Defending businesses from drones, AI and insider espionage

Southampton F.C. sent a staff member to record footage of Middlesbrough F.C.’s training ahead of a playoff match that would affect promotion to the Premier League. The staffer used a smartphone while hiding behind a tree. Club officials say the footage was captured before the match and has drawn attention to how low‑tech actions can mirror commercial spying.

Experts describe corporate espionage as attempts to access and steal trade secrets or other information with economic value. Clark Frogley, global head of fraud at Quantexa and a former FBI financial crime investigator, described targets as technology, policy and strategy that give rivals an advantage. Brett Walkenhorst, chief technology officer at Bastille Networks, identified common targets as product road maps, source code, customer lists, pricing strategies, merger plans and manufacturing processes.

Tactics have shifted from long‑term insider placements and physical document theft toward mixed cyber and physical approaches. Walkenhorst pointed to phishing, business email compromise, stolen credentials, credential stuffing and attacks on suppliers as frequent ways attackers gain access. He also noted an increase in supply‑chain compromises that use vendors or managed service providers as stepping stones into a target organization.

Artificial intelligence is changing how attackers operate. Researchers reported in 2025 that groups linked to China used agentic AI to run cyberattacks against roughly 30 global targets, with some successful intrusions. Greg Newman, chief of staff at HiveWatch, said AI is being used to improve phishing, impersonation and reconnaissance by automating research, producing realistic lures and simulating personal interactions based on social media information.

Drones and small wireless devices add physical and radio‑frequency risks. Drones can provide aerial surveillance or deliver small devices to a site. Glen VanHerck, a former U.S. Northern Command commander, warned that repeated drone observations can create persistent vulnerabilities at critical locations. Walkenhorst pointed to a growing visibility gap in dense radio environments: malicious devices can use cellular links or protocols such as Wi‑Fi, Bluetooth and Zigbee to interact with nearby systems, and they can be hidden by insiders, visitors or delivered by drones.

Legal and criminal cases in recent decades have involved employees moving proprietary information across borders, alleged talent poaching tied to technology theft, and convictions for stealing formulas and software. Those cases show a range of actors, from individuals to state‑linked groups, targeting commercially sensitive material.

Practices recommended by advisers include returning to strict technical controls and running dedicated threat programs. Nathan Salminen, a partner at Hogan Lovells, said companies are reintroducing measures such as network segmentation, restricting certain capabilities to on‑site personnel, application whitelisting and tighter access rights. Frogley recommended assuming an organization could be targeted, using tools to flag synthetic identities or anomalous access, and training staff who handle sensitive technology or travel overseas. Newman urged firms to route phishing and data‑loss prevention alerts to specialized threat teams rather than only to IT helpdesks and to consider proactive insider‑threat monitoring.

Experts advise classifying sensitive information, deploying data‑loss prevention tools and establishing teams focused on awareness, detection and mitigation. The Southampton incident illustrates a low‑tech example of information gathering alongside the broader mix of AI, wireless and insider threats facing organizations today.