Spanish Companies Unprepared for AI-Driven Cyberattacks

The article explicitly mentions AI as a key emerging risk in cybersecurity, particularly AI-driven attacks, which implies the plausible future involvement of AI systems in causing harm. However, no actual AI incident or malfunction is reported, nor is there a direct link to realized harm caused by AI systems. The focus is on the perception of risk, preparedness levels, and strategic priorities for investment in threat monitoring. This aligns with the definition of Complementary Information, as it provides context and insight into the evolving AI-related cybersecurity landscape and organizational responses, rather than reporting a new AI Incident or AI Hazard.

The article centers on the potential for AI-enhanced cyberattacks (like phishing 2.0) to cause harm in the future due to insufficient preparedness by Spanish companies. No actual AI incident causing harm is reported; rather, the article warns about plausible future harms from AI-powered cyber threats. Therefore, this qualifies as an AI Hazard because it describes credible risks that could plausibly lead to AI incidents if not addressed. It is not Complementary Information since it is not updating or responding to a past incident, nor is it unrelated as it clearly involves AI and cybersecurity risks.

The article does not describe a specific AI Incident where harm has occurred due to an AI system. Instead, it outlines a cybersecurity vulnerability landscape and the potential for AI-enhanced cyberattacks to cause harm in the future. This fits the definition of an AI Hazard, as it plausibly could lead to incidents but no direct or indirect harm has yet been reported. The focus is on the risk and preparedness rather than an actual event causing harm.

The article involves AI systems in the context of cyberattacks enhanced by AI, specifically mentioning AI's role in evolving phishing attacks. However, it focuses on the lack of preparedness and the potential risk these AI-powered attacks pose in the near future rather than describing an actual incident where harm occurred. Therefore, it fits the definition of an AI Hazard, as it plausibly leads to harm but does not report a realized AI Incident. It is not Complementary Information because it is not updating or responding to a past incident but rather presenting a risk assessment based on a study.