s AI systems handle increasingly sensitive data across enterprise operations, the industry is learning to accept an uncomfortable truth: sophisticated algorithms don’ t automatically mean sophisticated security. The McDonald’ s breach illustrates this gap.

When security researchers Ian Carroll and Sam Curry decided to test the fast-food chain’ s AI hiring system, they expected to wrestle with vulnerabilities in the chatbot’ s language model. Instead, they got in using“ 123456” as a password – that’ s it.

The breach exposed personal information for 64 million job applicants who had interacted with McHire, McDonald’ s recruitment platform. Names, email addresses, phone numbers and IP addresses sat behind security measures that wouldn’ t have protected a personal blog, let alone a system handling data for one of the world’ s largest employers.

“ For AI to be truly smart, it must respect human values, including privacy. If we get this wrong, the dangers are profound,” said Tim Cook, CEO of Apple in a 2018 interview.

“ We can realise both exceptional artificial intelligence and robust privacy standards. This is not just a possibility; it is a duty.”

The McDonald’ s incident suggests that duty remains unfulfilled – and the gap between aspiration and reality is wider than anyone wants to admit. aimagazine. com 139