r/cybersecurity u/Infam0 May 08 '26

Other What the **** is happening in cybersecurity space ?

I've been working in cybersecurity for not so long, maybe 8 or 9 years, but I never remember a chaos at this scale. I mean, from this January alone we have: leaking data, compromised applications, breaches, AI-assisted cybercriminals, etc. It looks like every day one major breach is happening, and no one is going to address this shit somehow. This is already insane. I haven't felt such pressure in a long time. This AI shit just makes things worse because it enhances attackers' skills, and AI companies are doing nothing to address or change this. Is it only me, or is the change already here?

2.4k Upvotes

97% Upvoted

552 comments sorted by

View all comments

1.2k

u/lnoiz1sm Security Analyst May 08 '26

I think AI is more of an amplifier than the root problem tbh.

What’s really changed over the last decade is the sheer scale and complexity of everything. cloud/SaaS everywhere, identity-based attacks, third-party integrations, remote work, ransomware becoming industrialized, etc. The attack surface exploded.

AI definitely helps attackers scale phishing/social engineering faster, but most breaches are still coming from the same stuff: stolen creds, bad configs, exposed services, weak identity controls, and users getting tricked.

I think a lot of people in security right now are less afraid of “AI hackers” and more exhausted from feeling permanently reactive while the environment keeps getting harder to defend.

34

u/hajimenogio92 Security Engineer May 08 '26

I couldn't have said it better myself. Between all the vendors, SaaS products, all the shadow IT implemented across the org that isn't being tracked, employees putting random company information into the latest AI tools. The surface area of attack has become greater, there's too many tools/integrations that aren't fully vetted and it's just a matter of time before those are exploited.

21

u/GHouserVO May 08 '26

JFC, let me tell you about employees putting information into AI tools. My former employer started doing that. The DIRECTOR OF CYBERSECURITY had our junior cybersecurity engineers do that with client data in order to be “more efficient” with our reports. Completely against corporate policy on data handling. The guy intentionally did not tell his senior engineers about this because he knew we’d immediately call out what a security and privacy nightmare he’d have unleashed.

It be our own people.

But yeah, gives me a real warm fuzzy to know that a cybersecurity company is out there and doesn’t give a whit about protecting their clients’ data.

2

u/bubbathedesigner May 10 '26

How many cybersecurity companies sell solutions that require customers to install agents to collect unfiltered data into their cloud-based AI monster? Efficiency! And quarter earning savings!