What are the real AI threats right now?

When people talk about AI as a threat, the imagination defaults to science fiction. Robots taking over. Terminator. AGI waking up and calling the Pentagon.

That's not what Norwegian SMBs need to worry about right now.

The real threats are more boring, and they're already here — in the inbox, in the accounting system, in the daily routines nobody's written down.

AI agents are the fastest-growing threat category in 2026. When you give an agent — Claude Code, ChatGPT with access to your Outlook, a Copilot agent reading invoices — access to your tools, you're also giving it access to every piece of text it reads. Google measured a 32% increase in indirect prompt injection attacks between November 2025 and February 2026. These are attacks where someone hides instructions in a document, an email, or a LinkedIn bio, and the agent reads them as commands rather than as text.

On May 7, 2026 Microsoft disclosed a flaw in its Semantic Kernel framework (CVE-2026-25592, CVSS 10.0) where a prompt injection could write arbitrary files on the host machine. In plain English: an email or document could get the agent to execute code it shouldn't.

For an SMB the question isn't whether you're building agents yourself. The question is how many agents you've already given access to Tripletex, Outlook, or shared document folders — and whether anyone has stopped to ask what happens when a malicious invoice lands in that inbox.

Shadow AI is the most under-reported risk in your business. It's the employee pasting a customer proposal into free ChatGPT to "tidy up the language". The payroll lead dropping salary data into an image generator to build an org chart. The procurement person asking Claude about a contract — full contract, full pricing, all of it.

It happens in every SMB I've been inside this past year. Usually without policy, without visibility, and without the leader knowing it's happening. The free versions of these tools aren't free. You're paying with your data.

Voice cloning and deepfake fraud have found their natural target. In 2025, someone attempted to defraud DNB's group leadership via a deepfake video meeting for around 24 million NOK. It was stopped in time. Engineering firm Arup had less luck — an employee transferred around 270 million NOK after a video meeting where both voices and faces were synthetic.

Signicat, the Norwegian digital-ID company, has measured a 2000%+ increase in deepfake fraud attempts over the past three years. Økokrim, Norway's economic crime authority, has explicitly warned Norwegian businesses that the threat is here, not around the corner.

Three seconds of you on a LinkedIn video is enough voice material. SMBs are juicier targets than large corporates — fewer controls, fewer escalation layers, the finance lead often working alone. When the CEO's voice calls from a familiar number, how many have trained their team to stop and verify?

Hallucinations turn into decisions when nobody checks. The AI confidently answers a tax question you asked. You forward the answer to your accountant. It's wrong. The law didn't say what the AI said. But it sounded so authoritative.

The threat isn't AI being wrong — we know it is. The threat is AI being wrong convincingly, with neither the asker nor the receiver in the habit of verifying.

Data protection is being enforced, not just recommended. The EU AI Act will be incorporated into Norwegian law in summer 2026, with Nkom as the coordinating AI authority. Datatilsynet enforces GDPR regardless, and they've said clearly that pasting customer personal data into an AI service outside the EEA without a data processing agreement is a breach.

For a 40-person SMB, the risk isn't Datatilsynet showing up unannounced. The risk is a customer complaining, an auditor asking, or a partner requesting a GDPR statement you can't give.

Skill erosion is the least visible threat. When AI writes every email, you stop practising writing. When AI summarises every meeting, you stop practising listening for what actually matters. When AI cleans up your Excel sheet, you stop understanding the structure of your own data.

It's slow. It happens over years. But it happens.

The real AI threats are either boring or technical. Both can be addressed with boring measures: a short policy your team actually reads, a conversation with your finance lead about what to do if the boss calls asking for an urgent transfer, an audit of which agents you've granted access to what, a tool reviewed against privacy rules before it's rolled out.

You don't need an expensive AI strategy to handle this. You need to look at what's already happening in your business today, and talk about it.

That's the hard part.