Over the past several years, I’ve run more than a thousand human-to-human vishing calls. Now I’m conducting the same operations with fully automated voice agents, at scale, across F500 and government targets. This presentation is the before/after: humans versus voice agents in real operations. Not a controlled academic study, that’s not how internal red teams work, but a breakdown of what actually changes when voice becomes software. I’ll demonstrate the operational shifts that voice agents introduce: persistence, parallelization, and the ability to chain SMS or email mid-call to push targets through password resets, MFA bypass, and sensitive data disclosure. But the picture isn’t one-sided. I’ll define where agents outperform humans today, and where humans still win. Defenders will leave with actionable guidance for tuning voice-based security exercises and hardening the workflows that make this threat possible at scale.
