I run a public relations company, and there is one type of crisis no amount of planning can allay.
It might start like this: One of my clients — imagine the founder of an A.I. start-up — receives notice that her iCloud account is about to be deleted because the payment method is no longer valid. Her assistant, who has access to her devices, calls her so he can update the payment method, and asks for her two-factor authentication code. The founder reads off the code. Moments later she’s locked out of her iCloud. Her text messages, photos, her videos, voice memos and notes-to-self — all stolen. The founder calls me in a panic.
How could this happen? The founder’s passwords could have been compromised and listed on the dark web. With the help of artificial intelligence, the hackers can send the fake nonpayment notice, clone her assistant’s voice using videos posted on Instagram and enter the two-factor authentication code to break into her iCloud account. Then, they could demand a Bitcoin ransom to return the trove of personal musings, sexts and photos, perhaps some sans clothes.
This scenario is not as far-fetched as it sounds. Apple has some of the strongest security measures in tech and is constantly innovating new defenses, but in recent months it has repeatedly warned its customers of sophisticated scams. Gmail break-ins are proliferating. Hackers are subjecting even everyday people to embarrassing leaks. Once they get into your iCloud account, they could have access to your entire digital history dating back to your first iPhone.
And thanks to A.I., hackers of all stripes — malign state actors, cybercriminals and genius kids out for giggles — may soon have more advanced tools to suss out the login credentials for our Gmail, iCloud and Microsoft Office accounts. Government organizations and certain approved companies have access to advanced A.I. systems that find weaknesses in even the most well vetted software programs. Anthropic’s Claude Mythos and OpenAI’s GPT-5.5-Cyber are “as or nearly as skilled as elite human hackers,” The Atlantic reported. The head of the National Security Agency reportedly said Mythos found vulnerabilities in all of the agency’s classified systems, “not in weeks, but in hours.” The Chinese A.I. system, Z.ai, has matched some of these capabilities.
These models are not available to the public, and today, hackers tend to go after financial systems, companies, governments and critical infrastructure rather than people’s personal accounts. State-mandated restrictions limiting access to these models mean that hackers can’t use them to crack our password-protected data caches in the short term. But every week, we seem to see a step change in their sophistication. How long will we be able to maintain a firewall around access to the technology?
Most of us have something to hide. Some of the most recent polling, from 2015, found that eight of 10 adults in the United States admitted to sexting within the last year — and that was more than a decade ago, before we were all constantly online. More than half of Americans admit to having viewed online porn.
There’s only one way forward: We have to move past digital shame. We need a collective societal pact that acknowledges we all have embarrassing secret foibles, interests, obsessions and neuroses that are password-protected for now, but may not be forever.
We should begin to accept that an embarrassing leak isn’t a life-defining event. In 2019, after The National Enquirer obtained some of Jeff Bezos’ personal text messages and photos, Mr. Bezos pre-empted their release by publishing the extortionist letters online. “If in my position I can’t stand up to this kind of extortion,” he wrote, “how many people can?”
I am not suggesting that we excuse terrible behavior. If hacked material shows illegal, abusive, coercive and nonconsensual acts, people should face legal action and societal reprobation. But fingers flying across keyboards and thumbs twiddling on iPhones are not actions in real life. We can say, type and search for things that have no implications in the real world.
Public shaming can play an important societal role when it stigmatizes offensive and harmful behavior. But there is no value in canceling someone for private musings that were never intended to be seen in public. In the Christian tradition, the sins of the mind are meant to be self-reported in the confines of one’s communion with God. The same “sins” intimately recorded on our personal devices should not be the grounds for a public hanging.
We should, however, take steps to protect ourselves from hacking. You can start by not doing anything mortifying on your phone (good luck with that!). You can also edit everything embarrassing out of your iCloud files and Gmail history, create unique and complex passwords for each website, turn on multifactor and biometric authentication, and make sure never to share your authentication code. All excellent rules to live by, but sometimes harder to follow.
Ultimately, society may have to stop punishing lawful private behavior. Enough with, “Say what!” Instead, “So what?” needs to be our response to the salacious, titillating and terrifying hacks that could come our way.

