The Security House Is On Fire and Nobody's Leaving

We’re past the point where individual hacks are news. They’re not anymore. What matters now is the pattern.

In the last few weeks, we’ve watched Iran-linked hackers disrupt operations at US critical infrastructure sites. Russia’s military hacked thousands of consumer routers. Anodot—a data analytics company—got breached, and now companies like Rockstar Games are facing extortion. And then there’s the Rowhammer attack hitting Nvidia GPUs, which basically hands attackers complete machine control on hardware that’s rapidly becoming the nervous system of AI infrastructure.

This isn’t a series of isolated incidents. It’s a shift in the threat model itself.

Red fire alarm and warning sign on a rustic wooden wall for safety awareness indoors. Photo by James Thomas / Pexels

The Convergence Problem

Here’s what’s changed: attackers used to target systems one at a time, looking for specific vulnerabilities in specific targets. Now they’re going after chokepoints—infrastructure that touches everything, platforms that host everything, hardware that runs everything.

The Anodot breach is a perfect example. Data analytics platforms sit in a unique position: they’re invisible to most people but connected to hundreds of enterprises simultaneously. When someone compromises Anodot, they don’t just get one company’s data. They get a dozen Fortune 500 companies’ operational metrics, customer behavior, financial patterns. That’s not a hack. That’s a master key.

Same logic with the router attacks. Consumer routers aren’t the target—they’re the perimeter. Russia’s military isn’t stealing your Netflix password. They’re building a distributed backdoor network that can be weaponized later, either for surveillance or for disrupting the infrastructure that depends on internet connectivity. Thousands of routers means thousands of potential entry points into home networks, small businesses, and the systems they’re connected to.

The Iran attacks on critical infrastructure are more direct. But notice they’re still picking targets—infrastructure “sites” plural, which suggests either systematic probing or coordinated strikes. This is state-level actors moving past experimentation into operational tempo.

And then Rowhammer. This one’s different because it’s not about finding a vulnerability in how a system was built. It’s about exploiting a fundamental physical property of how DRAM works. You can’t patch physics. Every Nvidia GPU running in production right now is potentially vulnerable to an attack that gives complete machine control. Think about what’s running on Nvidia hardware right now: language models, autonomous vehicle stacks, recommendation engines at cloud scale, financial models.

One attack type. Potentially millions of machines.

Why This Moment Matters

I’ve covered security incidents for 12 years. The pattern I’m seeing now reminds me of the shift that happened between 2013 and 2015, when attacks moved from individual data theft toward systemic infrastructure compromise. But it’s faster this time, and the targets are more critical.

In 2016, when the Mirai botnet hit Dyn DNS, it knocked out major services for hours. That was 600,000 infected IoT devices. We collectively gasped, published op-eds about IoT security, and then… nothing really changed structurally. Routers still ship with default credentials. Cameras still run ancient firmware.

The difference now is that the attackers clearly aren’t waiting for us to fix things. They’re moving to higher-value targets. Broadcom’s acquisition of VMware has already triggered thousands of customer migrations—not because of the technology, but because enterprises have lost trust. That’s a psychological shift. When customers stop trusting your company for reasons that aren’t directly technical, you’ve entered a different threat landscape.

My read is this: we’re in the early phase of a world where enterprises can’t distinguish between technical compromise and institutional compromise. If your data broker gets hacked and you’re facing extortion, how do you know your other vendors haven’t been? If thousands of routers are owned by a nation-state, how do you trust your ISP’s network?

Close-up of hands holding a smartphone displaying 'Announcing Grok 3' on a dark background. Photo by UMA media / Pexels

The Business Consequences Are Real

Vercel’s CEO is signaling IPO readiness because AI agent infrastructure is generating real revenue. That’s great for Vercel. But here’s the uncomfortable part: every new platform, every new concentration of compute, every new data chokepoint is exactly the kind of target that makes sense to compromise.

Slate Auto raised $650M for EV trucks, which is its own story about how much capital still flows toward hard tech. But an EV manufacturer is also building connected infrastructure. Fleet management. Telematics. Charging networks. Every one of those is an attack surface.

Even Roblox—introducing age-appropriate account tiers for kids—is thinking about safety in terms of content moderation, not security architecture. Which makes sense for their use case, but it also means Roblox is becoming more valuable as a platform precisely because it’s building trust with a younger user base. That kind of trust is what makes platforms targets.

The orbital compute cluster from Kepler Communications is genuinely clever: 40 GPUs in orbit, available for compute work, starting with a customer like Sophia Space. But it’s also another concentration point. Another place where attackers will eventually look because the value-to-difficulty ratio is asymmetric. Breaking into one orbital cluster is harder than breaking into ground infrastructure, but the payoff is proportionally larger.

What I Actually Think

Here’s my honest take: we’re not going to solve this through better password policies or zero-trust architecture or whatever the latest CISO buzzword is.

The reason attacks are working at this scale is because the threat models that protected us 10 years ago assumed a certain amount of fragmentation. Your data was in one place. Your infrastructure was in one place. An attacker had to choose which target to pursue.

Now? Data is everywhere. Infrastructure is concentrated in ways we don’t fully understand. Compute is moving to places—like orbital platforms—where the operational security challenges are completely different from ground infrastructure. And attackers have moved from “steal specific data” to “compromise the systems that manage everything.”

I think the real consequence of this wave isn’t going to be regulation or better security tools. It’s going to be a fundamental restructuring of how enterprises think about trust. Companies are already migrating away from Broadcom/VMware not because of technical failures but because of reputational ones. That pattern will accelerate.

Within 18 months, I’d predict you’ll see major enterprises shifting away from single-vendor infrastructure stacks, not for technical reasons but because the concentration risk is now too visible. It won’t be a coordinated move. It’ll look like individual business decisions. But it’ll be a response to living in a world where the attack surface is so large that your security depends on hoping the other guy’s customers get compromised first.

That’s not a security strategy. That’s a lottery.

Glowing digital globe display at night in Dubai Expo, showcasing illuminated continents. Photo by Denys Gromov / Pexels

What I’m Watching

Rowhammer variants hitting other GPU architectures. AMD and Intel publish security updates in the next 60 days—or they don’t. If they don’t, we’re in uncharted territory for how exploitable production infrastructure becomes. Watch for CVE filings in December.
Enterprise migration away from single-vendor stacks hitting 15% within Q2 2025. This is directional, not absolute. But Broadcom’s VMware situation is a signal. If major banks or cloud providers announce multi-vendor cloud strategies specifically citing risk concentration, that’s your indicator that the psychology has shifted.
Anodot’s customer list becoming public through ransom negotiation or leaked documents. The extortion angle here is critical. If we find out which companies got compromised, we’ll know whether this was targeted (nation-state level) or opportunistic (criminal). That determines whether Anodot becomes a one-off or the template for attacking analytics platforms systematically.
First major incident traced directly to Rowhammer on production Nvidia infrastructure. Not theoretical. Not in a lab. Actual operations disrupted because someone exploited DRAM flipping to escalate privileges on a GPU cluster running real workloads. The clock on this is probably 6-12 months.