You have almost certainly been pitched AI as the answer to your security problem in the last twelve months. Hold that thought against the evidence, because here is what actually happened to Australia between 2022 and 2026: the same handful of attacks, recycled year after year, walking in through the front door on legitimate credentials and trusted-vendor access — the precise thing no detection model, however clever, is built to catch.
The names changed — Medibank, Optus, Latitude, MediSecure, Genea, Qantas, now QLearn. The method barely did. We did not get outsmarted by novel attacks. We kept losing to old ones — and then spent the budget on a defence that was looking the other way. That is not a knowledge failure. It is something more awkward.
We Did Learn — That Is the Problem
The reflexive take is that organisations never learn. It is too generous to the attackers and too harsh on the defenders. We did learn. Endpoint detection is everywhere. MFA is no longer exotic. The network perimeter is harder than it has ever been.
And that is precisely why the attacks moved. Harden the endpoints and the network, and a competent adversary does not try harder against them — they walk in through the soft layer no one hardened: the person on the help desk, the credential with no MFA, the vendor you trusted with your data. We did not fail to learn. We learned to win the last war, while the front quietly moved to identity, people, and third parties.
The Same Breach, Year After Year
Read the “how they got in” column from top to bottom. It barely changes. Then read the last column: in every case, the control that would have blunted the attack already existed — often for years.
| Year | Organisation | How they got in | Impact | The fix — already available |
|---|---|---|---|---|
| 2022 | Medibank | Stolen privileged credential; no MFA on the VPN | 9.7M Australians; sensitive health data dumped | MFA on remote access — the OAIC named its absence as the cause |
| 2022 | Optus | Exposed, poorly-controlled API | ~9.5M (per OAIC); regulator now suing | Authenticated, rate-limited APIs; access control |
| 2023 | Latitude | Stolen employee login → two third-party providers | 14M (AU + NZ); some data kept ~18 years | MFA + vendor least-privilege + data minimisation |
| 2024 | MediSecure | Ransomware on an e-prescription vendor | 12.9M — the largest-ever OAIC notification; firm collapsed | Vendor assurance; segmentation; tested backups |
| 2025 | Genea | Intrusion via an exposed Citrix server; data unencrypted | ~940GB of IVF patient data; injunction failed | Patch / MFA-gate remote access; encrypt at rest |
| 2025 | Qantas | Vished a call-centre operator → Salesforce (“The Com”) | 5.7M customers | Phishing-resistant MFA + help-desk verification |
| 2026 | QLearn / Canvas | The same collective (ShinyHunters) → a third-party platform | QLD students & staff since 2020* | The same controls as 2025. Unchanged. |
Scroll the table sideways on mobile. *Part of a global incident ShinyHunters claims hit ~275M users — an actor claim, not confirmed by Instructure.
The top and bottom rows were not merely similar. Qantas (2025) and QLearn (2026) were run by the same loosely-affiliated collective — Scattered Spider, ShinyHunters, “The Com” — using the same method against the same kind of platform. The crew that vished its way into Qantas’s Salesforce is the crew that took Queensland schoolchildren’s data a year later. Nothing about the playbook needed to change, because nothing on our side did.
And No, AI Will Not Save You — It Is Already Working for the Other Side
Now hold every one of those breaches up against the thing you are being sold as the answer.
Each of them walked in on a legitimate credential or through a trusted vendor. A vished employee’s login is a real login. A ShinyHunters session inside a third-party platform is authorised access. There is no malware to flag, no anomaly to score, no signature to match. You cannot detect your way out of “the login was genuine.” AI-driven detection hunts for the abnormal — and the attacks that define the last four years are, by design, perfectly normal.
Here is the part no one on the vendor stage will say out loud: the asymmetry runs the wrong way. AI is changing the game — decisively, for the attacker. It writes the flawless phishing lure (the AI-crafted phishing behind the Japanese brokerage account-takeovers), clones the voice for the help-desk call (the vishing that opened Qantas), and automates the reconnaissance and token abuse (ShinyHunters’ stock-in-trade). The attacker deploys AI on the human layer, where it is cheap, scalable and lethal. You are sold AI on the detection layer, where it is blind to a real credential. They bought the half of AI that works. You were sold the half that does not.
The Fix Is Older Than the Breach
This is what should sting. Australia’s single worst breach — Medibank — happened because there was no multi-factor authentication on a VPN. The regulator said so in its own filings. MFA is not emerging technology; in its phishing-resistant FIDO2/WebAuthn form it has been a W3C standard since 2019. Latitude held identity documents going back eighteen years — a retention failure, not a clever hack. Genea left a terabyte of fertility records unencrypted behind an exposed remote-access server. None of these is a research frontier. Each was a control sitting on the shelf, undeployed — while the budget went to a model that could not have seen the attack anyway.
Why the Soft Layer Stays Soft
Four reasons, none of them technical:
- The fixes are unsellable; the failures are buyable. Help-desk verification, MFA rollout, least-privilege, data minimisation, vendor assurance — these are process, not product. Nobody demos “we fixed our onboarding flow.” So budget flows to the next box with a dashboard — and AI is the shiniest box of all.
- The surface outran the governance. Identity and SaaS became where the business lives, faster than anyone re-drew the controls around it. The perimeter moved; the org chart did not.
- Third-party risk has no owner. Qantas lost a contractor’s platform. Latitude lost its providers’. MediSecure was the vendor. When the breach sits in someone else’s environment, accountability diffuses across the chain until no one owns the fix.
- And doing nothing has been rational. Medibank ran no MFA, lost 9.7M health records, was named by the regulator — and the share price recovered, no executive went to prison, and the class action became a line item. Until a breach costs a director their job or the company its credit rating, under-investing is the rational choice, and every board quietly knows it.
Healthcare is the clearest indictment. It is consistently the most-notified sector in the OAIC’s figures, and the drumbeat never broke: Medibank, then St Vincent’s, then MediSecure, then Genea, then a string of clinics. Same sector, same lessons, same repetition.
Stop Trying to Prevent It. Contain It — and Get There First.
If a human will eventually be talked out of a credential — and the record above says they will — prevention alone is a losing bet, and a smarter detection model is a losing bet squared. The organisations that come out ahead assume the credential is already compromised and compete on blast radius: segment the SaaS, kill standing privilege, move to just-in-time access, verify the help desk out of band, scope and rotate vendor tokens, and stop hoarding data you do not need. You do not stop the door being opened; you make sure it opens onto a small, well-watched room.
Which is where the two least glamorous disciplines in security quietly do the saving — neither of them a model you can buy.
GRC turns a known control into an enforced, owned one — across the vendor chain, not just your own walls. It assigns the third-party risk an owner, writes least-privilege and retention limits into the contract, and makes the boring control a requirement rather than a recommendation. Almost every breach above is a governance failure wearing a technical costume.
OSINT lets you see the attack forming before it lands. Every breach in that table began with a breadcrumb findable in advance — an exposed remote-access server, credentials already circulating in public dumps, the vendor relationships that map your real attack surface, the support functions an attacker will phone first. Passive open-source assessment surfaces those exposures from the outside, exactly the way the adversary does, while there is still time to close them.
What actually closes the door
- Phishing-resistant MFA everywhere — especially remote access and SaaS administration
- Out-of-band identity verification for help-desk and password-reset requests
- Least-privilege and just-in-time access; no standing admin rights
- Vendor governance with contractual security obligations, scoped tokens and continuous monitoring
- Data minimisation and retention limits — data you do not keep cannot be stolen
- Passive OSINT assessment to find the exposed door before the attacker does
When Will We Learn?
We have. We are just not paid to act on it — yet. That equation is changing fast: in October 2025 the Federal Court handed down Australia’s first Privacy Act civil penalty, the OAIC is suing Optus, ASIC has begun pursuing financial firms over cyber failures, and ransomware payments must now be reported to the ASD. The era where a breach was merely embarrassing is ending; the era where it is litigated — and where the buck stops in the boardroom — has begun.
For now, the lesson is simple enough that a decade of breaches should have taught it: the method is not getting cleverer, and neither is the marketing that says a machine will fix it. We are just leaving the same doors open and buying smarter locks for them. Govern the controls you have, watch your own perimeter the way the attacker already does — or read this same article again next year, with a new logo in the last row.