AI’s Wild West won’t last forever
AI's Wild West won't last forever.
But it's here now.
We’ve seen this movie before. Cars, crypto, cloud, social media – every transformative technology thrives in a period of lawlessness before the rules catch up. AI is in that gap right now. Here’s what history teaches us and how to protect your organisation while the dust settles.
AI and cybersecurity are in their Wild West era. Bad actors have moved into town with powerful new tools for old crimes, while regulators scramble to catch up. Rules will come, but history shows we can expect trouble in the meantime.
All major technology
follows the same pattern
Cars arrived ~1900 with no traffic rules, stop signs or speed limits. With people, horses and carts sharing the roads, Detroit recorded 7,000 accidents and 168 deaths in 1917 alone. Road rules came eventually, but it took a few thousand deaths first.
Bitcoin launched in 2009, but only last year – 16 years later – did Australian crypto exchanges require financial services licences.
Organisations poured data into the cloud, before anyone understood where it was stored, who owned it or which country’s laws applied. Controls came after the migration.
Social media stole our data (let’s be honest, we gave it away for convenience) and attention long before breaches like Cambridge Analytica showed us how badly we’d misjudged the risks.
AI hasn't had its defining incident yet. But history suggests it will.
Why history
always repeats
Humans are predictable. We’ll give up security and privacy when we see even small upticks in our health, comfort or wealth.
For example, in 1987 Australians rejected the Australia Card – seen as government overreach – but hold my beer while I jump on Facebook to post my birthday, tag my partner and kids, share my location and complain about Qantas exposing my personal information.
Popular loyalty programs offer a princely 0.5% discount in exchange for your purchase history and behavioural data.
This risk appetite extends to the tech bros building the AI platforms – some of whom openly acknowledge a 20% chance of significant negative human impact. If a plane had a one-in-five chance of crashing, would you board it?
When the benefit feels real and the risk feels abstract, convenience always wins. That's why governance struggles to keep pace: the market doesn't want to hold things up.
Same motives,
new methods
The motivations for crime haven’t changed since humans started hitting each other with rocks: greed, hardship, power and revenge. Technology simply translates physical crimes from back alleys to their digital equivalents.
- Underground markets became the Silk Road.
- Armed heists became keyboard robbery.
- Blackmail became ransomware.
- Organised crime syndicates harvest identities, trade stolen credentials and extort businesses from the comfort of the couch.
AI adds fuel to the fire. Threat actors embed AI in their attack chains to supercharge breaches and scale social engineering. In one case, deepfake video and voice cloning impersonated a CFO and convinced a finance team to hand over $25 million.
What to do
while the dust settles
Rethink your encryption
Many take comfort in encryption – stolen data is safe because it would take a thousand years to decrypt. But given progress in quantum computing, that timeline is likely to shrink dramatically.
Action: Understand where you’re using encryption, what type you’re using, and begin planning for quantum-resistant alternatives. You won’t have time to address this after the fact.
Check your backup solutions are ready to support your business
Our geopolitical landscape is volatile and ahead of any kinetic endeavours, cyber will be the first battleground. Nation-states will be looking to pre-position themselves in environments to cause mass disruption; this disruption won’t be a ransom – it will be a wiper.
Action: 3-2-1-1-0, here we go. Validate what is being backed up, its frequency, its restorability and then determine if your backup methodology will support your business if your backups are also targeted. If you didn’t get the joke, we should chat.
Recognise that AI exposes weaknesses
While the maliciousness of AI is up for debate (and evolution), even well-intending AI exposes weaknesses. For example, AI assistants surface confidential details like salaries, passwords and worse by scouring all the sources the user already has access to.
You know those 10 SharePoint sites you have access to? You likely have access to more like 50! You might not remember them, but AI does and can search them in seconds and expose historical hygiene issues.
Action: Good old data hygiene is more important than ever. Lock down permissions and access controls. Review your information lifecycle.
Build for where threats are heading
Our imagination is literally becoming the limit of what threats lie ahead. For now, the point of consistency is that every digital transaction requires a digital identity. Whether it’s a human, automation or an agent, an identity is present.
Action: Strengthen your identity governance and administration capabilities and consider Human Risk Management solutions. I suspect this will require a rebrand in the very near future to Identity Risk Management to account for ‘synthetics’.
The rules will arrive, but ‘eventually’ could mean 16 years and thousands of incidents. Smart organisations act before they’re forced to.
Subscribe
for updates
for expert insights on cybersecurity strategy, trends, and implementation.