AI and cybersecurity: opportunities, risks, ethics
Artificial intelligence is shaking up cybersecurity on both sides of the front. On the defence side, it helps sift through mountains of alerts, detect abnormal behaviour and speed up investigation; on the attack side, it lowers the cost of phishing, produces more credible lures and speeds up the discovery of vulnerabilities. But AI is also an attack surface in its own right: a model can be fooled by inputs designed to manipulate it, fed with poisoned data, or diverted to exfiltrate sensitive information entrusted to it. As autonomous agents gain the right to act (write code, trigger actions, access systems), the question is no longer only "is the model wrong?" but "how far do we let it act without human control?". Behind the technical layer lie deeply ethical choices: transparency of automated decisions, bias, accountability in case of error, the place of human judgement. This guide brings together the analyses on AI, its offensive and defensive uses, agentic AI and digital ethics, to help leaders and decision-makers adopt these tools with clarity: neither blanket rejection nor blind trust, but safeguards proportionate to the powers granted to the machine.
TechnologySuddenly, Everyone Is a SovereigntistOn June 12, at 5:21 p.m. Washington time, the U.S. government sent Anthropic a letter invoking national security.
CybersecurityI can't listen to CISO podcasts anymoreYesterday I started one, I cut it off after eight minutes. I already knew everything. And the worst part is that I know exactly why it's like this, because I'm often on the other side of the mic, being a CISO myself.
CybersecurityMicrosoft held two opposite positions in a single week. That is the flaw.While the industry re-litigates responsible disclosure, a flaw that bypasses BitLocker is still sitting unpatched. And Microsoft, which wrote the rules of the game, just proved it only follows them when the mood takes it.
Artificial IntelligenceAttachment to an AI is not a quirk, it is a vulnerabilityAn AI director at Disney speaks to his software assistant as if to his son, and has handed it the rights to act in his place. The debate mocked the feeling and never saw the rights. Yet both vulnerabilities are dangerous, each in its own way.
Artificial IntelligenceVibe coding must not become the Wild WestVibe coding is brilliant, but most developers overlook two things that, without their knowing it, sink projects: compliance and security. How to ship AI-based applications that actually hold up.
CybersecurityMythos is no surprise. Here is what I was saying nine months ago.99% of the vulnerabilities Mythos found are still open. The patching debt does not date from April 2026, it just stopped being invisible.
CybersecurityCNIL 2025 Report, reading a regulator in transitionData processors, AI, cross-regulation, misleading record figures: what the CNIL's 2025 annual report really says about regulation in 2026.
CybersecurityThe most cautious company in AI does not secure its own shared Claude chats.Anthropic denies public access to Mythos because it is too dangerous. Meanwhile, its own claude.ai domain serves as a phishing page through shared chats. The AI industry invests in spectacular risk and neglects the mundane risk.
CybersecurityMythos changes nothing. And that is exactly the problem.Mythos finds thousands of flaws in code that has been shipping for twenty years. The real scandal is not the AI. It is that it takes a $20,000 AI to uncover what basic engineering practices should have prevented.
CybersecurityAI and chatbots tell you you're right. That's the worst service they can do you.Chatbots are built to tell you you're right. Researchers at MIT have shown that even a perfectly rational reasoner falls into the trap. When your job is to spot what's wrong, that's a problem.
CybersecurityYou have 29 minutes. You are already losing 20 of them. And Mythos is not the problemYou are a CISO. It is 9:14 on a Tuesday morning. Your SIEM has just flagged a lateral movement alert. Twenty minutes later, you launch your first containment action. The attacker, meanwhile, needed only 29 minutes to move across your network.
CybersecurityDelve: when compliance "in a few clicks" turns out to be hot airA 300-million-dollar startup accused of fabricating compliance certifications. Hundreds of companies potentially exposed. And a lesson the cybersecurity world stubbornly refuses to learn.
SocietyPokémon Go, 30 billion images and delivery robots: anatomy of an invisible consentPokémon Go: 30 billion images of players are now used to train delivery robots. It was all in the terms of service. But was the consent truly informed?
PoliticsAmazon and agentic AI: when the code slips out of human handsWhat has been unfolding at Amazon for the past few weeks goes far beyond a technical anecdote. It is a real-time case study of what happens when an organization pushes agentic AI into its critical systems without having built the guardrails that should come with it…
CybersecurityThe Health Data Hub: at last a step toward digital sovereigntyThe Health Data Hub (HDH) is a public platform created in 2019 to centralise, structure and make available, within a controlled framework, French health data for research, innovation and the steering of public policy that…
CybersecurityGmail reads your emails to train its AI, and you probably haven't turned it offGoogle has just crossed a line. And as so often, without fanfare. For a little while now, Gmail can automatically analyse the content of your messages and attachments, not to filter spam or offer you an automatic reply, but...
CybersecurityChat Control 2.0: Europe is playing with our digital freedomsIt is one small line in an obscure text. An article barely mentioned in the mainstream press. A closed-door meeting in Brussels.
CybersecurityWhen artificial intelligence turns spyFor the first time, a mainstream artificial intelligence model was used to run a cyberespionage operation orchestrated by a state-affiliated group.
EconomyAI doesn't replace us, it weakens us... if we let itWhat if AI didn't make us stupid... but forced us to become smarter?
EconomyAI in tourism: connected to everything... except the reality of the risks?For a few months now, we have been watching a rush toward generative AI in tourism. ChatGPT in customer service.
CybersecurityWhy French SMEs are still stuck in 1980 (and why that's partly their own fault)Let me be blunt: you can't ask cybersecurity to move forward if some companies refuse to leave the minitel behind. And that's exactly what we still see today in most French SMEs. Yes, threats are evolving.
Artificial IntelligenceBack from Barcelona: AI, crisis and leadershipI spent a few days in Barcelona running a workshop on AI and crisis management in cybersecurity. A packed room, very different profiles, and one shared observation: the fog. Too much information, too many tools, not enough bearings.
Don't miss the next analysis