The cost of a cyberattack has just plummeted. While fashion houses tout their control over their intellectual property, their digital practices are increasingly slipping beyond any internal control.
Twenty-five euros a month. According to Madeline Wallace, co-founder of the Belgian cybersecurity firm Aikido, that’s the price of an artificial intelligence subscription—which is now sufficient to run agents capable of identifying and exploiting vulnerabilities in any computer system. Five years ago, such capability required rare expertise, a dedicated team, and a budget that only the largest organizations could justify. It is now available as a service.
This shift is changing the very nature of the threat to the luxury sector. Until now, a luxury brand was considered a target only if its size justified the effort required for a sophisticated attack. That economic logic has disappeared. A medium-sized workshop, a regional subsidiary, or a textile subcontractor becomes just as profitable a target as a large conglomerate, as soon as the marginal cost of a breach approaches zero.
Fashion designers and software developers are no longer one and the same
The second shift has received less attention, but has a more direct impact on the governance of the Maisons. So-called “vibe coding” tools — led by Lovable, valued at over one billion euros and also founded in Europe — now enable any employee, without technical training, to design and publish a functional application: a micro-store, a configurator, or a VIC allowance management tool. The professional developer is no longer the sole point of entry for code into the company.
For an industry that has long protected its know-how by strictly limiting access to it—designs, prototypes, workshop—this decentralization of software development power raises a fundamental question: Who, within a fashion house, knows today what has been built, by whom, and to what extent is the data flowing through the system being controlled? In most cases, the answer does not yet exist in the form of a formal procedure. It exists as a scattered, unrecorded practice—what specialists now call “shadow AI.”
The urgency does not lie in novelty
A common perception is that the risk stems from the most advanced capabilities of artificial intelligence—those reasoning models capable, within just a few days of public use, of uncovering vulnerabilities that have lain dormant for decades in widely deployed systems. This is a real and well-documented fact. But Madeline Wallace is keen to correct this assumption: “The most immediate danger isn’t a brand-new, previously unknown vulnerability; it’s the oversights we’ve always put off until tomorrow, which can now be exploited with just a few clicks. ” A shared password, an outdated software dependency, an unaudited third-party vendor: yesterday’s technical debt becomes today’s operational risk, at a pace that traditional luxury governance—based on deliberate slowness and meticulous, hands-on verification—did not anticipate.
Details. Aikido claims to currently provide security for more than 260 employees spread across three continents and reports generating more than 1.5 million euros in new revenue each week—a growth rate the company attributes directly to the new sense of urgency felt by senior management, beyond just technical teams, in the face of the risks posed by artificial intelligence.
The question that the fashion houses aren’t asking out loud yet
Luxury groups have historically built their credibility on a visible mastery of materials and the invisibility of the process. This same discretion, when applied to digital governance, becomes a risk rather than a virtue: no House today communicates its actual level of maturity regarding artificial intelligence security, even though trust—that of both the connoisseur and the industrial partner—increasingly depends on this invisible mastery. Security is no longer a technical matter relegated to IT teams; it now determines the very credibility of the narrative of heritage sovereignty that these Houses otherwise construct with such care.
It remains to be seen whether this governance will be developed proactively, at the slow pace that has always been characteristic of the sector, or under the pressure of an incident that will force the discussion into the public arena.
Cette publication est également disponible en :
