• ByteSize
  • Posts
  • Crime Gets Easy, Privacy Gets Hard, Trust Gets Impossible

Crime Gets Easy, Privacy Gets Hard, Trust Gets Impossible

Oh, and... Meta's losing AI talent faster than Facebook loses teenage users to TikTok...

November 18, 2025 • Estimated Reading Time: 12 minutes

State of Trust: AI-driven attacks are getting more sophisticated

AI-driven attacks are getting bigger, faster, and more sophisticated—making risk much more difficult to contain. Without automation to respond quickly to AI threats, teams are forced to react without a plan in place.

This is according to Vanta’s newest State of Trust report, which surveyed 3,500 business and IT leaders across the globe. 

One big change since last year’s report? Teams falling behind AI risks—and spending way more time and energy proving trust than building it.

  1. 61% of leaders spend more time proving security rather than improving it

  2. 59% note that AI risks outpace their expertise

  3. But 95% say AI is making their security teams more effective

Get the full report to learn how organizations are navigating these changes, and what early adopters are doing to stay ahead.

Welcome back! We’re approaching the holiday season—and if you’re anything like me, your calendar says “all hands” while your soul says “no thanks.”

It’s November 18th. On this day in 1970, a young Bill Gates started his programming journey at Lakeside School in Seattle. Yep, the same Bill Gates who built an empire and a paperclip with separation anxiety. Back then, computer time was so expensive that Gates and his buddies basically became digital hustlers, trading free programming services for precious machine time. These kids were grinding harder than a job-seeker deep into a 19-tab application rabbit hole at 2am.

Little did young Bill know he'd grow up to become the guy everyone blames for every Windows update that breaks their printer.

Phishing Gets a PhD in Being Awful

I miss the days when phishing emails looked like they were written by a cat walking across a keyboard. Now we have Quantum Route Redirect, which sounds like something from a Marvel movie, but is actually a phishing platform that makes cybercrime easier than ordering DoorDash. This delightful piece of malware is targeting Microsoft 365 users across 1,000 domains because, apparently, hackers have commitment issues and can't stick to just one URL.

The platform comes "pre-configured" for maximum damage. It's like the Blue Apron of cybercrime, but instead of overpriced vegetables, you get stolen credentials delivered fresh to your inbox. These attacks start with fake DocuSign requests and missed voicemail notifications, because nothing says "legitimate business communication" like a sketchy QR code that screams "scan me if you hate your IT department."

The really charming part is that it can tell the difference between humans and security bots, redirecting actual people to credential-harvesting hell while showing automated scanners perfectly innocent websites.

KnowBe4 researchers found that 76% of attacks hit U.S. users, which tracks because Americans will apparently click on anything if it looks official enough. The platform even has a dashboard showing real-time visitor stats, since it seems cybercriminals need analytics too. What's next, A/B testing for ransomware subject lines? **I guess we’ll find out soon!

VANTA 2025 THE STATE OF TRUST REPORT: AI IS BOTH SAVIOR AND TRAITOR

Remember when our biggest security threat was Karen from Accounting clicking on that "You've Won a Nigerian Lottery!" email? Never would’ve thought those were simpler times. Last week, tech compliance start-up Vanta dropped their 2025 State of Trust report, and it’s painting a picture that would make even the Joker look stable by comparison.

Here's the reality check: 72% of security leaders say risk has never been higher, or in plain-speak: "we're all basically playing whack-a-mole with digital threats while blindfolded." AI attacks have evolved from theoretical nightmare to Tuesday morning routine, with half of businesses reporting more AI-generated threats.

The beautiful contradiction: While everyone's losing sleep over AI potentially ending civilization, 79% of organizations are actively deploying agentic AI to handle their security tasks. It's like asking the Terminator to babysit your kids because he's really good with protection protocols.

Key findings that'll keep up us at night:

  • Security teams burn 12 weeks per year just proving they're secure (that's, like, three months of PowerPoints)

  • 56% dealt with vendor breaches this year, proving that outsourcing your problems doesn't actually make them disappear

  • Only 48% have frameworks to control their agentic AI usage (the other 52% are winging it)

  • 95% say AI improved security effectiveness (while simultaneously panicking about it)

We find it most absurd that almost two-thirds (!!!) spend more time proving security than actually improving it.

Vanta's report brilliantly captures this train wreck of modern security management, where everyone's simultaneously terrified of AI while betting their entire security stack on it. Unlike this report, that’s not so smart!

Firefox Fights the Fingerprint Police

Mozilla just dropped Firefox 145 with new anti-fingerprinting tech that's supposedly harder to crack than Mark Zuckerberg's attempt at human emotion. The browser now adds random noise to background images and lies about your processor cores, telling websites you have exactly two because apparently that's the sweet spot between "functional computer" and "potato with WiFi."

Firefox will now only report "standard OS fonts," which means goodbye to that custom font collection you've been hoarding like Golum.

The new protections dropped user trackability from 35% to 20%, which sounds impressive until you realize that means one in five users can still be tracked like they're wearing an ankle bracelet.

Mozilla admits they can't go full nuclear on tracking protection because it would break legitimate website features. Or as I like to put it, the internet is held together with duct tape and tracking scripts, and removing too much would cause the whole thing to collapse like a Jenga tower built by someone having an existential crisis.

⚙️ TOOL TIME

AWS re:Invent 2025: Your Annual Pilgrimage to Cloud Nirvana

December 1-5 in Las Vegas—where the house always wins, but this time you might actually learn something useful. AWS re:Invent is back with what promises to be bigger than Bezos's ego, with more keynotes than a TED Talk marathon and enough networking events to put your LinkedIn to shame.

This year's event spans multiple Vegas venues including Caesars Forum, Mandalay Bay, and The Venetian, creating a tech wonderland bigger than most startup headquarters. With over 1,000 technical sessions covering everything from generative AI to serverless architecture, it's like having access to the world's most expensive computer science degree (but with better snacks!).

The real value here is in the depth of content. Here's what makes it worth your time:

  • Sessions on "agentic AI advancements" with Amazon Connect show how AI is evolving beyond chatbots that can't understand your accent

  • Hands-on labs let you break AWS services without accidentally launching 500 EC2 instances and explaining that bill to your boss

  • Whether you're designing the next Netflix infrastructure, actually understanding Kubernetes, or keeping digital wolves at bay, there's content built for your specific nightmare

  • Connect with people who speak your language (and by language, we mean arguing about microservices architecture).

The legendary re:Play party is also where real connections happen between sessions about machine learning pipelines and container orchestration. Plus, the direct access to AWS experts means you can finally get answers to those Stack Overflow questions that have been haunting your dreams.

Bottom line: If you're serious about cloud infrastructure and AI implementation, this is where the industry's best practices get shared, debugged, and refined. Just remember to pace yourself—Vegas and technical deep-dives are both exhausting in their own special ways.

👨‍💻 JOB OPPORTUNITIES

Senior IT Engineer (AI & Collaboration Tools) @ Headway — Headway needs someone to help therapists accept insurance while managing AI tools. Think of it as being a digital therapist for tech that's having an identity crisis about whether it should help humans or replace them.

IT Infrastructure Manager @ Corporate Tools LLC — Keep networks from catching fire (metaphorically) while managing a team that knows the difference between a patch panel and a panic attack. Perks include a pretty salary and a trail mix bar, because proteins like bulk nuts and the occasional cashew are essential to your well-being.

Director, IT @ MongoDB —MongoDB is hiring someone to lead global support teams and implement ITIL best practices. Basically, you're the Walter White of database management, but instead of cooking meth, you're cooking up service tickets and hoping nothing explodes.

ERP Asset Management Specialist @ CloudFlare — Track data center assets with the precision of John Wick tracking his enemies, but with more spreadsheets and fewer explosions. Must love Oracle databases and long walks through server rooms.

🛩 INDUSTRY MOVES

This week's community questions prove that even in 2025, we're still fighting the same battles our ancestors fought in the digital stone age:

That’s the bytes. Back next week with more context, chaos, and caffeine. Now, go forth and automate something you were never gonna do anyway.

Got news to share or topics you'd like us to cover? Send ‘em our way by responding to this email. We can’t wait to hear from you. Really.