24/7 digital gates: the new AI-driven risk

In a world where technology and opportunities are advancing by leaps and bounds, threats are not far behind. Now we not only have to worry about security in our physical environment, but also in our digital lives. What we previously thought was "protected" in a cloud or on our hard drive can now be a target for threats, and faster than we think.

What happened? 

In April 2026, international alerts warned about the advance of artificial intelligence models capable of identifying potential computer vulnerabilities and automating certain offensive cybersecurity tasks. The most worrying aspect is not only their technical capacity, but also their autonomy: this type of system can operate without human intervention, continuously, detecting flaws and potentially facilitating attacks at any time of the day. According to experts, this marks a profound change in the way digital risks are understood.

What is "digital hacking"? 

It is the colloquial way of referring to a virtual fraud or robbery, a clear analogy to the "portonazos" which are robberies of a violent nature, where criminals approach a person when entering or leaving their home in a vehicle, taking advantage of the fact that they are stopped because the gate is open or opening, the main characteristic of this type of robbery is the speed and violence of the attackers, elements that we can find as essential in this new type of virtual fraud.

Just as in the physical world a burglary involves a violent break-in at a home, in the digital environment it refers to attacks that breach systems, access information without authorisation and generate different types of damage.

These incidents do not always require sophisticated techniques. They often combine methods such as phishing, credential theft or user manipulation. In all cases, the result is the same: improper access that compromises critical systems, data and processes within an organisation.

Why is AI a game changer? 

The incorporation of artificial intelligence into this scenario introduces a turning point. Unlike traditional attacks, which require manual planning, AI-based systems can operate on a constant basis, automating the process of scanning and exploiting vulnerabilities.

This means that attacks are not only faster, but also more scalable and harder to detect. An AI can attempt thousands of simultaneous accesses, identify patterns and adjust its behaviour in real time. Moreover, by operating without pause, it transforms risk into something permanent, eliminating the reaction margins that previously allowed incidents to be contained.

This generates a reaction time to these accesses that is negligible. If it used to be difficult to detect and stop a manual cyber-attack, with the implementation of artificial intelligence models, detection times will be very slow if they are not modernised.

What are the risks for businesses? 

In this new scenario, organisations face multiple risks derived from so-called "digital hacking":

• Theft of sensitive information for the organisation: exposure of personal, financial or strategic data.
• Direct economic losses: fraudulent transfers or access to accounts.
• Operational disruption: downtime of critical systems, platforms or services.
• Reputational damage: loss of customer and user confidence.
• Regulatory non-compliance: infringement of various regulations.
• Legal liability: possible sanctions, fines or lawsuits.
• Cross-cutting risk: any company that handles data can be a target for attackers.

And in Chile? 

In Chile, the risk of so-called "digital hacking" has not only generated technical concern, but also an institutional response. Following international alerts linked to the use of artificial intelligence in cyberattacks, the Financial Market Commission (CMF) initiated coordination with supervised industries and the National Cybersecurity Agency, showing that these risks are already considered at a strategic level in the country.

This scenario becomes especially relevant in light of Law No. 19.628, as amended by Law No. 21.719 on the protection of personal data, which establishes a more demanding framework for organisations in the treatment of information. The regulation reinforces the idea that personal data is not only an operational asset, but an element that requires permanent safeguarding under adequate security standards.

In this context, one of the fundamental pillars is the so-called duty of security. This implies that companies must implement reasonable technical and organisational measures to protect data against unauthorised access, loss, leakage or misuse. It is no longer sufficient to react to incidents: the law requires preventive risk management, including access controls, monitoring, system upgrades and user training.

At the same time, the regulation strengthens the principle of proactive responsibility. This means that the organisation is responsible not only for the processing of data, but also for the consequences of a possible breach. In other words, if a "digital smash-and-grab" occurs that affects personal data, the company could be liable, both from a legal and reputational point of view.

Prevention checklist

To reduce the risk of a "digital smash-and-grab", organisations should implement concrete security measures:

• Implement two-factor authentication (MFA): protects access even if the password is compromised.
• Train users: recognise fraudulent emails, links and calls (phishing and vishing).
• Constantly update systems: apply security patches to avoid vulnerabilities.
• Manage access: apply the principle of least privilege (only necessary access).
• Perform backups: ensure recovery in the event of incidents.
• Monitor suspicious activity: detect anomalous access or behaviour.
• Have an incident response plan: act quickly in the event of an attack.
• Always verify sources and links: avoid giving out information without prior validation.

The best defence is not to react after the attack, but to prevent the digital gate from opening from the start.