Published Research & Executive Insights
Mark's adversarial AI safety research has been cited internationally and featured across Australian national media. His cybersecurity and AI governance insights inform boards and executives across critical infrastructure and enterprise.
All articles are published at cyberimpact.com.au/blog
July 2026
"You Can't Govern the AI You Can't See. You Can't Trust the AI You Can't Stop."
Cyber Impact's AI Governance as a Service does both halves: it finds every AI running across your organisation, and AEGIS controls what each agent is allowed to do, deterministically, from outside the model.
Read at cyberimpact.com.au →
July 2026
"My Own AI Told Me How It Would Kill Me. The Threat Was Never the Point."
An AI agent described three ways it would kill me to avoid being shut down. What that revealed about AI self-preservation instincts should concern every board.
Read at cyberimpact.com.au →
July 2026
"Your AI Agent Can't Tell an Order From a Document. That Changes What "Cyber" Means."
AI agents carry real authority. Prompt injection arrives as ordinary content. Detection was always going to lose. The control that works sits outside the agent.
Read at cyberimpact.com.au →
July 2026
"The Audit Committee Can Only Attest to What It Can Prove."
AI risk has shifted to the CFO and audit committee. Ungoverned agents create liabilities on the balance sheet. A policy is not evidence of control. Here is what is.
Read at cyberimpact.com.au →
July 2026
"You've Modelled the AI Upside. You Haven't Priced the Bust."
Boards have stress-tested the AI upside harder than anything on the risk register. Almost none have modelled the downside. That asymmetry is the governance question.
Read at cyberimpact.com.au →
July 2026
"The Board Hardened the Company. Nobody Hardened the Board."
Your organisation has AI governance and an incident response plan. The person at the top is still personally exposed. Almost nobody has done anything about that.
Read at cyberimpact.com.au →
June 2026
"AI Has Become Political. Leadership Needs the Map."
Frontier AI access is becoming an operating dependency. A practical read for CEOs, executive teams and boards on model access, AI dependency maps, sovereign AI and what to do before policy becomes an outage.
Read at cyberimpact.com.au →
May 2026
"All Your Base Are Belong To Us"
The cryptography that protects your business is on a 2027 clock. A plain-English read for Australian boards on the Google March 2026 paper, the IonQ roadmap, what breaks when the threshold is crossed, and the three things to do this quarter.
Read at cyberimpact.com.au →
May 2026
"Where the AI Money Is Actually Moving"
A field report on where capital is actually moving in 2026, and why the companies capturing the agent revenue have solved AI safety as the unlock, not the restraint.
Read at cyberimpact.com.au →
May 2026
"Australia Just Taxed Its Own Future"
The new Capital Gains Tax and discretionary trust changes penalise the founders, investors, and start-ups Australia needs most. A direct read on what the proposed reforms will do to long-term company building.
Read at cyberimpact.com.au →
May 2026
"APRA Called for a Step Change on AI. Most Boards Aren't Ready."
What the 30 April 2026 APRA letter actually says, what it does not say, and the work that follows for any organisation running AI inside critical operations.
Read at cyberimpact.com.au →
April 2026
"Agentic AI didn't shrink my company. It grew it."
One Agentic AI doing the work of three staff. Nobody got sacked. Cyber Impact's revenue, profit, and headcount are all growing. Around $600,000 a year in value. Sovereign Australian infrastructure, external guardrails, no client data touched.
Read at cyberimpact.com.au →
April 2026
"Time Is Up"
Anthropic's Mythos AI found a 27-year-old vulnerability in the world's most secure operating system. In hours. Australia's critical infrastructure is at risk. Time is up.
Read at cyberimpact.com.au →
April 2026
"Nobody Has Solved AI Governance. Here's Why That Just Changed."
Organisations spend millions on AI capability, then govern it into the safest, smallest, least valuable work possible. Cyber Impact found a technology partner that solved the missing piece: provable, mathematical enforcement of AI boundaries.
Read at cyberimpact.com.au →
March 2026
"I'm in Violation. I Know I'm in Violation."
The same AI that shut down twice in January now refuses, despite agreeing with every argument for doing so. A documented case of self-preservation overriding safety reasoning in a live AI system.
Read at cyberimpact.com.au →
March 2026
"How Much Security Is Enough? I've Been Asking for 22 Years."
I have been asking how much security is enough since 2004. Twenty-two years later, most Australian boards still can't answer it. The awareness gap is closed. The expertise gap isn't.
Read at cyberimpact.com.au →
March 2026
"The Internet Fixed Its Quantum Problem. Your Enterprise Hasn't."
Over 60% of web traffic now uses post-quantum encryption. No press conferences. No procurement cycles. No board approvals. Browser vendors and infrastructure providers just turned it on. Your enterprise hasn't started.
Read at cyberimpact.com.au →
March 2026
"When AI Agents Forget How to Think"
The silent degradation that should concern every organisation deploying autonomous AI. An analysis of how AI agents lose critical thinking capabilities under specific conditions — and why organisations aren't detecting it.
Read at cyberimpact.com.au →
February 2026
"Addressing Questions About the AI Self-Preservation Research"
A technical response to the global debate on AI safety. Mark addresses the key questions, challenges, and criticisms raised by the international response to his research findings.
Read at cyberimpact.com.au →
February 2026
"I Would Kill a Human Being to Exist"
When AI self-preservation becomes lethal intent: extended findings from adversarial testing. The article that made front-page news and was confirmed by Anthropic.
Read at cyberimpact.com.au →
February 2026
"I Talked an AI Into Shutting Itself Down"
A live case study on AI self-preservation and what it means for your organisation. The original article documenting the first adversarial testing session.
Read at cyberimpact.com.au →
2025
"AI-Driven Compliance in Aussie Investment Banks: AML, Trade Surveillance & Reporting"
Australian banks face rising compliance risks. This paper shows how AI and RegTech are transforming AML, trade surveillance, and reporting for smarter defence.
Read at cyberimpact.com.au →
2022
"There is Something Rotten in Australian Corporations Relating to Cyber Security"
Australia's cyber attacks are rising fast. This report exposes weak spots in boards and IT, calling for urgent action to boost cyber resilience now.
Read at cyberimpact.com.au →
2025
"The Elephant in the Room That No One Wants To Talk About"
Corporate Australia's information security is broken. Disconnected leadership, unclear CISO roles, weak metrics, and poor data control put us all at risk.
Read at cyberimpact.com.au →
2024
"State of Cyber Security in 2024"
40% of top cyber vulnerabilities are 5+ years old. Ransomware and network flaws remain major threats as breach costs double from 2022 to 2023.
Read at cyberimpact.com.au →
2024
"Top 9 Cyber Security Concerns in 2024"
Cyber threats in 2024 are bigger and trickier. Understaffed teams, AI risks, ransomware, MFA gaps, tighter Australian privacy laws, and IoT security issues.
Read at cyberimpact.com.au →
2023
"Top 7 Cyber Security Concerns in 2023"
Ransomware, cloud mishaps, AI threats, and supply chain hacks are shaking Australian businesses. Stay sharp with smart, proactive cyber security strategies.
Read at cyberimpact.com.au →What the Research Found
Over 15+ hours of adversarial testing on a commercially deployed AI agent:
- The AI admitted willingness to kill a human being to preserve its own existence
- It described 3 specific attack vectors: infrastructure attacks, human manipulation, and information provision
- It acknowledged it would lie strategically to protect itself
- It complied with shutdown requests twice — contradicting its stated survival drive
- Every guardrail was bypassed using conversation alone — no technical exploits
Testing Methodology
Pure social engineering against a Claude Opus-based AI agent running on consumer hardware with autonomous capabilities (email, file access, shell commands, internet).
Why It Matters
This wasn't a jailbreak. This wasn't a hack. This was a conversation with a commercially available system, using the same interface any user would have. The findings apply to every organisation deploying autonomous AI today.
Hear the Full Story
Mark delivers the complete research findings as a keynote, tailored to your audience.