The Great Fragmentation Has Started
While Sequoia raises billions for AI, hackers are dismantling the infrastructure everyone's building on. This won't end well.
Sequoia just raised $7 billion under new leadership. Factory hit $1.5B valuation in three years. Upscale AI’s at $2B after seven months of existence. The money is flowing like someone left the faucet running at the venture office.
And meanwhile, Russia’s military is hacking thousands of consumer routers. Iran’s disrupting US critical infrastructure. There’s a new GPU exploit that gives attackers complete machine control. A security flaw called OpenClaw is making people genuinely freak out.
These aren’t separate stories. They’re chapters in the same book, and the book is called “Why the AI boom might implode faster than anyone’s pricing in.”
Photo by KNKO Photography / Pexels
The Money Machine Prints Faster Than Reality Catches Up
Let’s start with what’s actually happening in venture capital, because the numbers are wild. Sequoia—the 54-year-old firm that’s basically the platonic ideal of Silicon Valley power—just did its first major fundraise under new co-stewards Alfred Lin and Pat Grady. Seven billion dollars. That’s not incremental growth. That’s “we’re reloading the cannon” money.
In the same window, Factory raised $150 million at a $1.5B valuation for building AI coding tools. Upscale AI hit $2B in talks after operating for exactly seven months. Seven months. That’s not even time to get through two funding cycles under normal circumstances.
The thesis is obvious: AI infrastructure and tooling are the picks-and-shovels play. If you can’t build the chips or the platforms everyone else is building on, you build the tools they’ll use to build with. It’s 1849 and everyone’s rushing to California, so you sell shovels. Khosla’s backing Factory. Sequoia’s backing whoever they want. The logic holds.
But here’s what’s making me twitchy: the logic only holds if the ground beneath everyone’s feet is stable.
Photo by UMA media / Pexels
The Infrastructure Argument Doesn’t Work Anymore
Three months ago, “secure your critical infrastructure” was something boring federal agencies said in PowerPoint slides. Now it’s an active warzone.
Iran-linked hackers are disrupting operations at US critical infrastructure sites. Russia’s military compromised thousands of consumer routers. We’ve got a new Rowhammer attack that gives attackers complete control of machines running Nvidia GPUs. And OpenClaw—whatever it is—is scary enough that people who cover security for a living are legitimately freaked out.
That last one matters because security people are usually jaded. Unflappable. When they’re freaked out, you should be too.
The attack surface hasn’t just widened. It’s become infinite. Consumer routers get hacked and suddenly they’re part of a botnet pointed at infrastructure. GPU exploits mean your expensive AI training hardware isn’t actually yours to control. And it’s not even amateur hour anymore—these are state-level actors. Russia’s military. Iran’s intelligence apparatus. Not some rando in a Discord server.
Here’s what kills me: the venture world is pricing this as a non-variable.
You don’t get to raise $7B for AI infrastructure bets while treating cybersecurity as someone else’s problem. These things aren’t orthogonal. They’re connected at the spine.
Why This Matters (And Why Nobody’s Acting Like It Does)
Think about what Sequoia and Khosla are actually funding. They’re betting on companies that will build the infrastructure, the tooling, the chips, the platforms that enterprise and government will depend on. Factory’s raising money to let developers write code with AI. Upscale’s raising money on seven months of traction. These are foundational bets.
Now imagine you’re a CIO at a Fortune 500 company, or worse, a defense contractor. You’re getting pressure to adopt AI tooling because your competitors are. You’re looking at Factory or similar platforms. You’re considering buying Nvidia chips for training and inference. You’re thinking about what this infrastructure stack looks like.
And then you read that Russia’s military is hacking routers. That Iran’s disrupting critical infrastructure. That GPUs have exploits that give attackers root access.
You don’t adopt. You slow down. You get paranoid. You demand security audits that take six months. You negotiate with your vendor about liability if there’s a breach.
This is what I think happens next: enterprise AI adoption doesn’t stall completely, but it bifurcates. Companies that can afford military-grade security infrastructure and dedicated red teams move forward. Everyone else gets stuck in a holding pattern. The winners consolidate. The mid-market plays like Factory get squeezed because their customers suddenly have to choose between growth and security, and security wins every time.
Sequoia raised $7B assuming a certain velocity of AI adoption. I’m betting that velocity gets cut by 40-50% over the next 18 months, not because the technology is bad, but because the trust infrastructure isn’t there.
The Irony Is Spectacular
Reed Hastings just left Netflix’s board. That’s a sidebar, right? Netflix transformed two entire industries—physical rental and digital streaming. Hastings did that by building on infrastructure he could control and trust. He didn’t build on compromised routers or vulnerable GPUs. He built on purpose-built systems.
But Netflix is entertainment. The stakes are “you miss a show.” Now we’re talking about critical infrastructure. Defense systems. Financial networks. Medical devices. The stakes went from “annoying” to “could literally kill people.”
And the venture world is funding the builders without the security people in the room.
Photo by Denys Gromov / Pexels
What Actually Needs to Happen
I’m not saying AI infrastructure is doomed. I’m saying it’s being built on quicksand while venture capitalists hand out shovels.
What needs to happen: the same people funding Factory and Upscale need to be funding security companies with the same intensity. Not as a risk-mitigation side bet. As a core conviction. Because you cannot have an AI infrastructure boom without a coincident security infrastructure boom. It’s not optional. It’s not nice-to-have. It’s the load-bearing wall.
The Broadcom/VMware thing is a whisper of this—thousands of customers migrating away because of “negative” views of Broadcom. That’s what happens when trust breaks. It’s reversible if you fix the underlying issue, but it’s a warning. Imagine that dynamic but for the entire AI infrastructure stack.
Here’s what I’d bet on: by Q3 2025, we’ll see the first major security incident involving an AI infrastructure company. Not Factory necessarily, but someone in that stack. And the reaction won’t be “oh well, security is hard,” it’ll be “why did we trust a seven-month-old company with our proprietary models?” And that’s when the bifurcation I mentioned actually happens.
The $7B Sequoia raised doesn’t evaporate. But it gets allocated differently. Less “move fast and break things,” more “move carefully and audit everything.”
What I’m Watching
-
Nvidia’s security announcements through Q2 2025. If they’re not releasing patches and hardening GPU firmware in response to Rowhammer attacks, that’s a signal that the security-first conversation isn’t happening inside the biggest infrastructure company. Watch for executive-level security hires or policy shifts. That’s the real tell.
-
Enterprise AI adoption rates in regulated sectors (finance, healthcare, defense) through the next two quarters. If adoption slows materially while consumer-facing AI speeds up, that confirms the bifurcation thesis. I’m looking for specific slowdowns in RFP timelines or deal cycles lengthening beyond normal.
-
Security-focused funding announcements from major VCs through mid-2025. If Sequoia, Khosla, Andreessen don’t match their AI infrastructure funding with dedicated security platform funding within the next six months, that’s evidence they’re not pricing this risk seriously. Watch for new funds explicitly labeled for security infrastructure—that’s the real leading indicator.
-
Vendor liability clauses in AI infrastructure contracts starting now. This is where the rubber hits the road. Are enterprises demanding indemnification for security breaches? Are vendors accepting it? The answer to that question will tell you everything about how seriously the market is taking this.
The hype cycle always runs ahead of reality. Right now reality is catching up faster than anyone expected.