The Great Unraveling: Why Tech's Security Theater is Collapsing in Real Time
From quantum threats to state-sponsored router hacks, the infrastructure we built isn't holding. Here's what breaks next.
The American tech stack is getting mugged in daylight, and the muggers aren’t even hiding their faces anymore.
In the last few weeks, we’ve watched unfriendly states steal $15 million from a US-sanctioned currency exchange. Russia’s military has hacked thousands of consumer routers. Iran-linked operators have disrupted US critical infrastructure. A 20-something kid named Nicholas Moore broke into three government networks, posted victims’ data on Instagram under the handle @ihackedthegovernment, and got… probation.
The pattern isn’t subtle. It’s not even trying to be.
What’s really broken isn’t the firewalls or encryption—it’s the assumption that there’s a competent adult in the room anymore. We’ve outsourced security to the same companies that can’t keep their own executives from bolting, that are pivoting away from actual innovation, and that are racing to sell enterprise AI before they’ve figured out what it actually does.
The Quantum Elephant Nobody’s Ignoring
Let’s start with the thing that should terrify every CTO who hasn’t updated their threat model since 2019: quantum computing just stopped being theoretical.
Recent advances have pushed Big Tech closer to the Q-Day danger zone. That’s the moment when quantum computers become powerful enough to break RSA encryption—the cryptographic standard that protects everything from your bank account to nuclear launch codes. We’re not talking about 30 years from now. We’re talking about “someone’s probably already storing encrypted data now to decrypt later” timeline.
This isn’t paranoia. The NSA has been warning about this since 2022. The difference is, now the warnings have teeth because the timeline got shorter.
Here’s what keeps me up: we know how to fix this. Post-quantum cryptography exists. But migrating an entire digital infrastructure to new standards takes years, and most organizations are still running systems from the Obama administration. The companies that should be leading this transition—the Broadcoms, the Stripes, the cloud infrastructure providers—are either shedding talent or busy fighting each other.
Photo by Mike van Schoonderwalt / Pexels
When Insiders Become Outsiders
OpenAI just kicked out Kevin Weil and Bill Peebles. The company’s also killing Sora and shutting down its science team. This isn’t a cleanup. It’s a bloodletting disguised as strategy.
The message is clear: stop building consumer moonshots. Build enterprise AI. Make money. Get boring.
I get it. Sora never shipped. The science team was expensive. But here’s what nobody’s saying out loud: when you stop hiring the kind of people who want to build novel things, you stop being the company that builds novel things. You become Palantir with better branding.
The timing matters. OpenAI’s doing this retreat right as Cursor—the AI code editor—is in talks to raise $2 billion-plus at a $50 billion valuation. Returning backers a16z and Thrive are leading. That’s not just capital; that’s validation that the market sees more innovation potential in a code editor than in the company that invented the transformer.
I think OpenAI’s betting that enterprise AI is a bigger TAM, and they’re probably right about the math. But they’re wrong about what happens to your culture when you stop swinging for the fences. You become a utility. And utilities don’t shape the future—they just serve it.
Photo by UMA media / Pexels
The Stripe-Airwallex Divorce Gets Real
Once these two could’ve merged. Now they’re targeting each other’s customers.
Stripe and Airwallex used to operate in different geographies, different buyer personas. That geography gap is closing. Stripe’s moving international. Airwallex got good. The market’s not big enough for a polite separation.
This matters for one specific reason: when companies stop growing into whitespace and start competing directly, they get hungry. They cut margins. They increase security investment. Or they don’t, and they get hacked. In fintech, there’s no in-between.
Watch this one because it’s a proxy for whether the golden era of geographic arbitrage in SaaS is actually over. If Stripe wins decisively, consolidation accelerates. If it’s a draw, we’re entering a brutal margin compression phase.
Sam Altman’s Surveillance Empire, Now With Swipes
Sam Altman’s World is expanding. The Orb-based anonymous verification system that raised eyebrows is now coming to Tinder as the first major expansion.
Let me be direct: this is interesting and concerning in equal measure.
The product works. You stand in front of a camera, scan your iris, get a digital identity that proves you’re real without revealing who you are. It’s elegant. It’s also fundamentally a surveillance business with excellent PR—you’re building a global biometric registry in the name of preventing catfishing.
First stop: Tinder. Dating apps are identity deserts where everyone’s a catfish by design. But they’re also where young people congregate. Scale biometric verification across dating apps and suddenly you’ve got something approach 500 million eyes registered. That’s not a security feature anymore. That’s infrastructure.
I’m not saying this is evil. I’m saying Altman’s playing a longer game than anyone’s noticing, and the fact that nobody’s raising alarms about the precedent is the problem.
The Router Hack and Why Your ISP Is Basically Toast
Thousands of consumer routers compromised by Russian military intelligence.
Nobody cares because it’s not your data they’re after. It’s the network. They’re not stealing from you; they’re building a botnet. They’re staging infrastructure for the next thing—DDoS, lateral movement, data interception. This is how wars actually start now. Not with ships. With routers people got free when they signed up for cable.
The fact that we still sell hardware that can’t be remotely patched in 2025 is basically a war crime against our own infrastructure.
What I Actually Think Is Happening
The security apparatus we built in the 2010s assumed a world where companies cared about defense. That world’s ending. We’re entering an era where the incentive structure is entirely broken: executives get fired if they spend on security; they get rewarded if they ship product and hit numbers. Quantum’s coming. State actors are getting bolder because there’s no real consequence for them. And the smartest people in tech are now working on either AI products that don’t quite work yet or fintech arbitrage plays.
My prediction: by Q3 2026, we’ll see a major breach at a Fortune 500 company that was preventable through basic quantum-safe migration, and the response will be new regulations that make everything worse.
The companies that do move first on post-quantum crypto will win quietly. Nobody will thank them. But they’ll be the only ones still in business when the reckoning comes.
What I’m Watching
- Cursor’s next funding close and hiring spree: If a16z-backed code editor raises above $2B and doesn’t immediately slow growth, it suggests enterprise AI capital is flowing away from OpenAI. Watch their Q1 2025 hiring numbers.
- Stripe vs. Airwallex head-to-head metrics: Specifically, watch for gross margin compression in either company’s next earnings or funding round. First one to sacrifice margin wins; second one gets acquired.
- World’s Tinder integration rollout timeline: Are they launching with iris scanning day one, or rolling it out gradually? Speed signals confidence in both the tech and regulatory betting.
- The first Q-safe migration announcement from Big Tech: Whoever announces RSA retirement first wins the narrative. Watching for this from AWS, Google Cloud, or Azure in H1 2025.