Summary Bullets:

• Don’t use AI browsers or AI browser extensions – the loss of privacy isn’t worth the functionality.

• AI companies mean well, but the privacy implications of these products are unsuitable for enterprise or personal use.

“If you are not paying for it, you’re not the customer; you’re the product being sold.” – Andrew Lewis (blue_beetle), MetaFilter comment (2010)

It’s not news that AI is being talked about everywhere. It’s also not news that the websites and applications you use regularly are doing their level best to spy on you or obtain data that can be used internally or be sold to advertisers. Nor is it news that the state of privacy laws across the world is pretty poor, despite the EU giving its best attempt and the US pretending that three lines of legalese in a 15-page disclaimer somehow magically sets the ‘informed’ flag on users.

But the latest trend involves AI companies either creating browser extensions or, in at least one case, creating their own browser. OpenAI is touting its AI-enabled browser called Atlas, designed to both remember all activity, search that activity, chat, and do any number of AI-enhanced things. OpenAI rival Perplexity has a browser product called Comet. There are even sidebar browser extensions for Microsoft Copilot and Google Gemini. Some browsers, such as Firefox and Brave, come with an AI sidebar but uses your choice of LLM.

The first problem is an AI watching everything – your passwords, all text you type, your URLs… everything. Then that data isn’t stored locally; it’s stored with the AI. The problems here are no different than the problems with Microsoft Recall, an AI-driven search and backup feature that Microsoft released earlier in 2025, much to the consternation of pretty much everyone. All these AI companies have multiple safeguards to protect data, have stated policies on how such data can be used and where, and are being pretty upfront about how and when they use your data. They allow end users to pick and choose when the AI is available or even forget that data after a session. Companies adding these AI features to the browser are legitimately trying to make the lives of users easier with AI and protect user privacy.

They are adding other safeguards as well. OpenAI says that its Atlas AI browser cannot access other applications, download files, and cannot install extensions. Technological limits to prevent AI browsers and extensions from becoming security risks are being taken.

But giving any corporation a detailed record of all activities conducted on the internet, including every click, search, text, or picture and the metadata around it could have disastrous consequences in the long term. Hackers could gain access to the data. Governments could seize the data and use it against a populace or an individual. Companies get bought, end user agreements change, or investors could simply demand that all that personal data is monetized. If companies go out of business, what happens to the data? A fair amount of the world doesn’t have any legal mechanism to force businesses to delete data either.

Then there are the other issues, regarding security on your desktop. Social engineering or AI chat window spoofing is a real issue. That’s just the tip of the iceberg.

Every individual and every enterprise have the choice to decide whether the risks are worth the utility of having AI integrated into your browser. Everyone wants tools that work better; some of the features in AI browsers are impressive, and likely even more features will be coming. But that shouldn’t be at the expense of risking all your personal data or risking the company’s internal data, no matter how nice the tools look or how much you trusts a given AI vendor. This is about ensuring personal privacy and the data security of enterprises. Take a pass on AI browsers and AI browser extensions. Nobody would stand for being under video and audio surveillance every second and everywhere. Don’t allow the same to happen to your digital life.

Jaguar Land Rover, the iconic British car manufacturer has had virtually no production in its plants since the end of August 2025. A devastating cyberattack shut the company down – details on how the attack happened, who initiated the attack, and why it so thoroughly shut down Jaguar Land Rover have not been released to date. The postmortem will be an interesting read, more so to find out how much of the effect of this cyberattack was Jaguar Land Rover’s fault. No, this isn’t indulgent victim-blaming, and right now there is no proof the Jaguar Land Rover was anything but diligent. But the length of the shutdown and the secrecy does arise suspicions. Under principles of good business continuity and disaster recovery, Jaguar Land Rover should have been at least somewhat back in production by now. But analysis will really have to wait until details emerge.

This does highlight an issue that most organizations struggle with. Cybersecurity, as well as disaster recovery and business continuity, are preventative – they shouldn’t be noticed unless they are needed… or if they didn’t work. It’s hard to get satisfaction creating business continuity/disaster recovery (BC/DR) systems that you may never get to actually use. Security has a much higher profile… but ‘everything is running smoothly’ doesn’t often gain accolades.

Cybersecurity, and especially BC/DR are often pressured to compromise, for finance, for convenience, and because neither function will ever make money for the organization. Often there is a push to compare cybersecurity and BC/DR to an automotive or homeowner’s insurance policy, that they offer peace of mind. There is a better way to think about it. Think of cybersecurity and BC/DR like law enforcement thinks about bomb squad units. Bomb squad units get all the training and practice they want. Bomb squad units are encouraged to get the latest training, learn the latest advances, and to keep their equipment as up to date as possible. Nobody thinks that the bomb squad has it easy when they render an explosive safe, or in the best of times are not called on. Nobody suggests that the bomb squad does more with less. Because the consequences are so extreme, both for the bomb squad and for the law enforcement organization.

Budget holders need to start viewing cybersecurity, BC/DR, and BC/DR testing like the bomb squad. Yes, they provide peace of mind. But what they really provide is protection from extreme consequences. Nobody wants the organization in the news for having been knocked offline for a month in every major news outlet. Nobody wants to have to create the postmortem and present it to the board and likely various government officials, insurance executives, investor representatives and lawyers. Let’s not let this plea to take cybersecurity and BC/DR seriously fall on deaf ears like it has in the past.

Cisco’s Quantum Labs research team, part of Outshift by Cisco, has announced that they have completed a complete software solution prototype. The latest part is the Cisco Quantum Complier prototype, designed for distributed quantum computing across networked processors. In short, it allows a network of quantum computers, of all types, to participate in solving a single problem. Even better, this new compiler supports distributed quantum error correction. Instead of a quantum computer needing to have a huge number of qbits itself, the load can be spread out among multiple quantum computers. This coordination is handled across a quantum network, powered by Cisco’s Quantum Network entanglement chip, which was announced in May 2025. This network could also be used to secure communications for traditional servers as well.

For some quick background – one of the factors holding quantum computers back is the lack of quantity and quality when it comes to qubits. Most of the amazing things quantum computers can in theory do require thousands or millions of qubits. Today we have systems with around a thousand qubits. But those qubits need to be quality qubits. Qubits are extremely susceptible to outside interference. Qubits need to be available in quantity as well as quality. To fix the quality problem, there has been a considerable amount of work performed on error correction for qubits. But again, most quantum error correction routines require even more qubits to create logical ‘stable’ qubits. Research has been ongoing across the industry – everyone is looking for a way to create large amounts of stable qubits.

What Cisco is proposing is that instead of making a single quantum processor bigger to have more qubits, multiple quantum processors can be strung together with their quantum networking technology and the quality of the transmitted qubits should be ensured with distributed error correction. It’s an intriguing idea – as Cisco more or less points out we didn’t achieve scale with traditional computing by simply making a single CPU bigger and bigger until it could handle all tasks. Instead, multiple CPUs were integrated on a server and then those servers networked together to share the load. That makes good sense, and it’s an interesting approach. Just like with traditional CPUs, quantum processors will not suddenly stop growing – but if this works it will allow scaling of those quantum processors on a smaller scale, possibly ushering in useful, practical quantum computing sooner.

Is this the breakthrough needed to bring about the quantum computing revolution? At this point it’s a prototype – not an extensively tested method. Quantum computing requires so much fundamental physics research and is so complicated that its extremely hard to say if what Cisco is suggesting can usher in that new quantum age. But it is extremely interesting, and it will certainly be worth watching this approach as Cisco ramps up its efforts in quantum technologies.

Summary bullets:

• The long-awaited merger is nearly here

• The impact of these concessions will play out over time

The long, drawn-out saga of HPE’s quest to buy Juniper has reached another milestone. HPE and the United States Department of Justice (DoJ) have reached a deal that, pending judicial approval, will allow the transaction to complete. However, there are a couple of concessions on HPE’s part. First it must divest its HPE Aruba Instant On business within 180 days to satisfy the DoJ’s worries about Wi-Fi market share of the combined companies. Second, HPE must auction off a perpetual, non-exclusive license to the source code for AI Ops for Mist.

The impact to HPE is more around the Instant On business. HPE’s networking division, in all its many perturbations dating all the way back to its original ProCurve networking products, has had a strong presence in the SMB/SME market. Loss of the Instant On business will be a blow to any SMB/SME ambitions HPE may have. However, this comes in exchange for access to the data center networking market, a much more mature AI to base their networking and other products on, and access to the security and telco markets that the acquisition of Juniper will facilitate.

When it comes to having to license the AI Ops for Mist product, the potential competitive issues for HPE really depend on who wins the auction. A direct networking competitor would be the worst result for HPE. But if if AI Ops for Mist by more of a generalized Ops-focused vendor, it would be easier for HPE to compete. HPE already has its OpsRamp solution and folding the Mist AI into it should be technically doable if it becomes a competitive issue. The big place for AI Ops for Mist is of course in the networking division, where HPE can claim that Mist AI is more mature than the AI offered by other networking competitors.

One last thing on the subject – it is food for thought to ponder where the HPE Aruba Instant On solution may land. With security and networking becoming so interconnected to meet the enterprise goals of security, simplicity, and operational efficiency, there very well may be a security company out there that would like to start their networking journey and Instant On would be a place to start in the SMB/SME market. Companies like Palo Alto Networks come to mind, or a networking vendor that wants to crack the SMB/SME market like Arista. All of that, including how much it will cost to buy Instant On, is a matter of speculation. Over the next few months there will no doubt be more news on HPE’s latest networking acquisition and the fallout from the concessions made to the DoJ.

Summary Bullets:

• Password managers do tend to make logging in easier – but it’s a change that people must get used to…

• To really embrace cybersecurity, there needs to be a reckoning to correct old thinking and ideas.

Sixteen (16) billion. That’s a number that isn’t comprehendible. It’s a number you hear on the news, usually in a science segment or in a finance segment talking about the ultra-wealthy. But this time, 16 billion is the number of exposed login credentials researchers from Cybernews found in an exposed dataset. This dataset contains stolen login credentials, mostly gained via malware. The credentials come from everywhere – from websites around the world, including popular websites and cloud services.

What is known is that the dataset was visible for a short time before being taken down. We know that some or all of the data in the dataset is not new but comes from earlier breaches and infostealers. We do not know where the data was being held/exposed from. The data wasn’t stolen from any one site breach, but likely a compilation of earlier stolen credentials. Initial reports seem to indicate that much of the discovery is net-new, but that has since been disputed. Still, that many credentials in one spot is a worry.

What was interesting about this information was essentially the lack of reaction from the public. Sure, skepticism of the discovery happened quickly – many security experts feel that this was a bit of a case of crying wolf. But the initial reaction by the public was more of a shrug. After all, how many times can a person’s login credentials get stolen? How many times should an individual go through the cumbersome process of updating passwords? Especially when it seems like there are more breaches every day. Keeping one’s credentials up to date after breaches begins to look like a Sisyphean task.

Cybersecurity fatigue is real, and the public is becoming increasingly numb about cybersecurity incidents. Reminders to update passkeys, use password managers, don’t reuse passwords, and enable multi-factor authentication are a constant drumbeat. With every hysteria-filled announcement of another breach that spills user data and login credentials, more people tune it out entirely – after all, *they* have never been hit.

The ugly truth: Good cybersecurity is difficult, even when just talking about login and passwords. Passwords should be long, 20-30 characters, randomly generated, and contain upper- and lower-case letters, numbers, and symbols. Each site should have its own password. People resist that – extremely difficult to remember a password like that, and it’s much easier to simply have a single password to use everywhere. A password manager is required to generate and store these passwords, as well as enter them when it comes time to log in. That password manager needs to work across platforms – e.g., Apple (e.g., phones, tablets, macs), PC, Android, and Linux.

But a password manager is yet another thing – one that requires its own password. To make it worse, the very public breach of LastPass, a popular password manager, makes people distrust password managers, especially those with a cloud component. There is also the learning barrier – using a password manager requires effort and changes how you log in. Password managers do tend to make logging in easier – but it’s a change that people must get used to, and people hate change to daily routines like logging in. Changing habits is hard, and not being able to just instantly enter a memorized password feels frustrating at first.

To really embrace cybersecurity, there needs to be a reckoning to correct old thinking and ideas. Let’s take a look:

• Password managers are not hard or scary – they are designed for ease of use, and there are tons of tutorials.

• Your personal password generation is vulnerable, no matter how clever the scheme you created is. Brute force techniques are far better than you imagine. And no, the word ‘password’ backwards isn’t clever.

• Password re-use is a vulnerability, no matter how easy it makes things.

• The fact that a person has never been hacked or doesn’t know anyone who has been isn’t a reason to keep old practices.

• This isn’t about having perfect security. It’s about protecting yourself and limiting damage if a breach occurs. Just like locking your doors and putting your blinds down at night.

Take the plunge yourself, get a password manager, then show a friend that it isn’t that hard and, in the end, never forgetting a password is a time-saver too! Proactive action with a password manager and password hygiene is important, and we cannot let the slew of high-profile breaches numb us from upping the quality of our own cybersecurity regimen.

Summary Bullets:

• Cybersecurity threats are increasing.

• The preferred solution to increase cybersecurity risks is certifications for IT staff as well as security awareness training for all staff.

Cybersecurity is hard. Lack of skills, education, and modern security products + architectures make it worse.

Fortinet’s latest 2024 Cybersecurity Skills Gap report backs that up and brings to light a few other contributing factors. Fortinet got responses from 1,850 decision-makers in technology, manufacturing, and financial services spread out fairly evenly across the globe. Overall, the survey shows that training for IT professionals and end users is the highest priority. Further, it shows that there needs to be more education – the skills gap is huge and makes it difficult for enterprises, governments, and institutions to hire the skilled people they need. This is all accentuated by a worsening threat and consequences environment.

Of particular interest were the responses regarding the question of corporate leaders being held accountable after an attack or breach: 51% respondents indicate that leaders faced consequences including fines, loss of employment, loss of position, or even jail time. The survey shows that an astounding 87% surveyed enterprises have experienced one or more breaches in 2023. Further, the survey indicates that those numbers have been rising since 2021, as have the financial costs of breaches. Organizations that report breaches but with no financial cost have been shrinking as well.

Unsurprisingly, corporate boards are showing increased interest in cybersecurity. Rising risks to the business, more costly breaches, and rising personal penalty occurrences are all factors. The survey concludes that boards consider cybersecurity a business priority nearly unanimously. However, it indicates that only a little bit over half of those same boards are discussing hiring or have hired more IT/security professionals.

People are the Problem
These survey results show that a lack of IT staff training (64%) and business staff training (61%) is considered the most likely causes of a breach, closely followed by a lack of cybersecurity products (59%). The survey also indicates that the preferred solution to increasing cybersecurity risks is certifications for IT staff and security awareness training for all staff. Even experienced IT professionals make mistakes or cut corners in pressure situations. For business staff, cybersecurity isn’t the first thing on their minds when they begin a day’s work: They have their own tasks and priorities, and problems to solve. Training, refreshers, and reminders about good cybersecurity habits are a must.

Further, the survey indicates that it is increasingly difficult to find certified security staff, by 70% of respondents, and believe that difficulty increases cybersecurity risks. Enterprises are willing to change hiring standards and invest in training and certifications to fill the skills gap in new cybersecurity hires.

The Fortinet survey provides good information, and IT professionals should use it to help inform and educate their own chain of command. There is a pervasive reflex in business to ‘right-size’ investments in people, training, and solutions – particularly those who are not paying particular attention to current cybersecurity conditions. In the realm of cybersecurity, that approach needs to be set aside. Cybersecurity threats are increasing. Enterprises need better training, more skills and skilled personnel, and modern cybersecurity solutions with modern architectures.