Threat, tool, temptation
Cyber and AI are usually discussed as something done to us. The real question is what we are doing to ourselves.
Australia’s first great algorithmic scandal contained no artificial intelligence at all.
Robodebt was, at its technical core, almost embarrassingly simple: annual income averaged across fortnights, a presumption of guilt automated at scale, and a legal fiction sustained for the better part of a decade. No machine learning. No adversary. No foreign interference. It ran inside a sophisticated, well-staffed, well-lawyered public service, surviving internal doubts, external warnings, tribunal losses, and ministerial reshuffles, until the Federal Court and then a Royal Commission called it what it was: unlawful, cruel, deadly, and a failure of institutions as much as of individuals.
I keep returning to Robodebt because it is the cleanest demonstration we have of a truth the cyber and AI debate keeps avoiding. The scheme didn’t fail because the technology was inadequate. It failed because the temptation the technology offered—administration without judgement, decisions without decision-makers, scale without accountability—proved stronger than the institutions meant to resist it.
And that was a spreadsheet.
We are now wiring far more capable systems into the state, the economy, and our daily lives—systems that can argue, persuade, summarise, classify, and act, at machine speed and machine scale.
So let’s be honest about what cyber and AI actually are for a country like Australia. They are three things simultaneously: a threat, a tool, and a temptation. We talk endlessly about the first, breathlessly about the second, and almost never about the third. Yet it is the third that will do the most to determine whether Australia remains both secure and democratic.
The threat—and the dependence
The threat picture is real, and I don’t propose to reprosecute it. State actors preposition in critical infrastructure. Ransomware operates as a parallel economy with its own division of labour. Espionage now scales the way software scales. AI lowers the cost of intrusion, deception, and reconnaissance for everyone—the carefully crafted spearphishing email that once took a fluent English speaker an afternoon to write now takes a model a second. Recent cyber incidents—including Qantas (2025) , MediSecure (2024), Latitude (2023), Medibank (2022) and Optus (2022)—affecting the personal and identity data of millions, are less aberrations than the steady-state: in a digitised society, the attack surface is the society.
Having sat through cyber briefings and conferences for the better part of two decades, though, I’m struck by what the threat narrative consistently leaves out. Australia does not merely face cyber threats; it faces them from a position of near-total dependence.
Our cloud is foreign-owned. Our frontier models are foreign-built, trained on data we didn’t curate, embedding values and assumptions we didn’t choose. Our chips, our cables, our platforms, our operating systems, our national intelligence systems—all of it designed, owned, and ultimately controlled elsewhere, overwhelmingly by one ally whose reliability is now an open question, with critical hardware layers exposed to adversaries.1
We are, in digital terms, a tenant nation: comfortable, well-appointed, and holding no equity in the premises, and reliant on a security service provided largely by others.
That dependence used to be a tolerable efficiency. Under an unconditionally reliable alliance, buying rather than building was arguably rational—the same logic, incidentally, that hollowed out our industrial base and left us the second-least complex economy in the OECD.
But the assumption no longer holds. Washington has spent the past 18 months reviewing AUKUS2 against an ‘America First’ test, demanding allies lift defence spending toward 3.5 per cent of GDP and treating long-standing partnerships with what one American analyst delicately called a ‘ruthlessly unsentimental approach’. Whatever one’s view of the submarines, the deeper signal is unmistakable: the patron is no longer predictable. And a tenant whose landlord becomes unpredictable discovers, rather quickly, the difference between access and ownership.3
There is a second omission in the threat narrative, and it matters more. We persist in defining critical infrastructure as the things that pump, generate, and transmit. But in the AI era, the most critical infrastructure a democracy possesses is epistemic and cognitive: the shared capacity to perceive, to verify, to deliberate, and to decide.
A society that cannot agree on what is true cannot deter, cannot mobilise, and ultimately cannot govern itself. That infrastructure is being subjected to both internal corrosion and sustained attack—some of it foreign and deliberate, much of it commercial and ambient—and it appears in no register of critical assets, answers to no regulator, and features in no national risk assessment of which I am aware.
The tool—and the honest case
It would be dishonest, and strategically lazy, to write about AI purely as menace. I work with these systems daily; I build with them; as a start-up, AI is an essential tool. The positive use case is strong.
For a middle power with a small population, a smaller public service, and a strategic geography that has suddenly become demanding, AI is the first technology in generations that genuinely favours the side with less labour. Intelligence analysis that once required floors of analysts becomes tractable for a team of five. Triage—of threats, of casework, of signals in noise—becomes continuous rather than episodic. Machine-speed attack finally meets machine-speed defence. Service delivery that smaller nations could never afford becomes plausible. Used well, AI is a force multiplier for exactly the things Australia is short of: people, time, and analytical depth.
I believe all of that. Which is why the next observation needs to be made by someone who does, rather than by a critic who would oppose the technology regardless.
Every one of those benefits requires the state to see more, decide faster, and explain less. That is not a side effect of the tool. It is the tool. The efficiencies are real precisely because they compress or remove the slow, expensive, human steps—the administrative burden, the review, the discretion, the reasons given, the appeal heard—that also happen to be where accountability lives. We shape our tools, and thereafter, to borrow from Churchill, our tools shape us.
The question is never simply whether the tool works. It is what kind of state, and what kind of citizen, the tool quietly assumes—and then produces.
The temptation—and Australia’s weakness
Here is the uncomfortable part, and the reason I think Australia deserves special scrutiny rather than the usual self-congratulation about being a trusted democracy.
Among comparable democracies, Australia is uniquely unconstrained in what its parliament may do in the digital domain. We have no bill of rights, no entrenched protection of speech or privacy, and a political culture in which ‘national security’ functions less as a category of analysis than as a conversation-stopper. The result is a three-decade legislative ratchet that turns in only one direction.
Consider the sequence.
Mandatory metadata retention in 20154, capturing the communications patterns of the entire population on the theory that everyone is a suspect eventually;
The Assistance and Access Act in 20185, rushed through in days, granting powers to compel the weakening of encryption that allies studied with a mixture of envy and alarm;
The Identify and Disrupt Act in 20216, allowing authorities not merely to read accounts but to take them over and alter data;
The Cyber Security Act in 20247, more defensible in intent, extending the state’s visibility into private-sector incidents.
And in December 2025, the social-media minimum-age regime8—the first of its kind in the world—which, whatever its protective merits, normalises age (and therefore identity) assurance (read surveillance and third-party access to personal identity) across the population’s daily platforms. It was enforced within 24 hours by compulsory information notices to ten companies. It is already before the High Court on the question of whether it burdens the implied freedom of political communication, the one slender constitutional protection we possess.
Each measure, taken alone, has a defensible rationale. Most passed with bipartisan support and minimal scrutiny, several in the final sitting fortnight of a parliamentary year. That is precisely the point. The ratchet does not advance through tyranny. It advances through reasonableness—through the accumulated weight of individually plausible responses to individually genuine problems, none of which is ever wound back, all of which assume the state’s future restraint and competence.
Robodebt should have permanently retired that assumption.
Meanwhile, where the temptation runs the other way—where the state’s appetite for AI adoption is concerned—the regulatory instinct evaporates.
The National AI Plan of December 2025 explicitly rejected mandatory guardrails in favour of a light-touch reliance on existing law, declined to require even the labelling of synthetic content, and established a safety institute that monitors and advises but cannot compel.
On the EU’s regulatory maximalism—yet another temptation for legislators—there is a strong argument for regulatory humility amid fast-moving technology. But it is the asymmetry that is telling. Where digital technology empowers the citizen relative to the state, Australian governments regulate first and fastest in the world. Where it empowers the state and the platforms relative to the citizen, Australian governments are much less willing to constrain and to provide redress.
The temptation, in other words, operates on three actors simultaneously.
The state is tempted because surveillance and automation are cheaper than capability and judgement—the strategic junk food of statecraft.
The political class is tempted because being seen to act is faster than acting well, and the digital domain offers an endless supply of announceables.
And citizens are tempted because convenience is immediate and agency is abstract; we click ‘accept’ and call it consent.
No adversary needs to defeat a democracy that is busily adopting the operating logic of its adversaries—centralised oversight, automated decision, diminishing accountability—in the name of defending itself.
Same disease, different organ
Step back far enough and the strategic vulnerability and the democratic vulnerability resolve into the same vulnerability: outsourced judgement.
We outsourced industrial capability to our trading partners and got an economy that digs and houses.
We outsourced security to an ally and are now discovering what it means when the ally conducts a review of whether we are worth the trouble.
We outsourced our digital infrastructure to the tech giants and hyperscalers, our public square to platforms whose algorithms answer to no Australian interest.
And we are now, with real enthusiasm, beginning to outsource cognition itself—analysis, drafting, advice, decision—to models trained elsewhere, on values set elsewhere, by companies with obligations elsewhere.
Judgement is a capability, and capabilities atrophy when unused. A public service that lets the model write the brief will, soon enough, struggle to know whether the brief is wrong. A polity that lets platforms arbitrate attention will struggle to deliberate.
A nation that has outsourced perception, production, and protection has not reduced its risk; it has consolidated its risk with counterparties it does not control, against whom it retains no recourse.
Deterrence—the thing all our defence dollars notionally buy—ultimately rests on an adversary’s belief that a society can perceive clearly, decide collectively, endure harm and inflict cost in turn. Cyber operations and AI, in hostile hands, attack precisely those three faculties, and in our own hands, carelessly used, erode them just as surely. That, rather than the power grid, is the critical infrastructure. We protect everything except the thing that makes protection meaningful.
What resisting temptation would look like
Pieces like this conventionally end with a list of recommendations, most of which call for more—more funding, more coordination, more strategies. Two decades of cyber policy suggest the genre has failed. So let’s move instead to the tests, because temptation is resisted one decision at a time.
The Four Tests
The test for every new digital power should be reversibility and reciprocity: does it sunset, and does the citizen’s visibility into the state grow in proportion to the state’s visibility into the citizen?
The test for every government AI deployment should be the Robodebt question: where, precisely, does a human with authority, knowledge, and personal accountability sit in this loop—and could a tribunal find them?
The test for sovereignty should be brutal honesty about the difference between hosting something on Australian soil and being able to build, fix, audit, or refuse it.
And the test for the alliance should be the one we apply to any critical dependency: not whether we value it—we do and should—but what we are able to do on the day it is unavailable.
None of these tests is anti-technology. Australia should be vastly more capable in cyber and AI than it is. But capability without judgement is what Robodebt had. The lesson of the last decade is not that the machines failed us.
It’s that we keep being exactly who temptation requires us to be.
See, for example, Salt Typhoon, Volt Typhoon and Flax Typhoon.
Congressional Research Service, U.S.–Australia Relations: Background and Issues for Congress, R48875 (2026)
A position brought home to those of us using Claude (and Fable) on Saturday 13 June, when the US government directed Anthropic, via export controls, to ‘suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees.’ To comply, Anthropic disabled Fable 5 and Mythos 5 for all its customers.
Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (Cth)
Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018
Surveillance Legislation Amendment (Identify and Disrupt) Act 2021 (Cth)
Cyber Security Act 2024 (Cth); includes mandatory ransomware payment reporting.
Online Safety Amendment (Social Media Minimum Age) Act 2024 (Cth); eSafety Commissioner regulatory guidance (September 2025); commenced 10 December 2025.




