You know when a new technology shows up and a bunch of people are saying “this changes everything” while others are vehemently against it? It’s happening right now with AI, but something is different this time.
There are more serious threats involved with this technology, and marketers who are plugging AI into every corner of their workflows might be more at risk than they realize.
With AI connecting with your Google Drive folders and even your personal email, and new models like Claude Mythos running the risk of breaching containment and hacking government systems, security and safety have never been more important.
Bryan Marvin, Relevance Engineer at iPullRank, put it plainly: “This is a turning point in the AI discussion in a lot of ways. It’s no longer ‘how useful is this and how efficient can we be with this?’ Now it’s ‘should we have built this in the first place?'”
This blog will look at the safety risks of AI and what you can do to help mitigate these risks for yourself and your business.
What’s Different Today #
For context, there’s been a benchmark in software engineering called the SWE benchmark, which is basically a standardized test for how well AI can find and fix code. For a while, score percentages kept hovering in the upper 70s to low 80s. Engineers started to wonder if that threshold was simply uncrossable. Then came Claude Mythos. To put the security implications in perspective: Anthropic’s earlier Opus 4.5 had a 4% success rate at finding and exploiting software vulnerabilities. The more recent Opus 4.8 jumped to an impressive 69.2%. However, Mythos reportedly achieved a 93.9% score. Wow.
Anthropic has been distributing Mythos to specific large vendors like Microsoft enabling bug testers to identify things they never had to test before. They’re trying to see how their system can be broken and how quickly they can find vulnerabilities.
We know that everything runs on software: your CMS, analytics stack, ad platforms, email service provider, etc. So, if a tool exists that can identify exploitable vulnerabilities at a 93.9% clip and that tool ends up in the wrong hands, we’re in big trouble.
Something like Mythos would make it even harder to be a start-up software company, too, as these must be security vetted before being launched. Many of these organizations don’t have enough funding for a proper security check, which can cause more barriers to entry into the market for new businesses.
“Within the marketing and SEO world, things are going to get wild,” Bryan said. “The days of a free trial SaaS might be over.”
This is because the moment your business gets any traction, someone will try to take you down with ransomware, credential theft, review bombing, and more.
Bryan described it all as “almost a millennium bug scare” (remember when society panicked about the year 2000 causing all computers to malfunction and planes to fall out of the sky? Some days I kind of wish that did happen, but anyway…). Anthropic is currently distributing Mythos only to specific vendors and infrastructure partners for testing. For now.
“This is a turning point in the AI discussion in a lot of ways,” Bryan said.
Anthropic just released Claude Fable 5 as well, which is described as a Mythos-class model that’s supposedly “safe for general use,” but I guess we’ll find out if that’s true soon enough.
What Risks Are You Currently Taking? #
Let’s talk about what many marketers are doing right now that might be creating exposure to security risks.
Connecting Your Tools to AI
Linking Google Drive, Gmail, and Calendar to AI tools is becoming commonplace. The productivity gains are there, but so are the risks.
Google’s smart features have been opted-in by default in Gmail and Google Drive for quite a while, meaning AI has been quietly accessing your emails, docs, and calendars to power summaries and suggestions. You can disable this in Gmail settings by turning off Smart Features and Workspace smart features.
In November 2025, Google also launched Gemini Deep Research with optional access to your private content. This one requires you to actively opt in, which is the better default behavior. But the point stands: check your settings. Don’t assume your data is protected just because nobody told you it wasn’t.
The broader risk is what happens when an AI provider’s infrastructure is compromised. Every time a team member feeds a customer transcript into an AI tool, or uploads a strategy document to an AI summarizer, that data enters a system you don’t control. This “shadow AI” problem is the 2026 equivalent of shadow IT, except instead of employees installing Dropbox, they’re sending proprietary client data to external services that may retain, train on, or expose that data.
Your Clients' First-Party Data Is More Exposed Than You Think
For agencies and consultants especially: the data you hold on behalf of clients, be it campaign assets, audience lists, proprietary insights, or strategy documents, is a target. Not just for traditional cybercriminals, but for AI-assisted attacks that are getting better. According to Accenture’s State of Cybersecurity Resilience 2025, 77% of organizations lack the basic data and AI security practices needed to protect critical tech infrastructure.
“You’ve got to be more careful with your clients and what you’re doing with their data,” Bryan said. “First-party data will continue to grow in value over time.”
The Upgraded Scam Economy
Phishing emails used to be easy to spot. There were clear misspellings, odd formatting, and maybe an inexplicable Nigerian prince or two. Now, AI can generate perfectly legible, highly personalized phishing messages that pass a first glance and can create convincing fake landing pages to capture credentials. AI-powered deepfakes can already replicate voices, faces, and mannerisms convincingly enough to fool someone on a video call.
“It’s going to be a lot harder to not get scammed,” Bryan said.
Nearly 50% of global business and cyber leaders cited the advance of adversarial capabilities like phishing, malware, and deepfakes as their greatest AI security concern. Meanwhile, 93% of security leaders are bracing for daily AI-powered attacks. Yes, daily, and there’s a lot that people are worried about when it comes to security:
What This Means for Marketing #
The whole model of search (someone asking a question, clicking a result, trusting that result) depends on the signal that authentic, reliable sources have built over time. Now throw in AI-generated content at scale, deepfaked experts, AI-fabricated citations, and identity theft that lets bad actors impersonate your brand or your clients’ brands, and you start to see the problem.
Bryan pointed toward a structural shift happening: “I think that over time, as it becomes riskier and riskier to be a public-facing entity, there will be more value in creating membership clubs and things like that.”
Direct, trusted communication channels like newsletters, subscription communities, and private groups were always a strong marketing strategy, but now they’re also a security strategy. An audience that knows you directly is harder to fool with a fake version of you.
You can’t treat website security as strictly an IT problem anymore. Security on your site matters as much as (or more than) your content and technical SEO. Social media accounts, email, WhatsApp, SMS, ad platforms: every channel you market through is a channel someone can compromise.
What to Actually Do About It #
Moving on from the doom and gloom, here are some practical applications and how you can protect yourself and your business.
1. Lock Down the Basics
Don’t forget everything you’ve learned over the years in those mandatory phishing trainings at work that would trick you into exposing the entire company’s system to a hacker (I totally never fell for those, though). A lot of AI-assisted attacks succeed because the fundamentals are weak.
“You have to scale up your security,” said Bryan. “Password policies need to be taken to the extreme.”
Password vaults like LastPass, 1Password and Bitwarden.Two-factor authentication on everything. Google Drive supports it so use it. Same for your ad accounts, CMS, and email.Lock your credit. This is a thing you can do right now and it costs nothing.Keep physical backup copies of critical financial and legal documents in a fireproof safe (sometimes old-school security measures can still work).
2. Be Careful What Goes Into AI Tools
Before feeding anything into an AI tool, be it client briefs, financial data, or any other personally identifiable information, first ask: does this provider have a data processing agreement? Can I opt out of training? Is there a privacy-forward version of this tool I should be using instead?
Subscription services often provide the option to remove your data from training sets. That’s worth looking into for whichever tools you rely on.
3. Hire Expertise You Don't Have
Bryan’s recommendation for businesses: “The first step is to hire a security company and safety expert to advise.”
If you’re running an agency or a mid-sized brand, a security audit isn’t a luxury anymore. Consider investing in an expert who can get your organization up to speed. You can also use AI to analyze your own business’s safety gaps (which has a certain poetic justice to it).
4. Build Your First-Party Audience
A newsletter, webinar series, subscription community, private Slack group, any channel where you have a direct, trusted relationship with your audience is key now. It’s also just good marketing.
“It all goes back to trust at the end of the day,” Bryan said. “You have to trust people online a little bit less now.”
5. Prepare for the Worst
No matter what platform you’re using, “just assume it could be compromised at this point,” Bryan said. If your Ring doorbell system doesn’t update its software and Mythos IDs even one vulnerability, the wrong people could access the system and put your home at risk.
Be more defensive with what you share, who you share it with, and how long you retain it. Apply that to your clients’ data, too. First-party data is valuable precisely because it’s under your control so treat it accordingly.
The Bigger Picture #
None of this means you should stop using AI. That ship has sailed and the tools are useful. As Bryan said: “It makes experimenting with ideas fun, fast, and easy.”
Deep fakes will continue and erode trust even more, making it harder to tell what’s fake and what’s not. Fingerprinting has been proposed to ID authentic documents, but what if you can’t trust the source because their security isn’t strong enough? Something like Claude Mythos could infect the system and steal data anyway.
The question isn’t whether AI changes the security landscape because it already has. The question is whether you’re going to treat that as something that requires your active attention.
“We’re not going to stop doing business or talking with people,” Bryan said. “There will be a balance, and maybe this is where the AI push-back gets some real teeth.”
People are coding and building things they never could’ve done 5 years ago and new scams are popping up each day. Is your business prepared?
“The potential impacts are going to be huge and we’re going to see them across the board,” Bryan said. “You have to be proactive.”