Growing up in Ukraine, Ksenia Iliuk, co-founder of LetsData, saw how narratives influence reality. She witnessed the 2004 Orange Revolution and the 2013–2014 Revolution of Dignity — pivotal moments in the country’s democracy.
“It showed how a nation can come together, even as different forces try to manipulate and sway public opinion in the opposite direction,” Ksenia said.
At the time, Russia’s government was already pouring significant resources into propaganda in Ukraine.
“Sometimes they used very specific language,” Ksenia said, “claiming Ukraine isn’t a legitimate state, just a territory without history.”
Ksenia wanted to stand on the side that protects the integrity of information. For university, she chose a program that combined communication, information security, and political science.
She later worked with EU governments and NATO to track media threats — from bot networks to coordinated attacks — but could only analyze campaigns after they happened.
How a cream cake could hide a war
To this day, many organizations rely on 15–20 keyword lists to monitor media and social platforms.
“One wrong word can lead to wrong findings and wrong conclusions,” Ksenia said.
In one case, after Moscow’s illegal annexation of Crimea, hostile actors flooded the information space with cake recipes, substituting “cream” for “Crimea” to drown legitimate discussion.
“They knew how everyone monitors media threats,” Ksenia said. “So they flooded the information space with irrelevant keywords, making it impossible to see what’s really happening.”
That was the moment she realized, “I can’t keep doing it this way — something has to change.”
Ksenia teamed up with Andriy Kusyy, a former machine learning lead at Grammarly, who shared her passion for tackling disinformation through technology.
They started by helping media groups and non-profits for free. Three years later, LetsData has grown into a 20-person team serving clients across Europe and the U.S.
How Ukraine became a cybercrime testing ground
Ksenia says the foundation of information security is awareness — especially of AI-driven threats.
“Once we recognize the threats, we can start addressing them,” she said. “The people you meet online aren’t always real — that phone call that sounds like your daughter might not be her at all.”
LetsData acts like an “AI radar,” scanning multiple media platforms for unusual activity, such as hundreds of Facebook reposts per second.
“These small signals reveal larger patterns,” she explains. “They show that predators are out there, acting with bad intent, and coordinating their efforts.”
Objectives vary: cybercriminals seek financial gain, hostile states interfere in elections, and competitors in markets like crypto attack rivals.
Launching in Ukraine helped LetsData refine its product, as the country became a testing ground for cybercriminals taking advantage of a heightened information environment.
“In wartime, a lot can go unnoticed,” Ksenia explains. “Cybercriminals test small scams in Ukraine to see if they work, then scale them elsewhere. Knowing this information space so well lets us detect these pilot operations before they spread.”
Navigating the next wave of AI threats
LetsData started in defense when media threats were costly and largely manual. Generative AI has changed that, making it easier for even small actors to target enterprises.
“Now we see multiple attacks every day,” Ksenia said. “Fortune 500 companies are being targeted by just a few individuals in Vietnam with budgets as low as $20.”
Facebook ads, she added, are a favorite tool, often overlooked by U.S. companies.
She shared two cases: OpenAI was impersonated before its Sora model launch via 30 Facebook ads with links that could compromise devices. In another, a bank faced 500 deepfakes of its executives promoting a fraudulent investment platform, discovered only after customers reported losses.
Businesses are now facing sophisticated impersonations and conspiracy-driven attacks. In one case, a bank was targeted by a hostile state to influence elections by stirring economic panic.
The attackers used Telegram channels to spread false claims about layoffs and financial instability, followed by calls to withdraw funds and images of supposedly nonworking ATMs.
“As AI tools advance, people may no longer know what is real,” Ksenia said. “From a human standpoint, this is a dramatic change — and it’s already happening.”
For LetsData, the future is using AI to fight AI, detecting and stopping threats before they spread.
