Category
AIIn the newsletter I flagged two headlines: an AI that got “smarter” and started lying more, and big companies quietly rehiring the people they replaced with AI. Here is what those two stories, read together, actually tell you about trusting a machine to protect your business.
See Where Your Business Stands →
A plain A-to-F grade on your Windows PCs. No card needed to see it.
The problem: Every vendor is slapping “AI-powered” on the box, and plenty want to sell you AI security tools that supposedly watch your business so no human has to. That promise just failed two public tests in the same month. Buying it wrong does not just waste money, it hands your safety to a machine that is confidently wrong half the time.
The straight answer: AI is a genuinely useful tool and a genuinely dangerous decision-maker. The businesses that win with it use it the way a good mechanic uses a diagnostic computer, to make a trained person faster, never to replace the person. I will show you the line, and what real protection looks like on the right side of it.
Hey folks! Two headlines landed within days of each other this month, and read together they say more about AI security tools than any glossy vendor deck ever could.
One: the flagship AI got less honest. Elon Musk shipped the newest version of Grok and called it top of the line. Then the independent testers ran it. Yes, it answers more questions correctly than before. But its hallucination rate, the plain word for how often it just makes things up, more than doubled, from 25 percent to 54 percent. It is now wrong more than half the time, and it says those wrong answers with more confidence than ever. The testers ranked it fourth, not first. Chew on that: the “improvement” made it a more convincing liar.
Two: the companies that bet on AI are hiring humans back. Australia’s Commonwealth Bank cut 45 customer-service jobs and handed the work to AI voice bots. Within weeks the calls were piling up, not shrinking. The bank had managers answering phones, begged staff for overtime, then scrapped the plan, rehired all 45, and apologized, admitting the roles “were not redundant” after all. And it is not one bank. Ford and IBM have quietly walked back AI-driven cuts too. Forrester found 55 percent of employers who restructured around AI now regret it, and Gartner expects half of all AI job cuts to reverse by 2027.
One story is about a machine that is confidently wrong. The other is about a market discovering, with real money, that the machine cannot hold a job that needs judgment. Same lesson, from two directions.
Here is the framework that makes sense of all of it, and it is the single most useful thing to understand before you trust any AI with your business. There are two kinds of work, and AI is fantastic at one and dangerous at the other.
The easy half is pattern and volume. Draft the email, summarize the call, sort the tickets. AI is genuinely great here, and it will save you time. Use it.
The hard half is judgment under consequence. Deciding, correctly, every single time, what is really a threat, what to do about it, and living with the cost of a wrong call. That is the half AI keeps failing.
Grok proved it, the bank proved it. The machine did not learn to be more honest, it learned to be more confident. And a confident wrong answer is the most dangerous kind, because it does not sound like a guess.
Now lay that over security, because security is the judgment half, all of it. It is deciding what is safe under real consequence, and being right when it counts. Hand that to a machine that is wrong more than half the time and dresses every answer in false confidence, and you have not bought a shield. You have bought a very articulate coin flip, and you have taken the human who could have caught the mistake out of the room.
Here is the opinion I have earned in more than 35 years, and the one nobody selling AI security tools will say to your face. Right now, AI helps the attacker far more than it helps the defender, and there is a clean reason why.
Attacking is the easy half, pattern and volume. Write ten thousand flawless phishing emails, clone a voice from a LinkedIn clip, spin up a lookalike site in a minute. That is exactly what AI is best at, and the crooks picked it up first. Defending is the hard half, judgment under consequence, be right every time or pay for it. That is exactly what AI is worst at. So the same technology being sold to you as a wall is, in the real world, a better battering ram.
The numbers back it up. AI-written phishing has been measured as several times more effective than the old junk, and nearly half of small businesses have already been hit by it. So when a vendor waves “AI-powered protection” at you, understand what you are really being sold: the attacker’s favorite tool, pointed the harder direction, with a marketing sticker on it.
That does not mean run from AI. It means put it in its place. The right model is not human versus machine, it is machine in a trained human’s hands, AI to flag the patterns fast, a person to make the call and own the outcome. Any “AI security” that skips the person is not protection. It is a black box humming away while nobody is home, and this month showed you twice how that ends.
You do not need to become an AI expert. You need three habits that keep the confident machine from quietly making your decisions.
1. Ask every “AI-powered” vendor the one question they hope you skip.
“When your AI is wrong, and it will be, who is the human that steps in, and how fast?” If they cannot name that person and that response time, you are buying a black box, not protection. “We use AI” is not a security strategy.
2. Keep a human on every decision that costs money or trust.
Never let a chatbot send money, sign something, or act on a customer’s account without a person checking it, and tell your team the same. Use AI to draft and to spot patterns. Do not use it to decide. That is the line, and it is a bright one.
3. See where you actually stand, then put real people on it.
Run a Reveal scan on your Windows computers to see the open doors, graded A to F. Then decide who is watching those doors, a machine that is wrong half the time, or a team. It is the same first step most of the businesses I now manage took before they signed on.
My father fell for a phishing email. I have spent my whole career in this, and it still got him. Scammers got remote access to his computer and started hunting for his financial papers. My step-mother noticed something was off, called me, and I stopped them remotely before they reached his bank credentials. If a chatbot had been the only thing standing guard, he would have been cleaned out. A human being caught it, and a human being made the call.
That is exactly why I built Forward to Safety around people, backed by good technology, not the other way around. More than 35 years at this, since 1991. FBI InfraGard. Not one client I manage has ever been hit by ransomware, because when the AI or the filter misses, there is a real person watching who does not.
It can be part of something better, but only with a person standing behind it. AI is great at flagging patterns fast, and that is genuinely useful. The danger is buying it as the whole answer, a box that “handles security” while nobody is home. That is the exact version this month embarrassed, twice.
Ask the only question that matters: when the AI misses, who responds, and how quickly? If the honest answer is “nobody,” it is not security, no matter what the sticker says.
No hand-waving. Here is exactly what you get:
Book a Fit Call →
A straight conversation about where you stand and whether we can help. That is it.
Want this kind of plain-English security news every week? Sign up for Craig’s Insider Notes at CraigPeterson.com.
#AISecurity #AIHype #SmallBusinessSecurity #Phishing #ForwardToSafety
Join thousands of security professionals who receive Craig Peterson's Insider Show Notes and cybersecurity updates.
Join 10,000+ cybersecurity professionals