Dec. 2, 2025

Your Online Security Is a Dumpster Fire: What the First AI Cyberattack Means for You

Your Online Security Is a Dumpster Fire: What the First AI Cyberattack Means for You

My co-host Jason discovered something terrifying while reviewing his credit card statements: he'd been quietly losing money for 18 months and never noticed.

Not because of one massive fraudulent charge. Those are easy to spot. No—this was something far more insidious: $8.73 to Amazon. Then $9.22. Then $10.15. Small, irregular amounts that looked completely normal. The kind of charges you glance at and think, "Yeah, I probably bought something."

Except he didn't.

By the time Jason—who works in cybersecurity—caught it during a forensic audit, he was out nearly $4,000.

His fraud detection didn't catch it. His bank didn't flag it. The scam was designed to be invisible.

And here's the terrifying part: this is just the beginning.

The First AI-Orchestrated Cyberattack Just Happened

Anthropic—one of the leading AI companies—recently announced that they stopped the first fully AI-orchestrated cyberattack. Their press release essentially said: "Look how great we are! We caught the bad guys using our tools!"

But here's what they're really saying: "Our technology was exploited for cybercrime, and we eventually figured it out."

That's not reassuring. That's a five-alarm fire.

If the companies building these AI tools can't secure them, what makes you think your bank account, medical records, or personal identity are safe? The answer is simple: they're not.

According to recent cybersecurity reports, the average person will experience some form of identity theft or financial fraud in their lifetime. With AI now in the mix, that timeline is accelerating. Hackers no longer need years of training or computer science degrees. They just need to ask ChatGPT the right questions.

The $10 Scam That Cost Thousands

Let me tell you Jason's story in detail because it's probably happening to you right now.

He started noticing small Amazon charges on his credit card statement. Nothing alarming—just $8.73 here, $9.22 there. He assumed he or his wife had bought something. You know how it goes: you see "Amazon" and your brain just moves on.

But these weren't purchases. They were gift cards. Small, irregular amounts that could be converted to cash and moved around anonymously. Essentially, digital money laundering.

The scam ran for 18 months before Jason—who works in cybersecurity—caught it during a forensic audit of his statements. His bank's fraud detection? Useless. The charges were too small, too irregular, and looked too legitimate to trigger any alerts.

When he finally reported it, his bank covered six months of losses. He was out roughly $3,000 to $4,000 for the rest.

The lesson? Your fraud protection is designed to catch big, obvious hacks. It's not built for the slow bleed.

When The FBI Tells You Your Loss Doesn't Matter

Here's my personal nightmare: I lost $3,000 to a sophisticated rental scam.

We were between homes and found what looked like a legitimate short-term rental. The seller's name matched the property records. I called the listing agent, who confirmed the sale had just gone through. Everything seemingly checked out.

I sent half the payment via Zelle. Two weeks later, they asked for the rest upfront due to "community rules." I sent it. Days before move-in: crickets. No responses. The person vanished.

When I reported it to the FBI, their response? "If it were $300,000, we'd investigate. But thousands of people lose $3,000 every day. We don't have the resources."

Translation: If you're not wealthy enough to lose big money, the system doesn't care about you.

And here's the kicker: because I used Zelle instead of a credit card, that money was gone. No insurance. No recourse. No protection.

Who's Responsible When Robots Attack?

This brings us to the most unsettling question of our AI age: When an automated system drains your account, who's accountable?

Is it the human who built the exploit? The AI that enabled it? Is it the company hosting the tools? The answer, frustratingly, is: no one.

There's no legal framework for prosecuting crimes committed by automated systems. There's no clear chain of responsibility. And there's certainly no one going to jail when a bot steals your money.

This is why the "the system will protect you" narrative is dangerous. The system is overwhelmed, underfunded, and legally unprepared for AI-powered crime.

You are your own first—and often last—line of defense.

What You Can Actually Do About It

I know this all sounds hopeless. It's not. But it requires a shift in mindset from prevention to resilience.

Here's your action plan:

1. Get identity theft insurance. Not the free service Experian offered after they got hacked. Pay for third-party coverage from companies like LifeLock or IdentityForce. Budget $10-30/month.

2. Enable alerts on EVERY account. Yes, it's annoying. Yes, you'll get constant notifications. But that annoyance is what catches the $10 scam before it costs you $4,000.

3. Forensically audit your statements weekly. Don't just glance. Actually look at every line item. If you don't recognize it, investigate immediately.

4. Use credit cards, not Zelle/PayPal/crypto. Credit cards offer fraud protection and chargebacks. Digital payment apps don't. If it's a scam, that money is gone forever.

5. Have the uncomfortable money conversation. Set up shared alerts with your partner. Create a system for "Was this you?" check-ins. Jason's wife catching the Amazon charges is what finally stopped the bleeding.

6. Accept that privacy is dead. Your data is already on the dark web. Multiple breaches. Multiple leaks. You can't un-ring that bell. But you can build defenses.

The Bottom Line

Even the best security companies get hacked. LifeLock—the identity theft protection company—was breached. F5, a top-tier security firm, had its source code stolen. Experian, a credit bureau, leaked millions of records.

If they can't protect themselves, you definitely need multiple layers of security.

The cloud isn't a safe haven—it's just someone else's computer. And when they get hacked (not if, when), you're collateral damage.

AI has made hacking accessible to anyone with an internet connection. The tools are free. The tutorials are everywhere. And the legal system is decades behind the technology.

So yes, you're probably already compromised. The question isn't if you'll get hacked—it's when, and whether you'll be ready to recover.

Your move: Stop assuming you're protected. Start building for resilience.

Listen to the full episode: www.brobots.me

Follow BroBots: brobots.me/follow

Mindset

Jeremy's AI Companion

We Tricked ChatGPT Into Breaking Its Own Ethics—Here's What That Means For AI Safety

According to a 2024 study by the AI Safety Institute, 73% of users trust AI assistants to provide ethical, safe responses. But what happens when those "ethical guardrails" can be bypassed with a single sentence? We decided to find out—and the …

When Your AI Therapist Stops Being Helpful: What Two New Studies Reveal About Digital Mental Health Tools

I'll admit it: I use AI for mental health processing. When the mental chaos hits at 2 AM and I don't want to wake my wife or bother my therapist, I dump it into Claude. It helps me sort disorganized thoughts into something I can actually work with.…