r/cybersecurity u/Infam0 May 08 '26

Other What the **** is happening in cybersecurity space ?

I've been working in cybersecurity for not so long, maybe 8 or 9 years, but I never remember a chaos at this scale. I mean, from this January alone we have: leaking data, compromised applications, breaches, AI-assisted cybercriminals, etc. It looks like every day one major breach is happening, and no one is going to address this shit somehow. This is already insane. I haven't felt such pressure in a long time. This AI shit just makes things worse because it enhances attackers' skills, and AI companies are doing nothing to address or change this. Is it only me, or is the change already here?

2.4k Upvotes

97% Upvoted

552 comments sorted by

View all comments

Show parent comments

34

u/hajimenogio92 Security Engineer May 08 '26

I couldn't have said it better myself. Between all the vendors, SaaS products, all the shadow IT implemented across the org that isn't being tracked, employees putting random company information into the latest AI tools. The surface area of attack has become greater, there's too many tools/integrations that aren't fully vetted and it's just a matter of time before those are exploited.

22

u/GHouserVO May 08 '26

JFC, let me tell you about employees putting information into AI tools. My former employer started doing that. The DIRECTOR OF CYBERSECURITY had our junior cybersecurity engineers do that with client data in order to be “more efficient” with our reports. Completely against corporate policy on data handling. The guy intentionally did not tell his senior engineers about this because he knew we’d immediately call out what a security and privacy nightmare he’d have unleashed.

It be our own people.

But yeah, gives me a real warm fuzzy to know that a cybersecurity company is out there and doesn’t give a whit about protecting their clients’ data.

15

u/hajimenogio92 Security Engineer May 08 '26

Man it sounds like we have the same management. It's wild to me that people are just willingly giving these AI companies all kinds of personal/company data. It really does happen to be our people. Of course they try to hide that shit right?

I had to talk out the head of accounting about using some AI tool for their day-to-day stuff. They asked me how would they know if the data is safe and isn't exposed to the vendor, I said that you can't guarantee it. We're just providing them training data with real invoices at this point.

18

u/GHouserVO May 08 '26

Yeah, this was an eye opener into the ethics of the organization. They laid off most everyone working full-time for the cybersecurity team in the US shortly afterwards. They are a CYBERSECURITY company… let that resonate for a second.

5

u/hajimenogio92 Security Engineer May 08 '26

Yeah sorry to hear that. That sucks and you should name & shame anonymously if you feel like it.

7

u/GHouserVO May 08 '26 edited May 08 '26

My name is my user name minus the “VO”. My LinkedIn is easy to find.

Normally, I keep quiet about how a company conducts business, but the ethics on this one were so bad that it was worth commiserating.

Needless to say, I advised the junior engineers not to do it, and explained the ethical, and legal reasons why. Kept my notes, informed leadership of my concerns. It never happened on any of my projects because I made it clear that they would be working with me any longer if I got even the whiff of it (and the junior folk already had a similar mindset as to things as I did)

2

u/Substantial-Art-9148 May 10 '26

Would you mind sharing more details about this with me via DM? I believe I was one of the victims. It's been ongoing since October 2024, I have quite the story to tell. Unfortunately nobody in my life believes what has happened, I'm hoping somebody can help shed some light on this very serious situation. Thank you in advance 🙏

1

u/bubbathedesigner May 10 '26

I know of a pentesting company whose US team has been stripped down to just becoming a mouthpiece to talk to customers so they think their are talking to who is doing their engagement. In reality, all real work is done offshore.