Two Weeks in Cybersecurity… Still Cynical, Still Broken, Still Surprised

blog 2 Minutes

The Infosec Community Vibe Check is a recurring look at what the security community has been talking about across the Fediverse ā€” primarily on infosec.exchange, mastodon.social, chaos.social, and defcon.social.

This isn’t a scientific survey. It’s based on who I follow, what surfaced in my timeline during the reporting period, and the themes that kept coming up. Your feed may tell a different story. That’s the point.

Reporting period: 2026-05-09 to 2026-05-20

Days tracked

12

Community vibe

Fatigued

Top theme streak

11 days

Theme frequency

AI overpromise
Ā 
11d
AI ethics & misuse
Ā 
5d
Other
Ā 
4d
Governance
Ā 
3d
AI costs
Ā 
3d
Society & politics
Ā 
3d
Security vulns
Ā 
2d
AI & devs
Ā 
2d

Daily snapshot

9 May
AI overpromiseAI ethics & misuse
10 May
OtherAI overpromiseGovernance
11 May
Infra & toolsAI costsSociety & politics
12 May
AI overpromiseSecurity vulnsOther
13 May
AI overpromiseAI ethics & misuseOther
14 May
AI overpromiseOtherAI & devs
15 May
Open sourceAI overpromiseSociety & politics
16 May
AI overpromiseGovernanceAI costsVendor criticism
17 May
AI overpromiseAI ethics & misuse
18 May
AI overpromiseAI costsSociety & politics
19 May
AI overpromiseAI ethics & misuseAI ethics & misuseSecurity vulns
20 May
AI & devsAI overpromiseGovernance

The one that never sleeps

AI overpromise appeared in every single daily digest this period. It’s not a theme any more, it’s the daily reality we’re all dealing with. Either that, or I follow the most pessimistic people when it comes to AI…

The community spent twelve days staring at AI and liked absolutely none of what it saw.

Every single day someone mentioned AI security tools overpromising on detection rates. Which tbh, is how we have all felt about SIEM, and other tools for years.

Is the AI fatigue warranted?

I don’t know… social media rewards edgy content more than anything else. And who doesn’t like to be edgy in cybersecurity? While the budget conversations get more absurd… there seems to be merit in organisations looking at AI subscription costs that make enterprise software licensing look quaint.

What made it worse was the scatter pattern. One day it’s researchers using preschoolers to train models. Another it’s a provider facilitating DDoS attacks whilst selling protection from them. Then someone discovers firmware in a soldering iron and the whole IoT farce comes back into focus. None of it connects except in the feeling it generates, which is roughly… we have built a very expensive machine for making things worse.

Self-hosting as fantasy

The dream died quietly around 11 May. Turns out you can’t just self-host your way out of vendor lock-in without the personnel, the capital, and the time that organisations explicitly do not have. GitHub’s looking shaky under Microsoft. Costs are rising. The FOSS communities aren’t addressing accessibility. And the people suggesting ‘just run your own infrastructure’ have clearly never had to explain TCO to a finance director who’s already binned the training budget.

Deck culture and the tyranny of slides

Someone finally said it on the 16th. Corporate deck culture has become performance art. Slide after slide of nothing dressed up as strategy. Everyone knows it’s pointless. Everyone still does it. Security’s especially bad for this because half the job is now explaining risk to people who’ve already decided what they’re going to do.

The whole fortnight felt like watching a community being as cynical as always… and it was beautiful. Maybe that’s why I follow all these people!Ā 

Published