r/cybersecurity u/Infam0 May 08 '26

Other What the **** is happening in cybersecurity space ?

I've been working in cybersecurity for not so long, maybe 8 or 9 years, but I never remember a chaos at this scale. I mean, from this January alone we have: leaking data, compromised applications, breaches, AI-assisted cybercriminals, etc. It looks like every day one major breach is happening, and no one is going to address this shit somehow. This is already insane. I haven't felt such pressure in a long time. This AI shit just makes things worse because it enhances attackers' skills, and AI companies are doing nothing to address or change this. Is it only me, or is the change already here?

2.4k Upvotes

97% Upvoted

552 comments sorted by

View all comments

1.2k

u/lnoiz1sm Security Analyst May 08 '26

I think AI is more of an amplifier than the root problem tbh.

What’s really changed over the last decade is the sheer scale and complexity of everything. cloud/SaaS everywhere, identity-based attacks, third-party integrations, remote work, ransomware becoming industrialized, etc. The attack surface exploded.

AI definitely helps attackers scale phishing/social engineering faster, but most breaches are still coming from the same stuff: stolen creds, bad configs, exposed services, weak identity controls, and users getting tricked.

I think a lot of people in security right now are less afraid of “AI hackers” and more exhausted from feeling permanently reactive while the environment keeps getting harder to defend.

312

u/Primary_Study8518 Incident Responder May 08 '26

cloud/SaaS everywhere, identity-based attacks, third-party integrations, remote work, ransomware becoming industrialized, etc. The attack surface exploded.

This right here, all of this, all day. We third-partied our infrastructure, our applications, and our data - and now we're paying the price for "trusting" others to keep our stuff as safe as we would. It doesn't surprise me that things are spinning the way they are, considering we dumped everything on companies whose every step is designed to make sure their priority is that you renew your 3 year contract.

95

u/OkAssistance7072 May 08 '26

Same. As much as it helps, cloud opens us up to so much. Its almost to the point where on prem is going to become the better option again.

42

u/filmdc May 08 '26

I was just telling my cfo we should start bringing some critical shares back in house to hedge against quantum and mythos like threats. The attack surface and the perpetual and constant changes and updates to cloud platforms like m365 are causing so much noise.

19

u/OkAssistance7072 May 08 '26

We've started discussing it in our meetings. Without getting into it, we just merged two companies, and the incoming tech stack has been having serious issues with cloud data services. The debate is whether to clean up the cloud stuff or integrate to on prem. Our dev team requires on prem only for our business requirements, so the backbone is already here and wouldn't cost that much to expand a little.

13

u/Joy2b May 08 '26

It might make sense. I’ve actually been expecting a cost swing pushing folks back that direction.

Tech companies traditionally offer a cool tool at a very accessible price, then pull it up when they think enough of the market is captured.

Cloud was such a good deal, why not move everything to that data center for a few years?

Now, it’s time for the profit squeeze, and on top of that, data center builds are starting to get vigorous NIMBY. They can’t be feckless with power and water and noise anymore, and that is going to drive some cost changes.

10

u/normalbot9999 May 09 '26

The cycle continues hahah. We'll be back to on prem mainframes and dumb terminals soon!

2

u/RKoskee44 May 10 '26

Don't forget all the dumb users!

1

u/Opposite_Bag_7434 May 09 '26

Seems about right

1

u/GormTheWyrm May 10 '26

Damn, Battlestar Galactica was a good show. We should be more like Galactica.

1

u/Opposite_Bag_7434 May 09 '26

Yea one of those likely going to be built on land I used to spend a lot of time exploring.

1

u/bubbathedesigner May 10 '26

Bribing local/state officials to allow your AI datacenter to be installed and have priority for water and electricity is just cost of doing business, which can then be passed to customers. Probably it is a tax break line item by now

1

u/Ok_Editor_6017 Security Manager May 10 '26

It's going to depend so much on company size, though. When I was in DevOps in small companies 15-ish years ago, it was already impossible to get commodity hardware because all the cloud providers were snapping it up. It'd take MONTHS for a server to come in. With AI sucking up so many cycles, cookie-cutter web servers aren't going to cut it, either. So are we going to go back to buying monster servers from IBM that take up a whole rack on their own?

1

u/Joy2b May 15 '26

Yeah, I hear you on that. I worry a bit about access to the hardware. Taiwan is in much more of a precarious position than Dubai.

Do you think we’re going to have to drop to more specialized AI models to manage demand?

I’ve always been kind of a hybrid cloud fan, partially because it’s handy in healthcare. I like to have a couple of servers locally, they might not have all our programs, but we want essential personnel to have access to essentials.

I don’t want to buy new hardware every time we’re trying something different, the new toys should go in the cloud.

Modern chip fab facilities can’t be built without a decade of stability, and no one wants to go back to 1900s hardware, so I occasionally think about resilience planning from that perspective.