AI’s impact on cybersecurity for the Australian federal election

As we fast approach the Australian federal election, questions around cybersecurity and the role of Artificial Intelligence in political campaigning are front and centre. 

When we think about election security, many people may think that it applies to online voting. However, election security goes much further than voting; it applies to the digital threats that are constantly evolving, especially those posed by bad actors using increasingly sophisticated attack tools like AI.

New and existing technologies continue to play a more significant role in politics, shaping public opinion, elections and government policy, and especially with the rise of AI-generated content, it is leaving politicians vulnerable to misinformation. This growing issue is prompting the public to voice concerns about the government's lack of preparedness regarding AI and cybersecurity around the election. 

Adobe's Authenticity in the Age of AI: Australia report found that there is a perception that the Australian government is currently lacking in protective measures regarding AI, with over 80 per cent of Australians feeling that governmental action is insufficient.

The Electoral Integrity Assurance Taskforce (EIAT) report, released in January on the integrity of the upcoming Australian federal election, outlined a range of threats to the electoral process. The EIAT's report said, "An increasingly digital world increases the risks to national security and personal data security. The Australian federal election may attract a level of interest from malicious cyber actors, including state-sponsored actors, cybercriminals and hacktivists, who may have the intention to disrupt, interfere with, or undermine the conduct of the 2025 Australian federal election." 

In 2024, Yubico commissioned Defending Digital Campaigns (DDC) to carry out a study that found 72 per cent of respondents were concerned about AI-generated content being used to impersonate candidates or spread inauthentic messaging. Deepfakes, fabricated speeches and AI-driven misinformation are increasingly difficult to distinguish from genuine content, making it easier than ever to mislead the public.

The Opportunity Versus the Risk of AI

As businesses continue learning the benefits of AI-assisted tools, we see rapid interest and adoption of the technology, especially within the enterprise. Individuals have found that AI tools certainly have advantages, such as cost savings and productivity in the workplace via rapid content creation, pattern detection and summarisation.

Until recently, most conversations revolved around ChatGPT, but now DeepSeek is creating a lot of discussion. While these tools have known benefits to businesses and individuals, there are concerns from a cybersecurity lens, including the increasing threats they present regarding the federal election. However, an open-source alternative can now be run locally to mitigate some of the data privacy concerns with DeepSeek.

We're still in the early days of the evolution of AI and there's certainly a lot to learn. However, we're very cognisant that this transformational technology is advancing rapidly in sophistication in terms of what we thought was possible and what we hoped was impossible.  

The Vulnerability of Political Campaigns 

While the Australian Electoral Commission (AEC) plays a key role in safeguarding the integrity of the election process, cybersecurity goes far beyond the AEC's remit. Political campaigns are one of the most vulnerable parts of the electoral ecosystem because they are treasure troves of sensitive data, from donor and volunteer information to political strategy, campaign speeches and login credentials.

Since political campaigns are fundamentally built on trust, a single phishing attack, such as a fake email impersonating a campaign manager or media liaison, can instantly undermine that trust. Worse still, it could grant hackers access to internal systems, email threads and even social media accounts, allowing them to spread disinformation or manipulate campaign messaging. Social media is often the main channel through which electoral candidates engage with the public.

Yet, finite budgets and stretched campaign teams without the right skillsets mean that campaign cybersecurity frequently takes a back seat as candidates juggle media appearances, policy development and voter engagement.

Cybersecurity for Political Campaigns

While the outcome of any election is never guaranteed, one thing is certain: cybersecurity cannot be an afterthought. This means not only investing in trusted security tools but also embedding strong cyber hygiene across the campaign, right from the candidates to the campaign volunteers. Even as cyber threats become more complex, some of the most effective defences remain simple. Campaign teams can reduce their vulnerability by:

1. Using strong, unique passwords and storing them in a trusted password manager

2. Enabling phishing-resistant multi-factor authentication (MFA), ideally with hardware security keys like YubiKeys, to log in securely and easily

3. Keeping computers, mobiles and software up to date with the latest security patches

4. Running regular training to help staff and volunteers recognise phishing attempts and social engineering tactics.

Through Yubico's Secure it Forward program, the company works to preserve democratic integrity in the United States and worldwide, donating YubiKeys to non-partisan political networks that help boost the cybersecurity posture for campaigns, candidates and election processes. As Australia's federal election ramps up, it's more important than ever that candidates and their teams take cybersecurity seriously, as protecting democracy means protecting data.