Brain-computer interfaces inspire visions of superhuman powers, enabling users to control protheses and other devices solely with their thoughts. But the rapid development and commercialization of this technology also brings security risks. Attacks on brain-computer interfaces may cause harrowing consequences for users, from eavesdropping on neurological data to manipulating brain activity. At present, data protection law, the regulation of medical devices, and the new rules on the sale of goods with digital elements all govern aspects of cybersecurity. There are, nevertheless, significant gaps. The article analyzes how the legal system currently addresses the risks of cyberattacks on brain-computer interfaces-and how policymakers could address such risks in the future.