// ARTICLE  ·  28 Jun 2026  ·  ← All articles

Why AI?

I've watched the threat landscape evolve for thirty years. AI is the most consequential shift I've seen — and I've been closer to it than most people realise.

People ask why I’ve moved into AI security. The honest answer is that I didn’t move into it. It came to find me. And if you’ve been paying attention to how the threat landscape has evolved over the last three decades, you’d understand why it was always going to end up here.

It started earlier than you think

The first language model I ever interacted with was hardcoded in a text adventure game.

Zork, Colossal Cave, Adventure — these were natural language parsers disguised as entertainment. Type a sentence, the system interprets intent, the world responds. The vocabulary was limited, the logic was deterministic, and the underlying model was a lookup table rather than a neural network. But the fundamental interaction pattern — human language in, machine-interpreted action out — was already there in the early 1980s, running on hardware most people today would use as a doorstop.

I didn’t think of it as AI at the time. Nobody did. It was just how the game worked.

By the mid-nineties I was running eggdrop TCL bot fleets on IRC. Eggdrop is a bot framework — you deploy it, script its behaviour in TCL, and it sits in a channel responding to triggers, managing users, matching patterns and adapting its responses. If you wrote it today you’d call it a rule-based conversational agent. At the time we called it a bot, and it was remarkably capable for something that predated the modern AI stack by twenty years.

Pattern matching. Adaptive response. Persistent state. Context awareness within a session. Early machine learning by another name, built by teenagers on dial-up connections because it was interesting and we wanted to see if we could.

The curiosity that drove that work is the same curiosity that drives this work. The technology has changed. The instinct hasn’t.

The threat was always evolving

I came up through the BBS and phreaking scene at a time when the threat landscape looked very different from today. The actors were largely curious rather than criminal. Understanding how a payphone’s hook switch worked, how phone network timing could be exploited, how systems behaved at a level below their designed interface — that was the culture. Knowledge for its own sake. Exploration rather than exploitation.

That changed. Gradually at first, then quickly.

By the time I was building infrastructure at Bishop Grosseteste University in the early 2000s, the threat actors had professionalized. Organised crime had discovered that digital systems were worth attacking. Nation states had begun to take an interest. The curious kids from the BBS scene had grown up, and some of them had gone to work for people with very different motivations.

I watched that transition happen in real time.

Across every domain, the same problem

What’s distinctive about my career isn’t that I stayed in one sector and got very deep. It’s that I’ve had to solve the security problem across radically different environments, each with its own threat model, its own regulatory context, and its own version of what “secure” actually means.

A food microbiology lab testing for Listeria monocytogenes and Vibrio cholerae in products consumed by millions of people. The methodology is rigorous by necessity — prove it isn’t dirty, document the proof, assume it will be challenged, because the alternative is a national news story and a criminal investigation.

A university network serving five thousand users, evolving through fifteen years of data protection regulation, infrastructure change and increasingly sophisticated external threats.

Financial services under FCA scrutiny, where the regulatory framework is exacting and the consequences of failure are measured in fines, reputational damage and personal liability.

A live data breach. AWS credentials compromised. Forensic specialists engaged. Law enforcement notified. I’ve been in that room. I know what it looks like when the abstract threat becomes concrete.

And now: critical infrastructure. Tens of thousands of edge-connected devices in a SCADA-integrated environment, monitoring and maintaining wind turbines. OT security. IEC 62443. Assets where a security failure doesn’t mean data loss — it means physical consequence.

Across all of it, the threat has been evolving. The actors have become more sophisticated. The attack surfaces have grown. The tools available to adversaries have improved faster than the defences in most organisations.

And then AI arrived

Here is what makes AI different from every previous technology shift I’ve observed: it is being deployed into production environments — including the ones I just described — faster than any previous technology adoption, with less understood failure modes than anything that came before it, and with almost no meaningful security governance in place.

AI systems are non-deterministic. Their behaviour cannot be fully specified in advance. They can be manipulated through their inputs in ways that have no analogue in traditional software. They can hallucinate — producing confident, plausible, wrong outputs that are genuinely difficult to distinguish from correct ones without domain expertise. They can be poisoned at the data level, extracted at the model level, manipulated at the prompt level.

And they are being deployed right now into financial services, healthcare, critical infrastructure, and government — the exact environments where the consequences of getting security wrong are most serious.

The gap between what organisations are doing with AI and what they should be doing is not a small gap. It is large, it is widening, and it is not being closed by the current pace of framework development.

Why this, why now, why me

I am not a machine learning engineer. I am not an AI researcher. I am a security practitioner with twenty years of experience proving that complex systems are actually doing what they claim to do, across environments where the stakes are real.

That is exactly the background the AI security problem requires.

The organisations deploying AI into critical environments don’t need someone to explain how transformers work. They need someone who can threat model an AI system, test its controls under adversarial conditions, apply a governance framework to a running deployment, and tell them honestly whether what they have is secure.

I’ve been doing the equivalent of that work — in food safety labs, in regulated financial services, in critical infrastructure — for my entire career. AI is the next domain. It is also, without question, the hardest one.

Thirty years of watching this threat evolve. From hardcoded language parsers in text adventure games, to IRC bots that anticipated modern conversational AI, to organised crime, to nation states, to a live breach, to edge devices in wind turbines.

The threat kept evolving. So did I.

That’s why AI.