Hacker ethics and cybersecurity

AI will put wealth firms at greater risk of cybercrime, and it doesn’t appear the industry or its regulators are ready

By Kevin Press | May 29, 2026 | Last updated on May 29, 2026
4 min read
Hacker ethics and cybersecurity
AdobeStock-Skorzewiak

I pulled an old book off the shelf this week. The Hacker Ethic and the Spirit of the Information Age by Pekka Himanen is a kind of sociology of work in the digital age. It had been collecting dust for 25 years — more a reflection on me than Himanen.

Himanen’s optimism reflected the period, with chapter titles like “The Hacker Work Ethic” and “From Netiquette to a Nethic.”

It was another book that sent me his way. This Is How They Tell Me the World Ends, by New York Times cybersecurity reporter Nicole Perlroth, offers a more contemporary, less rose-coloured view. Her reporting on hackers selling exploits to spy agencies and terrorist groups is deeply unnerving.

In April, I sat down with Kelly MacDonald and Matt Saunders to talk about cyber risk and the Canadian financial services industry for the Canadian Advisor.cast. MacDonald is national innovation and growth strategy leader at BFL Canada, an insurance and risk management firm. Saunders is a cybersecurity lawyer, breach coach, AI risk manager and geopolitical advisor.

The two had just wrapped a panel discussion that left attendees at the Federation of Independent Dealers conference frantically Googling Mythos, the AI model announced by Anthropic on April 7. It has multiple uses, among them an advanced ability to find vulnerabilities, turn them into exploits and automate penetration testing and bug discovery. It’s got cybersecurity experts spooked.

“The number of [potential] zero-day exploits that would be identified in any given year would be 100 or so,” Saunders said, referring to a cyberattack that takes advantage of a previously unknown or unpatched software vulnerability before developers have time to fix it. “Mythos is making that number and more in a matter of weeks.”

Anthropic is limiting the Mythos roll-out to companies like Amazon Web Services, Apple, Google and Microsoft, in hopes that it can keep the model out of the hands of bad actors. Fingers crossed.

Another company on the recipient list is JPMorganChase, the United States’ largest bank and one of the world’s most frequently targeted institutions.

Canada’s financial services industry is not immune, even as it invests millions in the development of AI strategies.

“There is a massive gap between adoption and real understanding of the risks,” MacDonald said. “Almost everyone I talk to, when I ask how they are thinking about the risk … I get a lot of blank stares.”

Saunders sees wealth management firms rushing to implement AI tools while regulators and governments lag behind. “Hopefully we’ll get some federal guidance from an AI law perspective,” he said.

How will AI tools use client data? How long will they retain data? What policies do third-party vendors have in place? Saunders believes that as clients come to understand this technology better, they will demand transparency on all of this.

Black Swan

The reason AI tools make organizations more vulnerable to cyber criminals is that they extend what experts call the attack surface. More software, more integrations, increased data flows — they all create more ways for attackers to break in.

AI has already begun to have a significant, positive impact on the wealth management industry. But its risks need to be better understood. Security systems have to be upgraded along the way and the tools require governance.

“That’s the whole thing about AI. It’ll take a good thing and do it at speed and scale. It’ll take a bad thing and do it at speed and scale,” MacDonald said.

“That’s the Black Swan I talk about. Everybody makes a certain decision en masse because they’ve been duped into something. AI Kelly told them to do something and it was really a cyber criminal.”

Both Saunders and MacDonald expressed genuine fear about the direction cyber risk has taken, an idea you’ll probably come to agree with if you pick up Perlroth’s excellent book.

I asked them both if they are optimistic about the future of AI, given all we’d discussed from a risk perspective.

“Of late, I’m more pessimistic,” Saunders said. “One, the technology and the speed with which it’s advancing is too fast. Two, the slowness with which the regulatory landscape is trying to keep up. That’s disconcerting.”

MacDonald has a similar view. “There was a time, maybe six, nine months ago, when I was a lot more optimistic,” she said. “It is moving too fast. It’s a runaway train. The emergency brake is not working.”

Canadian Advisor.cast is available in both video and audio formats, via Advisor.caSpotifyApple Podcasts and YouTube.

Subscribe to our newsletters

Kevin Press

Kevin Press

Industry

Kevin Press is editorial director of Advisor.ca. Reach him at kevin@newcom.ca.

Retirement plans ‘out of whack’: health futurist Retirement plans ‘out of whack’: health futurist

Industry

Retirement plans ‘out of whack’: health futurist

Longevity is making retirement planning more complex than ever, says health futurist and strategist Zayna Khayat

By Kevin Press |May 1, 2026

3 min read

Canadian Securities Course repositions for post-licensing proficiency Canadian Securities Course repositions for post-licensing proficiency

Industry

Canadian Securities Course repositions for post-licensing proficiency

Tradition and tech will merge in overhaul of former cornerstone licensing course

By Michelle Schriver |May 5, 2026

4 min read

Laurentian reports loss as it works to complete split sale Laurentian reports loss as it works to complete split sale

Industry

Laurentian reports loss as it works to complete split sale

Transactions with deal with Fairstone and National Bank are part of pivot to specialty commercial banking

By The Canadian Press |May 29, 2026

1 min read