The AI gold rush needs an accountability check

By Sam Shar

Cybersecurity incidents are rising fast. The weekly number has more than doubled from 2021 to 2025, and AI is amplifying the threat. At the same time, consultancies are racing to win AI transformation work. My view is simple: this is turning into a gold rush, and if firms don’t slow down, it could become a cybersecurity meltdown waiting to happen.

The latest warning sign is the debate around Anthropic’s Mythos model, widely seen as a step-change in AI-driven cybersecurity capability. The fact that a model built to strengthen cyber defences needs tight restrictions tells us something important. These tools are powerful, but power cuts both ways.

That would be enough to worry about on its own. But it’s happening while major consultancies are signing large AI partnerships with companies like OpenAI, Anthropic, and Google. The AI players want access to the consultancies’ foothold inside large enterprises. The consultancies want the work, the margin, and the strategic relevance that comes with being seen as AI leaders.

There is nothing wrong with that in principle. Companies are racing to adopt AI in powerful and effective ways, and consultancies have rightly seen a moment to support clients with on-tap expertise and talent. But there are early signs that some firms are selling as many projects as possible with little connection to ROI and, more worryingly, too little regard for security risk.

Any new technology opens fresh attack vectors in the tech stack. AI does that at a larger scale because whole systems are often being retrofitted. Models are connected to internal data, workflows, identity systems, customer records, vendor platforms, and employee tools. One weak handoff can become a serious exposure.

The human side matters too. Employees often aren't trained on how AI creates new lines of attack. They may know how to use a tool, but not how to spot bad outputs, data leakage, prompt injection, or risky shortcuts. That gap between adoption and understanding is where a lot of damage will happen.

This is where consulting incentives need a hard look. When vendors and clients are both pulling consultancies toward more AI, advisers face a structural pull to recommend more projects. Not always because those projects serve the business in front of them. Sometimes because the market is rewarding volume, speed, and visibility over accountability.

I have seen the safer version of transformation. During the rapid shift to work-from-home, TSCi had to support an enterprise need that sat outside our usual lane. We sourced equipment, rented warehouse capacity, and shipped at scale because the client needed the outcome protected. That is what real delivery often looks like. It is close to the work, practical, and owned by people who can’t hide behind layers.

AI work needs the same discipline. Start with the business problem. Define the value case. Decide what technology is actually needed. Then stress-test the security implications before the rollout, not after the contract is signed and the announcement is out.

Consultancies should also scale back the number of AI briefs they run for any single client at one time. That may sound counterintuitive when demand is high, but if a firm can’t properly test the architecture, train the staff, and monitor what happens after implementation, it shouldn’t take the work.

The other fix is presence. Consultants need to be embedded deeply enough to see the client’s real technology environment, not just the slideware version. Unexpected risks show up in workflows, integrations, permissions, old systems, and employee behaviour. You don’t catch those from a distance.

AI can create real value. But AI hype must not trump business results, and it certainly must not trump security.  

The Mythos story should be a pause point for every enterprise leader. If even the most advanced AI companies are worried about misuse, clients should expect the same honesty from their advisers. Not every AI project should go ahead. And the ones that do need more than ambition. They need accountability.