There are lots of AI threads here, and there needs to be one devoted for cyberattacks b/c they may affect the safety of all your health data.

[they can also affect this forum and ALL discourse forums]. It’s important to be forward-seeking with ALL platforms you use and ask how secure they are from cyberattacks (Google/OpenAI/Claude/Microsoft/Apple/Wordpress/Substack/Twitter/etc)

[the moderator/sysadmin of your forum may get compromised at some point]

Also, this is urgent, and agents are susceptible

The internet is about to become a minefield for AI agents, and the success rate for attackers is 86%. Hidden prompt injections in HTML successfully commandeer agents in 86% of scenarios. Not in a lab. Not with custom exploits. Just instructions hidden in a webpage that the agent reads and the human never sees. And memory poisoning? It takes 0.1% contaminated data to permanently corrupt an agent’s knowledge base with 80%+ success rates. That means 1 bad document out of 1,000 rewrites everything the agent believes. DeepMind identifies six attack categories, each targeting a different layer of the agent stack: perception, reasoning, memory, action, multi-agent coordination, and the human supervisor. The co-author said every single category has documented proof-of-concept attacks. These aren’t theoretical. The scariest part is the systemic trap. DeepMind draws a direct line to the 2010 Flash Crash, where one automated sell order triggered a feedback loop that erased nearly $1 trillion in 45 minutes. Now imagine thousands of AI trading agents parsing the same fabricated financial report simultaneously. OpenAI admitted in December 2025 that prompt injection will probably never be completely solved. And yet every major lab is racing to ship agents with access to email, banking, and code execution. The entire agentic AI thesis assumes the information environment is neutral. This paper proves it can be weaponized at every layer, from the HTML the agent reads to the human who rubber-stamps its output. We’re building autonomous systems that trust the internet. The internet has never been trustworthy.

It’s been said by some that this year may mark the “death of the open internet”

“Improve your cogsec” [tirzepatide helps by reducing your input flows/noise…]

[also, trump, by invading iran, just increased the incentive for Iranian agents to launch cyberattacks]

1. Put your most important accounts behind passkeys or the strongest phishing-resistant MFA they support, starting with your email, password manager, Apple/Google/Microsoft account, and anything financial. Microsoft and Google describe passkeys as phishing-resistant, and CISA/FTC keep stressing MFA because stolen passwords alone should not be enough to get in.
2. Use a password manager and unique random passwords everywhere else. FTC explicitly recommends a password manager and notes that even strong passwords are vulnerable without a second factor.
3. Turn on automatic updates for your OS, browser, apps, phone, and router. Replace any end-of-life router instead of pretending it still has a future. NCSC says AI will shorten the time from vulnerability disclosure to exploitation, and the FBI has warned that obsolete routers are being compromised and used as criminal proxy infrastructure.
4. Lock down your home network. Use WPA3 Personal if available, otherwise WPA2 Personal, change the router admin password, and put sketchy IoT junk on a guest or separate network. FTC recommends WPA3/WPA2 for home Wi-Fi, and U.S. government home-network guidance recommends segmentation between primary, guest, and IoT networks.
5. Be stingy with AI-agent permissions. Do not let an agent freely read your inbox, browse random sites, click links, download files, or send data without confirmation unless you truly need that setup. OpenAI’s own guidance says dangerous actions and transmission of sensitive data should not happen silently, and NCSC says the right mindset is reducing impact even when manipulation succeeds.
6. Stop logging into important sites through search ads or surprise links. Bookmark payroll, bank, insurance, school, and government portals yourself. The FBI has specifically warned about criminals using search ads to impersonate legitimate employee self-service sites and steal credentials and money.
7. Assume urgent voice calls can be faked. Set a family codeword, hang up, and call back on a known number. FBI and FTC both warn that AI voice cloning makes emergency scams and impersonation scams much more believable.
8. Back up your files now, before the universe auditions you for a ransomware subplot. FTC advises regular backups, and that advice only gets more important as attacks get faster and more automated.

Altman isn’t wrong about the coming arms race in cybersecurity.

There’s always been a tit for tat dynamics between attackers, virus writers, zeroday researchers and the companies ability to respond.

Tit for tat game theory only works when one side doesn’t have asymmetric dominance capable of a speed and level of severity that makes the first strike fatal.

During the Cold War the concept of a 100% effective first strike weapon terrified war planners as the likely hood such a weapon would be deployed rose in relation to its projected effectiveness.

The same is happening in cyberwarfare and criminal attacks as one side is equipped with god like super attack tools and too many defences are based on (now/recently) outdated security infrastructure, easily defeated and hopeless outmatched.

Like the AI created icebreakers (hacking tools) from Neuromancer.

[the side that models strange loops better may have an advantage]