For most of human history, obscurity was a remarkably effective security control. Not because it was perfect, but because it was practical.
If somebody wanted to impersonate you, manipulate you, blackmail you, or scam you, they first had to learn about you. They needed to know your habits, your family, your interests, your workplace, and the way you communicated. Gathering that information required time, effort, and often physical proximity.
Most criminals simply could not afford to invest that level of effort into ordinary people.
Artificial intelligence is changing that.
The internet has spent the last twenty years encouraging us to become more visible. We share photographs, career milestones, holidays, hobbies, opinions, achievements, family events and daily experiences. Social media platforms reward visibility. Businesses encourage personal branding. Professional networks encourage public profiles.
For years, this seemed relatively harmless. The problem is that all of this information now exists as a dataset. Cybercriminals’ AI systems do not see separate posts, photographs, videos, comments and profiles. They see patterns. They see relationships. They see context.
Most importantly, they can process that information at a scale and speed that would have been impossible for a human attacker.
This is where the threat begins.
A photograph of your dog may reveal its name.
A LinkedIn profile may reveal your employer, role, responsibilities and career history.
A video clip may reveal your voice, mannerisms, vocabulary and appearance.
Individually, these pieces of information appear comparatively insignificant. Together, they create a surprisingly accurate model of you. That model can then be used in ways that would have seemed almost impossible only a few years ago.
Voice cloning technology can produce convincing imitations of family members or colleagues.
AI-generated phishing emails can be tailored to specific individuals, referencing genuine employers, interests, projects or acquaintances.
Fraudsters can create highly convincing social engineering attacks using information gathered entirely from public sources.
Criminals can build detailed profiles of executives and key personnel before targeting organisations.
Extortion attempts, identity theft and romance scams can all become highly personalised.
The common theme is not that AI has created entirely new forms of crime. It has simply made existing forms of crime cheaper, faster and far more scalable.
Historically, a criminal might spend hours researching a target before launching an attack. Today, an AI agent can gather information, analyse it, identify opportunities and generate personalised content in minutes.
The cost of targeted attacks is collapsing.
That matters because security has always been, at least partly, an economic problem. If attacking you costs more than the likely reward, attackers tend to move elsewhere. As the cost of targeting individuals falls, more people become attractive targets.
The uncomfortable reality is that many of us are helping attackers build the very profiles they need. The sensible answer is not to disappear from the internet. For most people, that is neither realistic nor desirable. The answer is to recognise that visibility has become a resource, and like any resource, it needs to be managed.
Every piece of information that you publish has value.
The question is whether it has value only to you, or whether it also has value to an attacker.
Before sharing information online, it is worth asking a simple question:
Who benefits from this being public?
A promotion announcement tells friends and colleagues about a career achievement. It also tells criminals about your seniority, responsibilities and potential access to valuable information.
Holiday photographs preserve memories. They can also reveal routines, travel habits and periods when you may be unavailable to colleagues, creating opportunities for impersonation scams.
Videos help people build audiences and personal brands. They also provide material that can be used to train increasingly convincing voice-cloning systems.
None of these activities are inherently wrong. The point is that information now has multiple audiences, including some that you never intended.
One useful exercise is to spend ten minutes becoming your own attacker.
Open a search engine and look for yourself.
Not as you.
As someone trying to learn about you.
How quickly can you discover where you work?
How quickly can you identify family members?
Could you determine hobbies, interests, recent activities, professional responsibilities or social connections?
Most people are surprised by how much information can be assembled in a matter of minutes. An attacker equipped with artificial intelligence will almost certainly be more efficient than you are. That does not mean the information should never have been shared. It does mean that every piece of information should be viewed as part of a larger picture.
A single puzzle piece rarely reveals much.
Thousands of puzzle pieces assembled by artificial intelligence can reveal almost everything.
Where possible, consider separating personal and professional identities. Many successful social engineering attacks succeed where attackers can easily connect the two.
Be cautious about how much voice and video content you publish publicly. What once seemed like harmless content may increasingly become training data for systems designed to imitate people.
Possibly most importantly, assume that any information made public will eventually be analysed by cybercriminals’ artificial intelligence.
The challenge facing organisations and individuals is no longer limited to protecting passwords, devices and accounts.
It is about protecting information.
A password may tell an attacker how to access your systems.
All of the other information tells an attacker how to become you.
For decades, information simply described people.
Artificial intelligence changes that equation.
Information can now be collected, analysed and weaponised at a scale that was previously impossible. Every photograph, profile, comment and video becomes another piece of a puzzle that somebody else may eventually assemble. The more complete that picture becomes, the easier it is to impersonate, manipulate and exploit the person at its centre.
In an age of artificial intelligence, visibility is no longer simply a matter of privacy.
Visibility is vulnerability.
