Logo
Home
Archive
Tags
About
Search
Sign in
Get The Context
Logo
AI hackers vs. zombie PCs

identity

AI hackers vs. zombie PCs

A crumbling perimeter meets rising machine identity and over-trusted connected systems.

David Hawks
David Hawks

9 July 2026

3 min read

SHARE

The week ending 21 October handed security leaders two clocks running at incompatible speeds: ageing endpoints that cannot move quickly, and AI-augmented adversaries closing the gap between disclosure and exploitation to near zero.

That is not a future threat. It is the operating condition now.

  • Why unpatchable endpoints have become containment problems

  • How synthetic identity changes verification risk

  • Why AI governance is becoming a board evidence question

Context update
The issues that are shaping trust, security, and AI in this edition:
01
Security
The legacy debt trap meets machine-speed attack
Microsoft now processes roughly 100 trillion security signals daily, with AI-powered attacks driving the volume. When patch-to-exploit time collapses, endpoints that cannot receive patches stop being a moderate risk and become fixed points an adversary can plan around.
LessonMeasure legacy risk by how fast you can contain a device you already know you cannot patch.
02
Identity
The autonomous adversary is a business model
CrowdStrike names Australia the top regional ransomware target, while deepfake image-based abuse has doubled. Synthetic identity attacks are no longer a demonstration; they are part of the operating environment for verification, helpdesk, and approval flows.
LessonAudit any high-stakes verification step that still relies on a voice, a face, or a video.
03
Governance
The governance clock has started running for boards
Clayton Utz has tied director duties directly to AI governance failures, while updated government guidance frames risk management and accountability as baseline expectations. AI governance is now an auditable control question, not a technology-team side project.
LessonIf nobody owns the AI tool register, that is the first gap to close.
In Focus
When the endpoint cannot be trusted

This week's long read traces the mechanism behind the issue: a trusted edge appliance, an unpatchable endpoint, and a machine-identity token can fail in the same direction. Each turns a control boundary into a path of movement.

The practical response is not another perimeter promise. It is isolation architecture: assume a weak endpoint exists now, and design the network so that weakness cannot propagate.

 
In Focus
A deeper look at how the trust boundary degrades, where Zero Trust assumptions snap, and why isolation is the more honest budget argument.
Big Read
Read now ->
Retrospective

So what have we learned from this week?

Not that the threats are new. Legacy endpoints and social engineering have always been around. What is new is the decoupling of sophistication from consequence. The F5 advisory shows a well-resourced adversary exploiting a device built to be trusted. The WA Health breach shows a 15-year-old with no malicious intent walking through a gap that had no anomaly detection behind it.

Both land in the same place: a trust boundary that assumed it would not be tested. The architectural response is not a better watchtower. It is building so that when the watchtower fails, the failure does not spread.

Poll of the week

What is your organisation doing with Windows 10 endpoints that cannot meet Windows 11 hardware requirements?

  1. Full replacement — absorbing the capital expenditure now rather than later

  2. Extended Security Updates — paying Microsoft to maintain a patch runway while planning migration

  3. Isolation play — quarantining legacy machines in segmented or virtual desktop environments

  4. Risk acceptance — continuing to run them with endpoint detection as the primary control

Takeaways
These are this edition's takeaways.
01
The patch-to-exploit buffer has collapsed.
AI-powered attacks make unpatchable endpoints a containment problem, not merely an upgrade backlog.
02
Synthetic identity is already operational.
Voice, video, and visual confirmation need hardware-backed alternatives for high-stakes actions.
03
Trusted edge systems can become the weak point.
The F5 incident is a reminder that the inspection layer itself needs to be treated as fallible.
04
AI governance now needs auditable controls.
The board question is moving from policy intent to evidence: registers, provenance checks, owners, and tested kill switches.
Opinion
❝

Two clocks ran at incompatible speeds this week, and the uncomfortable part is that only one of them can be sped up. Ageing endpoints and procurement cycles move at the pace they have always moved at. The attackers exploiting them are not waiting for that pace to catch up — they have already done the market analysis on which regions and which devices are worth the effort.

What that means in practice is that legacy risk can no longer be measured by counting vulnerabilities. It has to be measured by how fast a device that cannot be patched can be contained, because containment speed is now the only lever still under an organisation's control.

The governance thread underneath all of it is the one I think gets underweighted: director duties are starting to attach directly to AI oversight, which means the real question is no longer whether a board cares about an AI tool register. It is whether whoever owns that register can produce it, and prove the kill switch behind it actually works, before it is asked for under worse circumstances.

I hope you found this edition useful. I'm always looking for feedback to improve The Context, so please reach out with any suggestions. If it shifted your thinking, the highest compliment would be to share it with someone else whose thinking it might help shift as well.

Share The Context

Until next week, many thanks for reading,

David

Recent Posts

Turning Big Ideas into Real-World Achievements

Turning Big Ideas into Real-World Achievements


Spotlight

Trust – the Hidden Architecture of Human Interact

Aug 11, 2025

Trust – the Hidden Architecture of Human Interact

Read next
Turning Big Ideas into Real-World Achievements

AI Governance

+1

Turning Big Ideas into Real-World Achievements

Weekly Context Issue 001 styling recovery test using PT-lean.

David Hawks

9 June 2026

Turning Big Ideas into Real-World Achievements

Turning Big Ideas into Real-World Achievements

Easy to reflect on and even easier to use — these thoughts can improve both action and intention.

David Hawks

3 June 2026

Get The Context in your inbox

New editions arrive when the analysis is ready. Subscribe once; update at any time.

Unsubscribe any time.


AI, trust, and security, explained.

Tools


Pages




AI systems explained trust made practical security in context
regular essays practical analysis trusted context
© 2026 Prompting Trust.
beehiivPowered by beehiiv