Retell AI’s notification exposed a bigger issue !!

The casino went dark and Slot machines stopped mid-spin. 🎰💀

A ransomware attack had shut down everything.

A few months back, I was leading the cybersecurity response, trying to contain the damage for one of the largest casino in USA. But the root cause?

No MFA. The hackers got in through a simple remote access system that had zero protection.

Just a username and password. That’s all it took to bring down a multi-billion-dollar operation.

And here we are in 2025, still talking about the same problem.

Today, Retell AI rolled out a security enhancement, notifying users about enabling two-factor authentication (2FA) 🔐 and KYC verification after detecting suspicious activity.

Sounds like a step in the right direction, right?

But here’s the catch 🚨 2FA is not enabled by default. Users have to link their phone numbers and set it up manually. And even then, it's SMS-based MFA, which is already the lowest level of security.

Companies like Retell and VAPI are at the forefront of AI voice innovation. But security should be built into the foundation, not treated as an afterthought.

With 16 years in cybersecurity, I’ve seen the cost of weak security controls 💰 massive data breaches, financial losses, and businesses brought to their knees. It’s not about fear-mongering.

It’s about setting the right example.

Security shouldn’t be optional. It should be the standard.

What’s one security measure you think every company should have by default?

Drop your thoughts in the comments. ⬇️

Retell AI’s notification exposed a bigger issue !!

1 comment