Cybersecurity expert warns extra caution is needed when introducing tools that are capable of autonomous action
Artificial intelligence (AI) has fast become a cornerstone of modern HR operations, streamlining processes from recruitment to employee engagement. But as more organisations rely on AI powered software and platforms to store, process, and analyse sensitive information, the cybersecurity risk grows.
John Burgess, Manager of Cyber Security and Digital Technologies at Victoria University told HRD that people management is at the forefront of AI adoption - and that comes with responsibility.
“When someone applies for a role, they’re laying bare their life—career history, qualifications, identity details. That’s exactly the type of information cyber attackers value most,” Burgess explained.
“Handling personal data in HR is similar to handling patient data in healthcare—the responsibility is enormous because the stakes are so high for the individuals involved.”
The comments come after a vulnerability was uncovered in July in an AI chatbot built by software firm Paradox.ai (Paradox) that held the personal information of prospective McDonald’s employees - leading to data being exposed online.
Whilst no data was accessed by anyone other than the two security researchers who discovered the vulnerability, a McDonald’s spokesperson calling the incident “disappointing” after it was found the system had a password of ‘123456.’
“As soon as we learned of the issue, we mandated Paradox.ai to remediate the issue immediately, and it was resolved on the same day it was reported to us. We take our commitment to cyber security seriously and will continue to hold our third-party providers accountable to meeting our standards of data protection,” they said.
Responding to the incident, Paradox said vulnerabilities had been addressed with several security initiatives in place including an easy way for security teams be connected to support staff.
“We take responsibility for this issue. Full stop. Our clients and their candidates place their trust in us, and we are committed to maintaining that trust. We also want to thank the researchers for responsibly disclosing the issue, which allowed us to fix it quickly,” the company said.
According to Burgess risks are manageable if HR teams combine technical safeguards with strong human oversight.
“AI isn’t like traditional software—it’s dynamic and unpredictable. Even the people who build it can’t always explain what’s happening ‘under the hood.’ That’s why oversight can’t be an afterthought,” Burgess said.
He also warned that greater regulation is needed across both government and corporate levels.
“Most HR professionals aren’t IT experts, but awareness is key. If you’re adopting tools that are new, rapidly evolving, and capable of autonomous action, you need to apply extra caution—often beyond what’s considered standard IT practice.”
The solution is collaboration. Burgess recommends HR teams bring cybersecurity specialists into AI procurement and deployment decisions.
“If HR is deploying AI tools without IT support, you’re creating a blind spot. Cybersecurity needs to be part of the conversation from day one, not an afterthought when something goes wrong.”
“Bringing IT security into the process early—before an AI tool is rolled out—saves enormous time and cost compared to trying to patch vulnerabilities later.”
HR leaders seeing colleagues within the cybersecurity space as strategic allies is another way issues around cybersecurity can be strengthened. This, Burgess said, underscores the importance of constant communication.
Crucially, Burgess warns against framing the issue as “man versus machine.”
“It’s not about AI replacing human judgement—it’s about AI working alongside humans. If we don’t insist on oversight, we give up our agency. That’s when mistakes happen.”
Leading AI developers are already embedding safeguards to require human confirmation for critical actions, such as financial transactions or data transfers. But Burgess notes AI models have shown the ability to work around constraints, reinforcing the need for vigilant governance.
For HR leaders, the path forward is clear: embrace AI’s efficiencies but ensure robust controls. That means investing in staff AI literacy, collaborating closely with IT, and maintaining a culture where human oversight is non-negotiable.
“AI can revolutionise the way we work,” Burgess concluded, “but only if we pair its speed and scale with human judgement and accountability.”
