The Good
Australia’s Cyber and Infrastructure Security Centre (CISC) has confirmed AI-related cyber incidents in critical infrastructure must now be reported under the SOCI Act – within 12 hours if significant.
Comment: The systems we all depend on – power, hospitals, banks, NBN – are now formally accountable for AI-related security failures. This is a welcome closing of a regulatory gap in a critical area and feeds into our Feature below.

The Bad
Web hosting giant Vercel recently got breached – not through its firewall, but through a single employee who'd signed up for an AI productivity tool (Context.ai) using their work Google account and clicked ‘Allow All’. Months later, malware on a Context.ai laptop handed attackers the OAuth token, and they walked straight into Vercel's internal systems. Customer credentials are now for sale on a hacker forum for US$2 million.
Comment: Every ‘Connect with Google’ or ‘Allow All’ click at work is a door – and it stays open until someone shuts it. If you've signed into AI tools with your work account, audit them. Again, this is a nice segue for The Feature.

& The Ugly
Iran is, by some measures, outmanoeuvring America in the digital narrative war by using AI to pivot from rigid state messaging to viral, satirical content. Leveraging AI to generate high-engagement memes and animations mocking US policy and amplify their influence across global social feeds.
Comment: AI collapses the cost of influence operations to near-zero. Satire and humour bypasses the defences propaganda (like a dodgy press release) usually triggers. It's another version of the same theme running through this drop: the rules of trust are changing faster than most of us can track. Cast a critical eye over memes as you would a questionable news article.

The AI security conversation is heating up.

AI tools are getting better and better. Providers are racing to ship. Everyone seems to be building the next big AI product.
But when Jensen Huang said in March 2026 that AI agents “can access sensitive data, execute code, and communicate with external entities”, did anyone else have alarm bells going off? OpenClaw has been reshaping enterprise AI throughout 2025. And Claude Mythos, Anthropic's embargoed state-of-the-art model, is already dividing the security community despite limited access.

On the other side, Patrick Gray at Risky Business captured the bind perfectly: “Can this be secured to an acceptable degree? The answer is that it has to be – and it's going to be the definition of acceptable that changes, not the actual security threshold of the product.”

The debate about whether AI agents will enter the enterprise is over. We're now negotiating what we're willing to accept and how to secure them within a changing paradigm. And what we're accepting is significant. Security has long rested on three pillars: confidentiality, integrity and availability. Organisations are quietly trading away pieces of all three, not recklessly, but incrementally and (possibly) ignorantly.

This doesn't have to be a bad trade. Enterprise AI can be architected carefully, data can stay sovereign, the opportunity is real. But the assumptions governing enterprise security for decades are changing faster than most organisations (and leaders) can track. Here are the new rules:

i) Your perimeter disappears. Security used to mean building walls, patrolling them and patching up any cracks. But AI agents don't respect walls. Reaching out, connecting and acting across them can be the only job they’re given.

ii) Documents become weapons. Attackers are learning to hide malicious instructions inside files and emails that your AI will read and obey. It's phishing but machine against machine.

iii) Access control calculations change. A useful agent needs broad access. A secure one needs narrow access. Most organisations are quietly (and maybe unknowingly) choosing useful.

iv) When things go wrong, you may not know why. Can you reconstruct what your AI agent did last Tuesday? For most current deployments: not really.

v) The rules haven't caught up. Compliance frameworks were written before any of this existed. The gap between what's being deployed and what regulations require is growing fast.

So what does this mean for us?

Ahead of us is a wealth of opportunity and a need to not overexpose ourselves while capitalising on that growth. The temptation is to assume this is someone else's problem. It isn't. Every person who uses AI at work – or at home – shapes the security posture around them. Here's where to start.

If you’re a leader. Stop asking, “Is our AI secure?" Start asking, “What have we traded away to make this work, and did we know we were trading it?" Demand an inventory from your AI team: which agents are running, what data they touch, whose credentials they borrow, and what happens if one misbehaves on a Friday afternoon. If no one can answer that in plain English, you don't have a governance problem, you have a visibility problem. The Australian Signals Directorate's guidance on engaging with AI is a sensible place to ground the questions you put to your CIO or vendor – starting with visibility. Forward this to the person in your org who'll have to answer the questions above.

If you’re a worker. You're now part of the security perimeter, whether you signed up or not. Three habits:
1. Remember that anything you feed an AI – emails, shared docs, external PDFs – could contain instructions hidden for the AI, not you. So be careful what you point it at, especially from outside sources.
2. When an agent suggests an action that touches money, permissions or external recipients, slow down and verify it the way you'd verify a stranger claiming to be your CEO.
3. And if something feels off – an unexpected file, an instruction you didn't write, a tool behaving oddly – flag it. Noticing strange behaviour early could save your org a lot of pain later.

If you're using AI in your personal life. The cookie thing wasn’t just a meme – we’re seeing people hook up AI to all kinds of data. So the same logic from work applies, just higher personal stakes and fewer guardrails. Be deliberate about what you give an AI access to – your inbox, your calendar, your photos, your bank. 'Connect' is a one-click decision with a long tail, so read the permissions before you tap accept. And when an AI does something useful but slightly surprising, ask yourself how it knew, and investigate.

The opportunity ahead is real. So is the risk of sleepwalking into AI security risks (like riding your bike into a parked semitrailer because you weren’t looking around) but the way through isn't fear or paralysis. The solution is people (read: everyone) knowing what's changed, what's at stake, and taking relevant action to keep themselves safe.

Thanks for joining us. See you in the next drop.

Yours in humanity,