Warren Buffett once said it's only when the tide goes out that you discover who's been swimming naked. This week, the tide went out on several fronts simultaneously, and what it revealed was uncomfortable, instructive, and in some cases, long overdue. France opened the week with a breach that should trouble every government running centralised identity infrastructure. Up to 19 million records tied to passports, ID cards, and driver's licenses are now circulating on criminal forums. What makes this worse than a typical data leak is the context: a similar dataset from the same agency surfaced in 2025. This wasn't a surprise attack on a hardened target. It was a recurring failure wearing the face of a solved problem. The Bitwarden supply chain story carried a similar energy. No vaults were cracked, no passwords were stolen, and most users never noticed a thing. But a malicious package briefly moved through npm as part of the Checkmarx campaign, targeting the developers who build the software everyone else depends on. The lesson isn't technical — it's structural. Your security posture now extends to every build pipeline, every dependency, and every automation script upstream of your product. Then came FAST16.SYS, and the week shifted into something darker. This rootkit, which appears to predate Stuxnet, didn't steal data or trigger alarms. It quietly altered precision calculations in memory while leaving every file on disk untouched. Systems looked healthy. Outputs looked reasonable. The only thing wrong was the answer. It is the most patient form of sabotage imaginable, and it reframes what advanced threats are actually capable of when detection, not damage, is the real objective. AI brought its own escalation this week. Researchers are now using AI systems to attack other AI systems at machine speed — probing, learning, and refining exploits far faster than any human team. At the same time, agent browsers like Interceptor are quietly repositioning the browser itself as an autonomous actor, raising legitimate questions about oversight when software is doing the clicking, typing, and deciding on your behalf. Anthropic's Mythos model access story tied several threads together neatly. Contractor credentials, open-source reconnaissance, and data exposed in a third-party breach combined to give a small group access to a restricted model. The intent was curiosity, not sabotage — but the mechanism was a textbook illustration of how third-party access chains create exposure that principal organisations rarely see coming. Apple closed out the privacy section with a rare win, patching a logging bug that had been silently retaining Signal message fragments for up to a month — long after deletion, long after the app was removed. The FBI had already used it in court. The patch is clean and the fix is automatic, but the episode is a pointed reminder that ephemeral and permanent are closer together than most people assume. The week closed on strategy. OpenAI and Microsoft have restructured their foundational partnership, removing exclusivity and capping revenue payments. The AI infrastructure layer is becoming contested ground, and this deal confirms that no single partnership, however dominant it once appeared, is permanent. This week's stories didn't shout. They accumulated. And that, more than anything, is the point.
