Australia is facing a new wave of cybercrime – one driven not by lone hackers in dark rooms, but by advanced artificial intelligence systems capable of impersonating CEOs, breaking passwords in seconds, and launching large-scale attacks in minutes.
Experts warn that the rise of AI-powered cyber threats poses a grave risk to Australian businesses, governments, and individuals alike.
AI-Driven Attacks Hit Home
The recent vishing (voice phishing) attack on Qantas is a stark example of how AI is now at the centre of cybercrime in Australia. The attacker, believed to have used AI-generated voice cloning, tricked a call centre worker in Manila into revealing personal details of nearly six million Qantas customers – including names, birthdates, emails, phone numbers, and frequent flyer details.
Katherine Mansted, executive director of cyber intelligence at Australian firm CyberCX, says this is just the beginning. “Social engineering is an old trick, but AI is making it faster, more scalable and far more convincing,” she says. “We’ve entered an era where hearing someone’s voice or seeing them on video is no longer proof it’s really them.”
Australia in the Global Crosshairs
Australia ranks as the eighth most targeted country in global phishing attacks, according to cybersecurity firm Zscaler. Over 30 million phishing attempts were recorded in Australia in 2024 alone, many now aided by AI tools that create fake emails, videos, and websites to deceive even the most tech-savvy users.
Peter Soulsby, head of cybersecurity at Brennan IT, warns that AI is accelerating the pace of attacks. “What used to take days now takes minutes. And once criminals lose control of the AI systems they’ve created, the consequences could be catastrophic.”
The Qantas breach follows a string of high-profile cyber attacks on Australian companies, including Optus, Medibank, and several major superannuation funds. In the Medibank case, hackers leaked sensitive health data of thousands of Australians onto the dark web after ransom demands were refused.
The Next Phase: AI as a Weapon
Experts now believe Australia is approaching a turning point, where AI will be used not just to assist hackers, but to conduct attacks independently. “It’s not far off – AI attacking infrastructure, applications, or financial systems on its own,” Soulsby says. “We’ll see a moment where control is lost – much like the first use of a nuclear bomb – and the fallout will be hard to contain.”
The Australian Signals Directorate (ASD) has warned that AI will dramatically reshape the cyber threat landscape, urging urgent investment in defence and training. Still, many small and medium businesses are unprepared for these advanced threats.
How Australian Businesses Can Respond
- Use AI against AI. Employ machine-learning tools that detect and respond to threats in real time.
- Adopt a zero-trust approach. Treat all users, devices, and access points as untrusted until proven safe.
- Train your workforce. Staff need to understand what deepfakes look and sound like – and how to respond.
- Get ahead with threat intelligence. Monitor cyber trends and tactics before they hit your network.
- Seek expert help. For many Australian businesses, outsourcing cybersecurity is now essential.
Ms Mansted warns: “We cannot repeat the mistakes we made with the internet – prioritising speed and convenience over security. With AI, the stakes are higher, and the damage deeper. Australia must act before it’s too late.”
