The Great Unraveling: Why Silicon Valley's Security Theater is Collapsing
Hackers are breaching everything from routers to the Supreme Court. Meanwhile, Big Tech is quietly abandoning the future to chase enterprise contracts. The bill's coming due.
You want to know what terrifies venture capitalists more than missing a unicorn round? It’s the moment they realize the castle’s already on fire and they’ve been staring at the wrong horizon.
That moment is now.
In the last few weeks, the tech industry’s been getting schooled in a lesson it should’ve learned in 2013: defending billions of connected devices against state-level adversaries is basically impossible. Russia’s military hacked thousands of consumer routers. Iran-linked crews disrupted US critical infrastructure. Someone named Nicholas Moore—who apparently operated under the Instagram handle @ihackedthegovernment with the subtlety of a teenager—broke into three government networks and got probation. A US-sanctioned currency exchange lost $15 million to “unfriendly states.” And that’s just the warm-up act.
Simultaneously, we’re watching the most important tech companies execute a sudden, dramatic pivot away from the consumer future they’ve spent a decade hyping. OpenAI just fired its moonshot division. Kevin Weil and Bill Peebles are gone. Sora’s dead. The science team is folded. This isn’t attrition—it’s capitulation.
These two stories are the same story. And it explains everything happening in Silicon Valley right now.
Photo by Dan Cristian Pădureț / Pexels
The Infrastructure is Held Together with Duct Tape and Prayers
Let’s be blunt: consumer-grade security has never scaled beyond boutique. A thermostat, a router, a doorbell camera—these aren’t designed to survive determined attackers with state resources. They’re designed to work for most people most of the time, and that’s it.
When Russia’s military starts targeting consumer routers en masse, it’s not because routers are sophisticated targets. It’s because they’re everywhere and barely anyone patches them. A router sitting in someone’s home office is basically a free VPN into a corporate network. Patch it once, and a thousand others remain vulnerable forever.
The Supreme Court hack—and I can’t believe I’m typing this—was possible because someone stole credentials and used them. Not zero-days. Not exotic exploits. Stolen passwords. A government agency protecting the highest judicial body in the country got pwned by credential reuse. Then the hacker posted about it on Instagram like it was a TikTok dance trend.
Iran disrupting critical infrastructure sites suggests the same thing: not surgical precision, but brute-force reconnaissance and lateral movement through networks that were never hardened against adversaries who have unlimited time and funding.
Here’s the uncomfortable truth nobody in Sand Hill Road wants to say out loud: the US digital infrastructure is a house of cards built by engineers who were optimizing for speed and cheapness, not survival. And every nation-state on Earth has noticed.
The $50B Signal That Says “We Give Up on Consumer”
So what does Cursor raising $2 billion at a $50 billion valuation have to do with any of this?
Everything.
Cursor’s a code editor for developers. It’s enterprise-focused. It’s boring. And it’s apparently worth fifty billion dollars.
That’s not a valuation—it’s a surrender flag.
For twelve years, I’ve watched the Valley chase the consumer grail. The dream was always the same: build something so good, so essential, that billions of people use it. Control the consumer layer, and the enterprise follows. That’s how Google, Apple, and Meta got obscene. That was the playbook.
But here’s what changed: you can’t defend consumer-scale infrastructure against adversaries with nation-state backing. And you absolutely can’t monetize it safely anymore. Every connected device is a liability. Every user is a vector. Every update is a scramble.
So the smart money’s doing what it should’ve done years ago: chasing enterprise. Cursor. OpenAI’s pivot toward enterprise AI. Stripe and Airwallex going head-to-head in fintech—a space that’s at least somewhat regulated and somewhat defensible.
These aren’t random pivots. They’re admission of defeat on the consumer front. The infrastructure’s too broken. The adversaries are too capable. The liability’s too high.
Photo by UMA media / Pexels
Sam Altman’s Orb Is Still Watching, Though
Now here’s where it gets weird: Sam Altman’s World project—the one with the human verification Orb that scans your eyeball—is trying to become ubiquitous. First partnerships include Tinder. The play is classic Altman: if you can’t win with AI products, maybe you win with identity verification.
My read? This is the hedge. If enterprise AI doesn’t justify the hundred-billion-dollar bet on compute, at least you own the authentication layer. If nobody can trust anything online anymore, maybe you own the tool that proves you’re real.
It’s smart and a little dystopian. Like buying the gun before the war starts.
But here’s my honest uncertainty: I don’t know if World’s Orb actually works well enough to become standard. I don’t know if Tinder users will actually use it, or if it’ll be another friction layer they resent. And I don’t know if a verified-identity internet solves the infrastructure problem at all. It just adds a gate.
What This Means
The Great Unraveling isn’t about any single hack or any single product decision. It’s about the fundamental shift in what the tech industry believes is defensible.
For fifteen years, the mantra was “move fast and break things.” What they actually broke was the perimeter. Now there’s no perimeter. The routers are compromised. The credential stores leak. The infrastructure’s been probed by every adversary from Beijing to Tehran to Moscow.
The smart companies—the ones raising at $50 billion valuations—are moving to defensible terrain. Enterprise customers with budgets, security teams, and liability insurance. Vertical solutions that don’t need to work for billions of people. Regulatory sandboxes where the government’s already doing some of the defense work.
The consumer internet as we built it? That’s becoming a museum.
Stripe and Airwallex going after each other in the same markets makes sense now too. There are fewer new frontiers, so you fight harder for the defended ones. The fintech space is at least semi-regulated. At least audited. At least harder to breach because governments care.
This is what peak maturity looks like in tech. Not growth. Not innovation. Consolidation and retreating to defensible positions.
Photo by Denys Gromov / Pexels
What I’m Watching
-
Q-Day timeline for quantum computing: The headline says “advances push Big Tech closer to Q-Day danger zone.” Watch for any announcements from Google, IonQ, or atom computing about cryptography-breaking thresholds in 2025. If someone claims practical quantum advantage against RSA-2048 in the next twelve months, every major company’s encryption strategy becomes obsolete overnight. That’s the real deadline.
-
Enterprise AI unit economics: Cursor at $50B means the market believes developer tools can sustain that valuation. Watch Anthropic and OpenAI’s enterprise pricing and retention metrics over Q1 2025. If enterprise customers are actually renewing at >90% and paying >$10K per seat, the pivot works. If not, you’re looking at the greatest venture bubble of the decade.
-
Consumer fintech survivor status: Stripe and Airwallex competing means the market’s consolidating. Within 18 months, watch which one raises at a higher valuation next. That tells you which payment infrastructure the market thinks can defend its customer base against state-level attack.
-
World’s Tinder partnership adoption rate: If >30% of new Tinder signups use the Orb within six months, Altman’s identity play becomes mandatory infrastructure. If <10%, it’s a niche product and the bet fails. This is the most concrete test of whether verified identity is actually what users want.
The infrastructure didn’t break yesterday. It’s been breaking for years. We’re just now watching the smart people leave the party.