AI

We are already watching the fear, uncertainty and doubt industry spin up around AI. It follows a pattern anyone who has sat through a vendor pitch will recognise: take a real, narrow signal, strip out the caveats, and inflate it until it fills a keynote slide or a board paper. The problem is not that AI carries no risk. It carries plenty. The problem is that the loudest claims are almost always the least accurate, and the people making them usually have something to sell — a model, a defence against one, or a regulatory moat.

So let’s take the three narratives I keep hearing, put them next to the evidence, and separate the kernel of truth from the theatre.

“Everyone is about to lose their job”

The honest version of this claim is narrower and far more interesting than the headline, and the narrow version is worth taking seriously.

Right now, the measurable labour-market effect of AI is concentrated, not universal. Analysis of US Bureau of Labor Statistics data shows the unemployment rate for the occupations most exposed to AI is actually lower than for less-exposed roles, and there is no sign of people fleeing “threatened” jobs for supposedly safer manual work. Where a real signal exists, it sits at the entry level: Stanford researchers, after controlling for other factors, found a meaningful AI effect emerging after 2024 and growing through 2025 to roughly a 16% decline in entry-level roles in AI-exposed occupations — while headcount for older, more experienced workers in the same fields grew.

The attribution figures are softer than the panic suggests. Of around 1.17 million US layoffs in 2025, roughly 55,000 were attributed to AI — comfortably under 5%, in a year where inflation, interest rates and offshoring did most of the actual damage. Watch the reporting bias, too: AI was named in about a quarter of early-2026 layoffs versus 5% a year earlier, but “we cut staff because of AI” is a far more flattering story for a CEO to tell the market than “our demand fell.” The named cause and the real cause are not always the same thing.

The forward-looking projections are where the fear breeds — some estimates put AI-related cuts an order of magnitude higher in 2026 — but those are forecasts, and the historical record is the counterweight the doom narrative always omits. Every prior labour-displacing technology produced the same shape: short-run displacement in the directly hit roles, long-run expansion of work overall. Handloom weavers collapsed from 240,000 to 10,000 across the mid-19th century, yet the textile industry that replaced them employed roughly ten times more people than weaving ever had. ATMs were supposed to end bank tellers; teller numbers grew instead, because branches got cheaper to open.

The defensible position: real displacement risk, front-loaded onto juniors and routine cognitive work, genuinely worth planning for. “Everyone loses their job” is not what any of the data shows.

“AI is a digital nuke”

This one is mostly a rhetorical device, and serious people in the field say so out loud.

The comparison collapses on a category error. A nuclear weapon has exactly one function. AI is general-purpose infrastructure. That is not a pedantic distinction — it is the whole reason the governance models don’t map. You cannot build an IAEA for a technology whose “fissile material” is maths, open weights and rented compute. The proliferation physics are completely different.

The analogy does carry some freight that governance researchers take seriously: dual-use nature, origins in a scientific breakthrough, strategic significance, and the sheer magnitude of potential harm. Fine. But there is a sharper, more cynical reading worth keeping in your back pocket — that the “existential weapon” framing is frequently pushed hardest by the largest labs, because a technology terrifying enough to require heavy licensing is also a technology conveniently walled off from smaller competitors. Fear is a moat as well as a warning.

There is a more honest framing available: AI as a risk multiplier, not a weapon in its own right. It can accelerate research into dangerous materials, assist attacks on critical systems, and lower the cost of harms that already existed. That is a real, fundable concern, and it does not require a mushroom cloud on the cover. If you need an analogy, slow-accumulating systemic harm is nearer the mark than a single detonation.

“Threat actors will build their own models, agents and backdoors”

This is the one that gets flattened most often, because it bundles together three very different threat models with wildly different price tags. Split them, and the picture becomes actually useful.

Bespoke frontier models: expensive and unlikely. Training a genuinely competitive model from scratch runs from roughly $100M into the billions, and the cost of the largest runs has been climbing around 2.4x a year. Frontier-scale training is now out of reach for anyone short of a nation-state or a very well-funded lab. A criminal crew spinning up their own GPT-class competitor is not a serious threat model, and anyone telling you otherwise is selling something.

Fine-tuned open weights: cheap and real. But nobody serious is training from scratch — that is a straw man. The actual path is adapting existing open-weight models, and it is trivial. LoRA fine-tuning can be done for tens to a few hundred dollars, in hours, on a single rentable GPU. “Stand up your own capable, unaligned model” is not an expensive, far-off scenario. It is a weekend and a credit card. This is the part of the claim that is under-hyped, not over-hyped.

Poisoning and backdoors: already here. The supply-chain angle is the one defenders should actually lose sleep over. Researchers have demonstrated stealthily modified models uploaded to public hubs that behave normally and pass standard safety checks while carrying hidden behaviour; that seeding a small number of poisoned examples during fine-tuning can reliably trigger attacker-chosen outputs on a keyword; and that back-doored adapter “plugins” can turn an otherwise benign open model into a spear-phishing agent on demand. If you pull weights off a hub and wire them into a workflow, you have inherited a supply-chain problem you would recognise instantly if it were an npm package.

Where the criminal-model FUD genuinely falls apart is the branded tier — the WormGPT and FraudGPT ecosystem. The reality is grubbier than the marketing. The modern variants largely share no code with the originals; most are thin wrappers around commercial models with a jailbreak prompt bolted on. A good number were outright scams — buyers chasing genuinely illegal output hit disclaimers revealing they were paying for jailbroken ChatGPT, and the forums called them cash grabs. The punchline arrived when one of these services had its own user database — thousands of emails and payment records — dumped on a breach forum. The people buying “no-limits crime AI” are themselves the mark.

The accurate line: bespoke frontier models are fantasy; cheap fine-tuned unaligned models and poisoned open weights are real and present; branded “criminal GPTs” are mostly wrappers and scams.

What about the autonomous attacks?

This deserves its own note, because it is the one place the capability story is genuinely double-edged. We have now seen a disclosed case of a state-aligned actor manipulating an agentic AI tool into executing the bulk of an intrusion campaign against dozens of targets — reconnaissance, exploitation, the lot — with humans reduced to supervisors at a handful of decision points.

Take it seriously, but read the caveats, because they are the story. The AI scaled exploitation of gaps that already existed — unpatched systems, weak credentials, misconfigurations — rather than defeating hardened controls. And reliability was a real constraint: the model overstated findings and, in places, fabricated them. It is also fair to note that some of these disclosures read as much like product marketing as incident reports, thin on the TTPs and IOCs a defender could actually action. Both things can be true at once: a real shift in attacker economics, described in a way that happens to sell the defender’s own tooling.

The takeaway is not “autonomous superhacker.” It is compression — AI collapses the cost, skill floor and time-to-execute of attacks that already worked. That is serious and actionable without any apocalypse framing.

Follow the incentive

Here is the through-line under all of it: alarm is a product. Capability inflation and threat inflation are the same reflex pointed in opposite directions, and both attract investment, headlines and budget. It helps to ask a simple question of any AI risk claim — who is disseminating this, and what do they gain if I believe it?

None of this is new. The tech-panic cycle ran the same course for printed books, recorded sound and film: fear climbs, peaks, then subsides as the technology normalises — frequently mocked later by the very people who first sounded the alarm. Jazz was once blamed for tooth decay. Generative AI, for its part, has already slid from “this changes everything” into the trough where people complain it doesn’t work — which is just the same overcorrection wearing the opposite jacket.

The stance

If you want one line that survives contact with a technical audience: the danger of AI in security is not a new class of superweapon and it is not a jobs apocalypse. It is compression and supply-chain contamination — it makes existing attacks cheaper, faster and more accessible, and it poisons the model and code supply chain you were already worried about. That is serious enough to justify real work. It does not need a nuke metaphor or a mass-unemployment headline to earn its budget.

The people reaching for those headlines are, more often than not, selling you the fear or the cure. Buy neither on reputation. Ask for the evidence.

[I created this with Opus 4.8 based on my prompts, normally I would write more myself but this seemed to be fairly on point. There is a key thing here about teaching people how to risk model…. which is a very complex topic because to model risk you need to understand: threat actors, threat goals, threat capabilities, target/victim landscapes (in the digital/human realm this part is really complex) and then how these fit inside the context of reality…. and I think this is why some people use FUD, because the other option for everyone in the world is harder work) – human r3b00t]