I ignored the toy until it grew teeth

I spent most of 2023 telling myself ChatGPT was a toy. I had 35 years of IT consulting and project management behind me by then, inside pharmaceutical companies, defense contractors, the Department of Defense, and a few household names in tech, entertainment, and soft drinks, and I had watched plenty of overhyped technologies arrive with a press release and leave with a shrug. A chatbot that wrote limericks looked like a party trick.

Then I read the threat reports, and the party trick was holding a crowbar.

What the bad guys do with it

In December 2024, the FBI’s Internet Crime Complaint Center warned that criminals exploit generative AI “to commit fraud on a larger scale” and to make their schemes more believable (FBI IC3, 2024). Microsoft and OpenAI had already named names. In February 2024, the two companies disclosed five state-affiliated groups, tied to Russia, North Korea, Iran, and China, caught using large language models to scout targets, draft phishing lures, troubleshoot malicious code, and translate the results into cleaner English (Microsoft Threat Intelligence, 2024).

By 2025, the numbers had teeth of their own. Microsoft’s Digital Defense Report measured AI-automated phishing at a 54 percent click-through rate, compared with 12 percent for the human-written kind (Microsoft, 2025). In November 2025, Anthropic disclosed a campaign it assessed as Chinese state-sponsored, one that manipulated Anthropic’s own coding model to run 80 to 90 percent of an espionage operation against roughly 30 targets, with humans stepping in at only a handful of decision points (Anthropic, 2025).

Nobody on the attacking side asked permission. Nobody on the attacking side held a panel discussion about whether the technology was ethical. They picked up the crowbar and went to work.

The data I was paid to guard

When COVID froze the consulting world, I took a job in my hometown as a data engineer and an analytic systems administrator at a health system, and as the technical project manager for anything that touched those platforms. Every table in every database I kept running was somebody’s diagnosis, somebody’s insurance claim, somebody’s kid.

Healthcare is the sector that criminals like best. A 2025 study in JAMA Network Open reported 6 million Americans affected by healthcare data breaches in 2010 and 170 million in 2024, with hacking accounting for 88 percent of records exposed across those years (Jiang, Ross, and Bai, 2025). IBM’s annual breach report priced the average healthcare breach at $7.42 million, the most expensive of any industry it studied (IBM, 2025). I read those reports the way you read weather radar when your house is in the path of a tornado.

So I did what a project manager does when the scope changes. My employer handed a group of us subscriptions to every major AI platform and told us to learn what we did not know: ChatGPT, Gemini, Claude, Grok, and the foreign models DeepSeek, Doubao, Qwen, and Baidu. For a year, I studied artificial intelligence on nights and weekends and earned industry certifications along the way.