The Security Apocalypse Is Happening Right Now—We're Just Not Looking

---

We’re living through a security collapse in real time, and most people are worried about the wrong things.

While everyone argues about AI safety and chatbot hallucinations, the actual infrastructure holding civilization together is getting picked apart by state-sponsored hackers, quantum computing is arriving faster than we thought, and Microsoft just locked a developer out of his own account—potentially bricking computers running open-source encryption software. This isn’t theoretical. This isn’t next decade. This is September 2024 energy.

Let me walk you through what’s actually happening.

The Router Thing Is Worse Than It Sounds

Russia’s military hacked thousands of consumer routers. That’s the headline. Here’s what that means: every router is a door to your network. They sit between you and the internet, invisible, unpatched, forgotten. Most people never touch their router settings after installation. They just assume it works.

Now assume it’s compromised. An attacker on the other side can see everything flowing through it—banking sessions, work VPNs, smart home commands. They can redirect you to fake websites. They can inject malware into any device on your network. A router compromise is basically owning someone’s entire digital life without them knowing.

The fact that Russia’s military did this at scale tells you something important: this is considered a high-value target by actual state actors. Not theoretical. Not “could happen.” Actually happening, actually prioritized by the Russian military.

Photo by cottonbro studio / Pexels

Encryption Is About to Become a Punchline

Google just announced it’s moving “Q Day”—the day quantum computers break current encryption—from some distant future to 2029. That’s five years. Not fifty. Five.

Why? Because quantum computers need vastly fewer resources than previously thought to break vital encryption. Translation: the math is getting easier. The machines needed are getting cheaper. The timeline is compressing.

Here’s where my gut gets uncomfortable: we’ve known for years that this day was coming, but the industry treated it like climate change. Yes, it’s real. Yes, it’s serious. No, we’re not actually ready. The infrastructure that protects your bank account, government secrets, and medical records all relies on encryption that will be crackable by 2029. Maybe sooner. We don’t have a comprehensive rollout plan for quantum-resistant encryption. We barely have a plan.

And then—get this—a developer working on VeraCrypt, one of the last bastions of serious encryption software for regular people, just had his Microsoft account locked. Microsoft locked him out. He can’t access anything. Users running VeraCrypt might not be able to boot their machines.

I don’t know if this is intentional, negligence, or coincidence. But the timing is absolutely brutal. When encryption is becoming fragile, locking out the person maintaining one of the few tools that actually works feels like the joke writes itself.

The Attacks Are Getting Worse at a Velocity We’re Not Discussing

Rowhammer attacks on Nvidia GPUs now give attackers complete machine control. OpenClaw exists and apparently freaks people out (though the description was thin in the sources, I’m not guessing at details here). The LAPD got breached by extortion gangs. Police documents leaked. Operational security at one of the largest police departments in the U.S. turned out to be “not great.”

These aren’t isolated incidents. They’re data points in a trend: attackers are getting smarter, tools are getting more sophisticated, and defensive responses are consistently one step behind.

My read is that we’re at the inflection point where attack capabilities crossed defense capabilities sometime in 2023, and we’re only now realizing it. Like how you don’t feel the moment a ship starts sinking—you feel it when the water’s already in your cabin.

Photo by UMA media / Pexels

The Child Safety Thing Shows The Real Problem

OpenAI just released a child safety blueprint to address the rise in child sexual exploitation linked to AI. That’s the official framing. Here’s what it actually says: AI is making it worse, faster, and OpenAI is playing defense.

This isn’t about whether AI is “safe” or “unsafe” in the abstract philosophy sense. This is about real harm, real children, real tools that attackers are already using. The fact that OpenAI had to release a “blueprint” means they didn’t have a plan before. They were responding to reality catching up.

The scarier part? Other companies are probably where OpenAI was six months ago. Which means we’ve got another six months of attack capability advantage before anyone else even acknowledges the problem exists.

Why This Matters More Than You Think

Back in 2011, the Stuxnet virus proved that nation-states could weaponize cyberattacks against physical infrastructure. That was a shock. The idea that a computer virus could destroy industrial centrifuges felt like science fiction until it wasn’t.

We’re about to hit the same inflection point, but multiplied. We don’t have one Stuxnet-level threat. We have:

• State actors hacking consumer infrastructure
• Quantum computers making encryption moot in five years
• Exploitation tools getting more sophisticated faster than defenses
• Open-source developers getting locked out by major tech companies
• New attack vectors on specialized hardware (GPUs) that most security teams aren’t even thinking about

And we’re still treating this like a tech-insider problem instead of a systemic risk problem.

The Bet I’m Making

I think we’re going to see a serious corporate or government network get compromised in the next 18 months that’s bad enough to trigger actual regulatory response. Not theater. Actual policy change. Because the private sector clearly isn’t moving fast enough on its own, and the status quo is unsustainable.

I also think quantum computing is going to accelerate faster than Google is signaling. When governments actually quantify the risk to their financial systems and national security infrastructure, funding will triple overnight. You don’t get five-year warning to a cryptographic apocalypse and calmly implement patches.

And I’m genuinely uncertain about the Microsoft-VeraCrypt thing. It could be a systems glitch. It could be intentional pressure on open-source encryption tools. Either way, it signals that major tech companies feel empowered to lock out developers over account issues, which is a new and weird precedent when encryption is becoming more important, not less.

The bitcoin creator thing is just noise. Adam Back denying he’s Satoshi Nakamoto is like everyone denying they’re Batman. It doesn’t change anything material.

Photo by Mediahooch Pixels / Pexels

What I’m Watching

• Quantum-resistant encryption rollout timeline by Q1 2025: NIST or major cloud providers need to announce actual migration dates and resources, not just “we’re thinking about it.” If nobody commits by January, we’re definitely not ready for 2029.

• Consumer router vulnerability patches in the next 90 days: Track whether manufacturers actually push security updates to the thousands of hacked routers, or whether they just issue statements. The speed of response tells you how seriously the industry treats this.

• VeraCrypt account resolution: Does Microsoft restore the developer’s account? Does he switch to open-source-only distribution? If users actually can’t boot machines running VeraCrypt, that becomes a PR crisis that forces a response. Watch for that.

• The first major breach attributed to pre-quantum attacks: Once someone proves they stole encrypted data specifically because they’re banking on quantum computers to decrypt it in the future, the conversation changes overnight. That’s the bell that can’t be unrung.

The security infrastructure we built in the 1990s is cracking. The replacement isn’t finished. And nobody’s supposed to notice until something breaks badly enough that we have no choice but to pay attention.