Saturday, May 9, 2026
TrendNew Politics. Diplomacy. Markets. Tech. What matters.
Tech 6 min read

The Great Unraveling: Why Big Tech's Security Theater Is Finally Collapsing

From Meta's keystroke logging to Iranian hackers breaching US infrastructure, the industry's encryption theater meets reality. Here's what actually matters.

By TrendNew Staff
The Great Unraveling: Why Big Tech's Security Theater Is Finally Collapsing

The dominoes are falling in slow motion, and nobody’s talking about it.

In the past few weeks, we’ve watched a cascade of security failures cascade across the industry—not the catastrophic, headline-grabbing kind that make good Netflix documentaries, but the slow-motion kind that reveals something deeper: Big Tech built its empire on security assumptions that are collapsing simultaneously. The quantum computing threat, the nation-state attacks, the insider threats, the AI training pipelines built on surveillance. They’re all real. They’re all happening now. And they’re all exposing that most of the industry’s “security” is just expensive theater.

Let me walk you through what just happened.

The Quantum Panic (That Isn’t)

First, the good news that nobody’s celebrating: AES-128 encryption still works in a post-quantum world. This matters because if you’ve been losing sleep over Y2K-style apocalypse when quantum computers arrive, you can probably sleep again. The cryptography holds.

But here’s the thing nobody wants to say out loud: that’s not what’s breaking security right now.

The real vulnerabilities aren’t mathematical. They’re human. They’re architectural. They’re the result of companies deciding that surveillance-as-a-service is worth the risk.

A vintage cassette tape with tangled tape on a white background, evoking nostalgia. Photo by Mike van Schoonderwalt / Pexels

The Surveillance Play

Meta just announced it’s recording employees’ keystrokes and mouse movements to train AI models. Think about that for a second. Not monitoring—recording everything, converting it to training data. This is happening at the company that spent $15 billion on the metaverse and is now desperately trying to catch up in AI.

The rationalization is predictable: it’ll make AI better. It’ll improve productivity. What nobody’s saying is the obvious part: if you’re building systems that require logging every keystroke to function, you’ve already lost. You’ve built a security nightmare. You’ve created the exact attack surface that nation-states dream about.

Because here’s what happened next.

Iran-linked hackers—actual Iranian government operators—just disrupted US critical infrastructure sites. Not theoretical attacks. Not simulations. Real disruptions of actual critical infrastructure. And while that headline is getting traction, the connection nobody’s making is that these breaches probably looked a lot like what Meta just invented: unauthorized access to keystroke logs, activity records, internal communications.

The vulnerability isn’t the encryption. It’s that we’ve voluntarily built systems where every keystroke is recorded and searchable.

The Nation-State Tax

A sanctioned currency exchange got hit for $15 million by “unfriendly states.” That’s not hacker kids in a basement. That’s not a disgruntled employee. That’s a coordinated operation by governments with resources, patience, and time horizons measured in years.

And here’s what’s wild: they hit a sanctioned exchange. They hit a company already locked down, already operating under the assumption that every transaction mattered, already paranoid about security. And they still got through. That tells you something important: the arms race between security and nation-state capability is already over. The nation-states won.

We’re just pretending we still have a chance to catch up.

The Cascade Effect

Then Anthropic reported that an unauthorized group accessed Mythos, their supposedly exclusive cyber tool. Anthropic says there’s no evidence their systems were impacted. Okay. But Mythos is supposed to be the thing that prevents breaches. If someone’s accessing Mythos itself, that’s not just a security problem—it’s a confidence problem.

And confidence is everything in this business.

Meanwhile, SpaceX is apparently buying Cursor for $60 billion. Why? Because neither Cursor nor Elon’s xAI has proprietary models that can compete with Anthropic and OpenAI. They’re playing catch-up in AI by throwing money at the problem, which is the least original play in tech. But here’s what it reveals: even the companies with the best access to talent, the best funding, the clearest mission are still behind. Everyone’s playing checkers while the two leading companies—the ones with actual proprietary models—are playing chess.

And those companies? They’re building products on top of surveillance architecture.

Close-up of hands holding a smartphone displaying 'Announcing Grok 3' on a dark background. Photo by UMA media / Pexels

The Leadership Shuffle That Matters (and the One That Doesn’t)

Tim Cook is stepping down at Apple. This is being treated like a generational moment. And sure, 15 years as CEO, $4 trillion company, blah blah blah. Transformative. I get it.

But here’s my honest take: Cook’s legacy is going to be defined by whether Apple maintains its privacy positioning as an actual moat or folds like everyone else. Because the pressure is immense. AI training requires data. Data requires surveillance. And Apple’s entire business model is built on not doing that. How long can they hold that line when every competitor is recording keystrokes and training models on internal communications?

That’s the succession test that actually matters.

What’s Really Breaking

The actual crisis isn’t quantum computing. It’s not even the Iranian hackers, though that’s closer.

The real crisis is that security and AI capability are now on a collision course, and we haven’t figured out how to reconcile them. You can’t build state-of-the-art AI without data. You can’t gather data at scale without surveillance. And you can’t have surveillance infrastructure without creating the exact attack surface that nation-states exploit.

It’s not a technical problem. It’s an architectural contradiction.

And we’re solving it by pretending the contradiction doesn’t exist. Meta’s logging keystrokes. Anthropic’s tools are being accessed by unauthorized groups. Iran’s disrupting critical infrastructure. Everyone’s racing to catch up in AI by building more invasive monitoring systems.

This is going to end in one of three ways:

  1. A catastrophic breach that forces a reckoning (most likely)
  2. Regulation that mandates security practices nobody wants to implement (possible)
  3. Everyone settling into an uncomfortable equilibrium where we accept that our internal communications are semi-public (depressing, but realistic)

My prediction? We see a major breach affecting actual critical infrastructure—power grid, water systems, something with real physical consequences—within 18 months. It’ll be attributed to nation-state actors, which it technically will be. But the root cause will be that somebody, somewhere in the chain of command, decided that AI training was worth compromising security architecture.

And they’ll be right that it was worth it, from a competitive standpoint. That’s the real problem.

What I’m Watching

  • Anthropic’s forensics report on Mythos. They said no systems were impacted. Prove it with third-party validation by Q2 2025. If they don’t, the confidence cascade accelerates.

  • Apple’s AI announcements vs. privacy commitments. Watch whether Cook’s successor caves on surveillance-based training within 12 months of taking the role. If they do, that’s the market signaling that privacy is no longer defensible as a business strategy.

  • The next critical infrastructure breach attribution. When it happens, track whether the attack vector involved surveillance data (keystroke logs, activity records, etc.). That’s the tell for whether we’ve actually changed anything or just added drama to the same broken system.

cybersecurityai-safetyenterprise-risk

Sources & Further Reading