In this episode of The Voice of Retail, Michael LeBlanc speaks with Aamir Lakhani, Global Director of Threat Intelligence and Artificial Intelligence at Fortinet, about the accelerating cyber threats facing retailers. From stolen credentials and AI-powered fraud to deepfakes and poisoned shopping bots, Lakhani outlines why cybersecurity is now a shared responsibility—and what retailers of all sizes must prioritize to protect trust, margins, and customers heading into 2026.
In this timely episode of The Voice of Retail, host Michael LeBlanc is joined by Aamir Lakhani, Global Director of Threat Intelligence and Artificial Intelligence at Fortinet, for a deep and sobering conversation on the evolving cyber threat landscape facing retailers as they close out 2025 and prepare for 2026.
Lakhani leads adversarial AI research within FortiGuard Labs, Fortinet’s global R&D arm, where his team studies how cybercriminals—ranging from lone actors to state-sponsored groups—exploit technology, human behaviour, and increasingly, artificial intelligence. With Fortinet protecting over half of the world’s firewall traffic, Lakhani brings unparalleled visibility into global cybercrime trends.
A central theme of the discussion is the explosion of credential-based attacks, where hackers no longer “break in” but simply log in using stolen usernames and passwords. Lakhani explains how years of data breaches have enabled automated attacks across thousands of retail, banking, and corporate systems, often at massive scale. Two-factor authentication, passkeys, and password-less systems are no longer optional—they are table stakes.
The conversation then turns to AI-driven fraud, which Lakhani describes as one of the most urgent threats retailers face today. From deepfake voice scams impersonating CEOs to hyper-personalized phishing attacks fueled by social media data, AI has dramatically lowered the cost and increased the sophistication of fraud. On a scale of concern, Lakhani rates AI fraud “off the charts.”
LeBlanc and Lakhani also explore deceptive domains, poisoned AI shopping results, and the risks associated with buy-now-pay-later programs, which fraudsters increasingly exploit through urgency-based scams. Importantly, Lakhani emphasizes that cybersecurity is now a shared responsibility across platforms, retailers, and consumers—especially as many small and mid-sized retailers rely heavily on platforms like Shopify.
Looking ahead to 2026, Lakhani offers clear guidance for retail leaders: invest in education, embrace AI-powered security tools, and do not shy away from automation. Cybersecurity, he argues, is no longer just an IT issue—it is a brand trust issue, a revenue protection issue, and a core leadership responsibility.
Cyberthreats Targeting the 2025 Holiday Season: What CISOs Need to Know and the report Cyber Threat Landscape Overview for the 2025 Holiday Season.