Acronis researchers identified 575 malicious skills across the OpenClaw ecosystem. Snyk found roughly one in five agent skills is outright malicious. The AI distribution layer has become a primary supply chain attack surface, and Australian regulated industries have direct CPS 230 and CPS 234 exposure.

Frontier LLMs have collapsed the bug-to-exploit window from five months to ten hours, and agents have become a brand new attack surface. Here is what Australian regulated businesses need to do this quarter, and how it maps to the Essential Eight, CPS 234 and the Privacy Act reforms.

Attackers are using AI to hit faster, at scale, and with far less human effort than before. Understanding the specific tactics they are deploying is the first step to building defences that actually work.

AI has changed cybersecurity on both sides of the fence. Australian businesses are facing a new class of threats that existing defences were not built for. Here is what the landscape looks like now and what it means for your organisation.