Secure

Contact center security and AI: a guide for CIO & CISO

AI makes the contact center smarter - and more vulnerable. How to protect customer data and prevent fraud.

  • Momentum EMEA
  • March 17, 2026
  • 9 min read

Contact center security and AI: how to protect customer data and prevent fraud as a CIO or CISO.

The contact center has long ceased to be merely a department that answers phones. It is the beating heart of customer interaction: the place where customer data is exchanged, transactions are handled and trust is built. And precisely for that reason, in 2026 it is also the most vulnerable point in the digital architecture of large organisations.

AI tools make the contact center smarter, faster and more efficient. But that same AI introduces new security risks that are fundamentally different from traditional cyber threats. Contact center fraud through AI-driven attacks is estimated at 12.5 billion dollars worldwide for 2025 (SEO estimate based on the Pindrop 2025 Voice Intelligence Report). Deepfake voices bypass verification systems that were reliable for years. Prompt injection attacks manipulate AI chatbots into performing unauthorised actions. And Shadow AI sneaks into the contact center via agents who want to be productive but work outside the approved tool stack.

In this article you will read why the contact center is the new attack surface, which five AI security risks are most urgent, how to build a security architecture that enables innovation without losing control, and what role Five9 Genius AI plays as an enterprise platform with built-in security governance.

Key insights

  • The contact center is the new attack surface: real-time customer interaction, large volumes of personal data and AI integrations make it a primary target for cybercriminals.
  • Deepfake fraud is growing explosively: AI-driven fraud attempts rose by more than 1,200% in 2025 compared with a year earlier. Contact centers are at the forefront of this threat landscape.
  • Prompt injection is a structural risk: malicious instructions hidden in customer queries can manipulate AI agents into performing unauthorised actions or exposing sensitive data.
  • GDPR requires transparency about AI use: customers must be informed when they interact with an AI system. Customer data processed via AI tools falls fully under the GDPR.
  • Security is an architectural choice: securing AI systems after the fact is not effective. Guardrails, LLM observability and data governance must be built in before go-live.
  • HR plays a key role: agents are the human security layer. Training in deepfake recognition and security awareness is just as essential as technical measures.

AI use grows faster than policy. CIOs and CISOs must therefore invest in visibility, governance and integrated security. AI in security and contact centers offers opportunities, provided it is implemented in a controlled way.

Momentum EMEA

In this article

An overview of all the topics covered in this article:

  • Why the contact center is the new attack surface
  • The five biggest AI security risks in contact centers
  • GDPR and compliance in an AI-driven contact center
  • A security architecture for the modern contact center
  • The role of Five9 Genius AI: security built in
  • HR and change management: the human security layer
  • FAQ: frequently asked questions about contact center security and AI

Why the contact center is the new attack surface

Traditional cybersecurity strategies focus on networks, endpoints and identities. For years the contact center remained outside this focus, treated as an operational department with its own tooling. That time is over. Contact centers process large volumes of customer personal data every day: names, addresses, payment information, health data, contract details. They are connected to CRM systems, ERP platforms and internal knowledge bases. And they communicate via channels that are hard to monitor: voice, chat, email and social media at once.

The introduction of generative AI makes this attack surface larger and more complex. AI agents answer questions, process refunds, consult customer records and escalate to human agents. These are all actions in which data moves, decisions are made and trust plays a role. Zscaler's ThreatLabz research showed a sharp increase in AI-driven phishing and impersonation attacks via customer contact channels (SEO estimate based on Zscaler ThreatLabz 2025 data). When AI plays a central role in customer interaction, it also becomes a target for attackers who want to abuse that trust.

For large organisations with multiple contact centers across locations in different countries, this makes the challenge correspondingly more complex. Different legal frameworks, different security maturity levels per location and a distributed workforce of agents working from home, the office or remote locations create an attack surface that is difficult to monitor with traditional perimeter security.

The five biggest AI security risks in contact centers

Anyone who integrates AI into the contact center without an explicit security strategy creates risks that can quickly materialise into data breaches, fraud and compliance violations. The five most urgent risks are as follows.

1. Deepfake vishing and synthetic voice fraud. Deepfake technology makes it possible to clone the voice of a customer, manager or CEO in real time and use it for fraudulent verification attempts or social engineering attacks on agents. AI-driven fraud attempts rose by more than 1,200% in 2025, with synthetic audio one of the fastest-growing threat vectors for contact centers (SEO estimate based on the Pindrop 2025 AI Fraud Spike Report). Gartner predicts that in 2026 an estimated 30% of organisations will no longer consider standalone verification systems reliable without additional layers.

2. Prompt injection in AI chatbots and virtual agents. Prompt injection is the injection of malicious instructions into customer queries to manipulate an AI system. In a contact center context this means an attacker can, via a seemingly normal customer query, instruct an AI agent to authorise a refund, release account details, escalate privileges or bypass security settings. This risk is structural in LLM-based systems connected to customer data and back-office systems.

3. Data leakage via unapproved AI tools (Shadow AI). Agents look for ways to perform faster and better. When the organisation does not offer an approved AI platform, or when the approved platform does not adequately match real needs, agents reach for public AI services. Customer data, conversation logs and internal procedures end up in external systems without contractual protection, outside the record of processing activities and without the security controls the GDPR requires.

4. Uncontrolled agentic AI. Contact centers increasingly work with autonomous AI agents that take action independently: processing refunds, scheduling appointments, making contract changes. Without adequate guardrails, audit trails and human oversight, these systems can be manipulated, unintentionally or deliberately, into acting beyond their authorised scope.

5. Overpermissive access and API risks. AI systems in the contact center are connected via APIs to CRM platforms, knowledge bases and customer records. When these API connections have overly broad access rights, or when OAuth tokens are not audited periodically, persistent data exposures arise that are difficult to detect and can go unnoticed for a long time.

Expert insight

Security is not a property of an AI tool. It is an architectural choice you make before you go live.

The most common mistake in AI implementations in contact centers is building it backwards: first rolling out an AI tool that delivers productivity, then trying to add security and compliance retroactively. That does not work. Guardrails imposed on an already working system break functionality. Governance imposed after the fact misses the context of the implementation. Organisations that treat security as an architectural principle build it in: into vendor selection, into data governance, into access rights, into monitoring. They do not discover after the fact that their AI platform processes data outside the EU. They know it in advance, because they asked.

On 4 June, Momentum and Five9 discuss what secure AI adoption in the contact center looks like in practice. BMW Driving Experience, Zandvoort. 60 places.

GDPR and compliance in an AI-driven contact center

Every customer conversation a contact center handles contains personal data. Name, phone number, customer number, the topic of the conversation: all data that falls under the GDPR. When AI systems are used in these conversations, the GDPR adds further obligations that many organisations have not yet implemented adequately.

The data protection authority is clear about the use of algorithmic systems: when AI is used for decision-making or analysis based on personal data, transparency, lawfulness and security must be ensured. Customers must be informed when they interact with an AI system instead of a human agent. As of August 2026, this is also explicitly required under the EU AI Act for systems designed to communicate with individuals.

For AI systems used for customer segmentation, profiling or automated decision-making, a Data Protection Impact Assessment (DPIA) is almost always mandatory. The organisation's record of processing activities must contain all AI processing in the contact center, including data flows to cloud platforms such as CCaaS providers. When a cloud contact center platform processes data outside the EU, this requires an up-to-date transfer mechanism such as Standard Contractual Clauses, combined with a Transfer Impact Assessment.

For organisations that process PCI-related transactions via the contact center, additional requirements apply under PCI-DSS. Payment data must never be stored in unsecured AI models or entered into public LLM services. Enterprise platforms such as Five9 are certified as a Level 1 PCI-DSS Service Provider and offer technical protection specifically for this risk.

A security architecture for the modern contact center

An effective security architecture for AI-driven contact centers works in four layers that reinforce one another.

Layer 1: Identity & Access Management. Every employee, every AI agent and every API connection has minimal access rights based on role and necessity. Broad OAuth permissions for AI tools are audited periodically and reduced to the strictly necessary. Multi-factor authentication applies to all access points, including remote agents.

Layer 2: Data governance and classification. Customer data is classified by sensitivity level. This determines which data is available to which AI systems. Special categories such as medical data, financial data and biometric voice data may only be processed by systems with the right certifications and contractual safeguards. Records of processing activities are kept up to date with every change in tooling or AI configuration.

Layer 3: AI guardrails and LLM security. AI models deployed in the contact center are given granular guardrails: which actions they are authorised to perform, which data they may consult and which output is checked before sending. LLM observability tools monitor in real time for hallucinations, anomalous behaviour and security risks. Prompt injection protection is built into the prompt architecture.

Layer 4: Real-time monitoring and anomaly detection. Anomalies in customer interactions, such as unusual refund requests, rapid sequences of account changes or unknown calling patterns, are detected via behavioural analysis and AI-driven fraud detection. Deepfake voice detection is built into the verification layer for high-risk interactions.

The role of Five9 Genius AI: security built in

Five9 is Momentum's event partner during the BMW Driving Experience on 4 June 2026. As a leading cloud contact center platform, Five9 offers enterprise organisations a unique combination of AI power and built-in security governance through the Five9 AI Trust & Governance Layer, part of the Genius AI platform.

The AI Trust & Governance Layer gives CIOs and CISOs a suite of tools to monitor, configure and secure AI behaviour. Granular guardrails enable organisations to adjust AI models, outputs and autonomy levels per channel, use case and customer segment. LLM observability functions continuously monitor the AI system for performance, hallucinations and security risks, and provide the evidence base that regulators expect.

Five9 meets the highest enterprise security standards: SOC 2 Type 2 certified, Level 1 PCI-DSS Service Provider, HIPAA-compliant and GDPR-ready. Customer data is encrypted both in transit and at rest. The platform runs on cloud infrastructure that complies with ISO 27001/27002 and NIST standards. For multinational organisations, Five9 offers data residency options that align with regional compliance requirements.

The result is a contact center environment where AI innovation and security do not compete with one another but reinforce each other. Agents are supported by AI that is reliable, traceable and compliant. Supervisors gain real-time insight into AI behaviour. And CISOs can demonstrate that the AI systems in the contact center meet the requirements of the GDPR, AI Act and PCI-DSS.

HR and change management: the human security layer

Technology and policy are necessary. But the human factor remains the most vulnerable link in contact center security. Agents are the first to come into contact with deepfake voices, manipulated customer queries and social engineering attacks. Without adequate training they do not recognise these attacks, simply because the attacks are becoming ever more convincing.

Effective security training for contact center agents goes beyond an annual e-learning about phishing. It includes specific scenarios for deepfake recognition, practical simulations of prompt injection attacks on AI tools, clear procedures for reporting suspicious interactions and role-specific guidelines on which data must never be entered into AI tools.

Change management plays a critical role at large organisations with contact centers in multiple countries. The security policy must be understandable, applicable and anchored on the work floor in Amsterdam, Frankfurt and Singapore. That requires local ambassadors, multilingual training programmes and a security culture that does not punish but teaches. HR and IT must work together on this: HR for the behavioural change, IT for the technical preconditions.

Want to know how your organisation can raise contact center security to a higher level with AI and governance? On 4 June 2026, Momentum is hosting an exclusive event at the BMW Driving Experience in Zandvoort. As a partner, Five9 shares concrete insights on AI-driven customer contact and the security architecture it requires. Cato Networks brings the network security perspective. Only 60 places available.

Master AI in your contact center before attackers do

Deepfakes, prompt injection, Shadow AI and agentic AI without guardrails: the security risks in modern contact centers are real and growing. On 4 June 2026, Momentum brings IT leaders together for an exclusive inspiration session at the BMW Driving Experience in Zandvoort. Five9 and Cato Networks present concrete governance models for secure AI adoption in customer contact. Peer exchange and strategic insights for CIOs, CISOs and IT directors. Only 60 places.

Register now and discover how to make AI and security work together in your contact center.

FAQ

Frequently asked questions

What are the biggest security risks of AI tools in contact centers?

The five biggest risks are deepfake vishing, where synthetic voices bypass verification systems; prompt injection, where malicious customer queries manipulate AI systems; Shadow AI via agents who use unapproved tools; uncontrolled agentic AI that takes action independently; and overpermissive API access that exposes data to unauthorised systems.

What is deepfake fraud in contact centers?

Deepfake fraud in contact centers is the use of AI-generated voice clones to deceive contact center agents or automated verification systems. Attackers replicate the voice of a customer or executive to gain account access, authorise transactions or extract confidential information. AI-driven fraud attempts in this domain grew explosively in 2025.

What is prompt injection and how does it affect contact center AI?

Prompt injection is the hiding of malicious instructions in seemingly normal customer queries. Via a chat message a customer can instruct an AI agent to authorise a refund, make an account change or bypass security settings. This is a structural risk in LLM-based contact center AI connected to customer data and back-office systems.

Which GDPR obligations apply to contact centers that use AI?

Contact centers must inform customers when they interact with an AI system instead of a human agent. This is also required under the EU AI Act as of August 2026. All AI processing must be included in the record of processing activities. For AI systems with significant impact on customers, a DPIA is mandatory. Customer data may not be processed outside the EU without a valid transfer mechanism.

How do you train contact center agents in security awareness?

Effective training goes beyond annual phishing awareness. Agents need specific scenario training for deepfake recognition, clear procedures for reporting suspicious interactions and role-specific guidelines on which data must not be entered into AI tools. HR and IT must work together to embed this training across all locations and in all relevant languages.

Who is the BMW Driving Experience event on 4 June 2026 for?

The event is aimed at CIOs, CISOs, IT directors and IT managers of large organisations who think strategically about secure AI adoption in customer contact and contact center security. Five9 and Cato Networks are partners and present concrete insights. The programme combines inspiration sessions, real-world cases and peer exchange at Circuit Zandvoort. Only 60 places available.

Knowledge base

Read more

View more articles
Plan a call

Master AI in your contact center

Want to know how your organisation can approach secure AI adoption in the contact center? Let's talk about governance, compliance and security.

Book a call