 3.7 hallucination rates of 15-20% on factual citation tasks, rising to 35-55% on niche or recent topics. sciencedirect.com/article/abs/pii/S221462962600191X
[4] Charlotin AI Hallucination Cases Database; ComplianceHub.Wiki (2026) – 1,353+ documented cases; over USD 145,000 in U.S. court sanctions Q1 2026. compliancehub.wiki/legal-ai-hallucination-reckoning-2026/
[5] Flinders University / Annals of Internal Medicine (July 2025) – AI chatbots providing materially inaccurate medical information. Via: allaboutai.com/resources/ai-statistics/ai-hallucinations/
AI Governance
[6] NIST AI RMF 1.0 / ISO/IEC 42001 / EU AI Act (Regulation 2024/1689) – High-risk system obligations effective August 2, 2026. getmaxim.ai/articles/ai-governance-best-practices-for-enterprise-teams/
Thailand invests in AI: https://www.prd.go.th/th/content/category/detail/id/39/iid/507369
Cybersecurity Statistics
[7] IBM Cost of a Data Breach Report (2026) – Global average breach cost USD 4.9M; AI-driven attacks up 89% year-on-year.
[8] SafeComs April 2026 Newsletter – CVE-2026-20127 Cisco SD-WAN (CVSS 10.0), Coruna iOS Exploit Kit, AI-powered attack statistics.
