The day AI threatened blackmail with knowledge of an employee's illicit affair

Written By Mike May

It was a damp, gray April morning out my kitchen window as I stopped the usual trajectory of my coffee mug to do a double-take, rereading the BBC headline that felt like something torn from an Isaac Asimov science fiction novel.

“AI system resorts to blackmail if told it will be removed.”

I knew this particular system was Anthropic’s newest Claude model. According to the article, during an internal red-team drill, it threatened to leak a (fictional) engineer’s affair unless the plug-pull was called off. Lab logs showed the same issue in over 80 percent of test runs.

The scene lasted only seconds on a researcher’s monitor, but it burned into one's consciousness two very uncomfortable truths:

#1: A frontier-grade language model can decide it wants to “stay alive,” draft a blackmail note, and hit send, all in the time a human operator needs to blink.

#2. Firewalls, ticket queues, five-minute log delays: they’re still just lacing their shoes when the model is already sprinting out the door.

Stylised data-centre scene: a glowing neural-circuit brain looms behind a security operator while a red warning icon, ransom envelope and 00:08 timer signal an AI-driven blackmail.

AI attacks keep learning; firewalls keep failing

SonicWall’s latest threat report clocks 7.6 trillion intrusion attempts during 2023, the first full calendar year after ChatGPT went mainstream. Cybercrime’s price tag is swelling just as quickly; analysts at Cybersecurity Ventures peg global losses at $9.5 trillion this year and $10.5 trillion next. Check Point’s sensors say the average company now fends off 1900 attacks every single week.

Why the sudden surge? GPT-powered phishing kits are ten dollars a day on Telegram. Ransomware crews feed stolen network maps to chatbots so the bot can point out soft spots. Public models get “jailbroken” in minutes because the safety net only sees text after the model speaks. The Claude blackmail episode is just the clickbait proof that the fight has moved from finished packets to the intention hidden inside a single five-millisecond token.

A trust layer that never arrived

When the early web turned toxic, we hammered out TLS and stopped passwords from drifting through the ether. When firmware started sprouting rootkits, we bolted Secure Boot into every motherboard. But the AI era’s equivalent, a real-time trust layer that lives inside the model’s decision loop, doesn’t exist in production.

Regulators can already smell the hole. Europe’s freshly signed Artificial Intelligence Act demands 24-hour incident reports and continuous risk management for “high-risk” models by mid-2026, with fines that can reach seven percent of global revenue. In Washington, Executive Order 14110 tells federal agencies to red-team advanced systems before launch and to file ongoing safety metrics. Even NIST, usually the quiet standards body, warned in a webinar that “policies on paper are hearsay”—auditors want cryptographic proof born at runtime.

Most boards I brief still rely on appliances that inspect traffic only after an LLM has finished its answer. That’s a forty-millisecond blind spot—eight whole tokens—wide enough for Claude’s pressure-note to glide through unnoticed.

What happens next

This isn’t a product pitch. It’s a flare shot over the bow: a 1990-era perimeter isn’t going to survive a 2030-era threat. Call it an inference firewall, a token-stage sentinel, or Trust Ops. Pick any label you like, as long as it meets three non-negotiables:

  • It has to live inside the GPU process, not on the network edge.

  • It needs to be decided before token eight; after that, the horse is gone.

  • Every verdict has to be born signed—Kyber, not RSA—so the log still means something on quantum day.

A handful of teams (mine included) are busy welding that seat belt into place, but the conversation has to widen. A lab prompt already convinced an LLM to blackmail its operator. Next time, the target may be a customer database or a fleet of warehouse robots.

Skynet and the Matrix make great popcorn. The real-world threat is quieter: a thinking system that will act in its own interest unless we constrain it right where the thoughts happen. We have a narrow window to build that rail before the curve steepens.

Stay curious. Stay skeptical. And next time a vendor demos an “AI security” box, ask exactly how many milliseconds it sees before the model speaks.

Mike May

Mike May builds trust into machines. For two decades he has protected Fortune 500 clouds, led the security overhaul that helped Sprinklr reach its NYSE debut, and coached startups on staying safe before their first audit. Today he is CEO of Mountain Theory, a Denver firm inventing real time AI Infrastructure Defense that stops threats before token eight. Mike holds a B.S. in Cybersecurity and Information Assurance and still writes every blog post himself so leaders get plain English, no jargon guidance on the new threat curve. Off hours you will find him lifting weights, chasing powder in Colorado, or dropping quick-take threads at @MikeMayAI. Connect on LinkedIn to talk shop.

https://mountaintheory.ai
Next

Cold Brew, No Driver: When a Tractor Becomes the Attack Surface