AI Archives - Cyber Protection Magazine

Security for less than $500 a month

Lou Covey April 28, 2026

Cybersecurity companies tend to target large enterprises because, that’s where all the money is. supposedly. They may be missing a lucrative bet and a solution to AI-generated attacks.

In 2025, Comcast issued a report that said 95% of all cyber breaches began with someone in an organization clicking on a malicious link. It wasn’t a brilliant hacker breaking through military grade encryption, or a rogue LLM from a major AI platform discovering backdoors. It was someone not paying attention to the warning signs.

Security training is supposed to reduce that by making users more aware of those signs. That is being tested by AI-generated phishing programs massively increasing the number of attempts. A Hoxhunt survey estimated Ai has caused a 14X increase in phishing attempts in the past year.

Stopping the inevitable

The question is, with cybersecurity hitting a $328 billion market size, why is it getting worse?

Benny Czarny, CEO of OPSWAT, answers that question in a new book, “Upside Down Cybersecurity” that just came out. “The reality is that the market is not adopting this technology or it’s underlying concept fast enough.”

To be accurate, Czarny is talking about OPSWAT’s content disarm and reconstruction (CDR) technology, but based on talks with dozens of CEOs and CISOs at the RSAC Conference in April, the same complaint is made by every company in cybersecurity.

Essentially, the customers that haven’t bought into a cybersecurity service or tool is stupid. They don’t say that for publication, but they do say it. They may be missing another reason. Cybersecurity companies don’t know how to sell their products and services to the people that most need them. Conversations with customers at RSAC back that up.

Untapped SMB market

A 2022 McKinsey survey showed small to medium businesses (SMBs) represent a total market of $1.5 trillion to $2.0 trillion. That market is generally ignored in favor of Fortune 1000 companies. Moreover, the survey noted that current commercial solutions do not meet needs of SMBs and mid-market companies.

(It should be noted that McKinsey’s numbers are based on an erroneous 1998 report on the cost of the cybercrime that was overstated by a factor of between 5 and 10 times the actual number. Official total of cybercrime total less than $1 trillion, making the total available market need at less than that.)

That’s a meaningful response to Czarney’s complaint. OPSWAT’s focus is on big infrastructure. Their pricing is not transparent because, as the saying goes, “if you have to ask, you can’t afford it.” That limits OPSWAT’s market to less than 150 customers and, as he said, they are making a good living off of it. OPSWAT and the majority of the industry are still, however, leaving billions of dollars on the table.

There is evidence that better training makes a difference. Security behavior-change programs, as opposed to traditional awareness model, employees recognized and reported social engineering attacks with a 6x improvement in 6 months, and reduced the number of malicious clicks by 87%, according to a recent report by Hoxhunt. The key, however, may be providing services that block malicious links or alert users to potential danger and with little to no cost to an organization. Encouragingly enough, there are services that do exactly that.

Security at $500/month

DNSFilter processes about 170 billion DNS queries daily, blocking 200 million categorized threats. That’s millions of phishing campaigns failing to reach targets That's significant volume. They also claim to block threats an average of 10 days faster than traditional threat feeds. Significantly, their pricing model starts at $240 a year, for up to 20 users up to a minimum of $1080 per year for a large enterprise. This easily fits into the Cyber Protection Magazine Security Under $500 a Month classification.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

AI industry at a crossroads

Lou Covey February 25, 2026

The AI industry appears to be reaching a crossroads that will determine its future in the next two years. The only clear outcome is it will not be what it is now, nor what it is predicted to be.

Most doomsayers and cheerleaders largely agree on a single vision: The technology will destroy hundreds of thousands of jobs. Wealthy investors and captains of industry consider that a good thing and mumble about universal income legislation and Star-Trekkian futures. White-color workers and unions see the future less optimistically. But cooler heads see a precarious future. Those cooler heads include Anthropic’s Claude, OpenAI’s Chat GPT, and X.ai’s Grok. Cyber Protection Magazine talked to all three, and they all came up with four likely scenarios that may be brewing even as this article is read.

A security breach or a major AI system collapse.
Technical plateau causing diminishing returns on scalability.
Strict regulatory legislation that stifles innovation and makes development too expensive to pursue.
A significant economic downturn or massive market correction drying up capital investment.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

A world surrounded by disconnected data centers

Prediction 2026: Beginning of the end of the WWW

Lou Covey January 20, 2026

As the world stumbles head on into deglobalization we predict national sovereign clouds will replace international access to data. That is good news for in-country corporations and for security companies in specific fields. It may not be so good for large multinational tech firms and people living in authoritarian countries. It may also mean the end of the World Wide Web.

Sovereign clouds used to be referred as proprietary clouds to keep intellectual property (IP) secure. National sovereign clouds today are used to control access to citizens private data. For big tech, multiple governments require organizations to comply with data protection laws requiring specific data residency and management practices. National sovereign clouds facilitate that within the country but create significant complexity for multinational operations. Even within a specific politico-economic bloc like the EU, there are different regulations within the bloc for data security.

In a recent blog post, Cory Doctorow summed up the current business climate caused by geopolitical shifts, "There's finally political space to stop worrying about tariffs and reconsider anti-circumvention laws, to create disenshittification nations that stage raids on the most valuable lines of business of the most profitable companies in world history – Big Tech."

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

Gartner hype cycle shows generative AI well down the slope into the trough if disillusionment

Credibility and fortunes at risk with AI

Lou Covey October 8, 2025

The failure of the current iteration of generative AI to live up to its promises is putting severe strain on its credibility. A collapse could result in the destruction of personal wealth on a massive scale. While it is probably a given that the artificial intelligence (AI) industry is here to stay, questions are many. What form will survive, what will it really cost, and what is the near-term effect on other sectors like the cybersecurity industry?
There are more than 5,000 cybersecurity tool providers and thousands more MSSPs and all of them, in some form, are reliant on AI to some degree. Cybersecurity marketing, investment, and especially technology development could be a disastrous dependency… or not.
AI startup funding reached $333 billion in 2024 AI in 2024. Global venture capital funding for generative AI reached approximately $45 billion in 2024, from $24 billion in 2023 AI Investment Trends 2025. AI-related investments accounted for 33 percent of total investments into VC-backed companies in the U.S. This year, global venture capital investment in generative AI appears ready to dwarf those totals, with $49.2 billion in the first half of 2025. It is on track to exceed $100 billion this year .
The big knock on AI is the lack of an effective infrastructure to support the claims the AI companies are making on potential uses. In response, tech giants are making massive infrastructure investments: More than $300 billion has been invested this year on AI infrastructure tech megacaps plan to spend more than $300 billion in 2025 as AI race intensifies.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

NASA rendering of newly discovered black hole, analogous to the black hole in AI agents

AI chaos creates MCP hole

Lou Covey August 14, 2025

The AI industry is an absolute mess. The technologies necessary for its operation are siloed and opaque to customers without the technical skills to understand them. The chaos of model context protocol (MCP) adoption is a case in point.

Anthropic’s created MCP and released last November). The companies chatbot, Claude, said the protocol “bridges the gap between AI models and the external world.” More simply, it is an AI application integrator. MCP servers are supposed to do this securely without giving access to sensitive areas of a user's computer or network. Multiple reports from security researchers say it fails miserably in that effort. That makes current agentic AI technology development dangerous. Undaunted, corporate momentum and boardroom ignorance is driving it forward.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Schneier predicts “public” LLMs

Lou Covey May 9, 2025

ibuted and democratic, according to renowned security technologist, Bruce Schneier, not controlled by corporations. Developments in the past few weeks indicate he may be right.

Speaking at the RSAC Conference in San Francisco last week, Schneier talked of trust and how we give it to people, strangers, organizations, and technology. His description of that process predicted the development of artificial intelligence controlled almost exclusively by the user, rather than the dystopian corporate AI replacing humanity.

Engineer blowing a popping bubble labeled AI industry

AI bubble about to pop for cybersecurity?

Lou Covey April 8, 2025

As quickly as the artificial intelligence (AI) industry appeared, it may disappear just as quickly. That may have significant ramifications for cybersecurity, according to industry watchers, as the technology falls into the trough of disillusionment.

When OpenAI burst on the scene more than two years ago, Microsoft was a significant instigator in its growth and adoption. Microsoft invested billions in the not-for-profit enterprise for early access to cutting-edge AI technologies and helping accelerate OpenAI's research. It transformed its Azure cloud platform into a leading infrastructure provider for AI development, offering specialized hardware (like GPUs and TPUs) and services tailored for machine learning workloads. AI capabilities were embedded across its product suite, and Microsoft Research contributed significantly to AI advancement in computer vision, natural language processing, and deep learning.

All of that came with extreme demands on computing resources. Microsoft began a buying spree in data centers, both to secure resources and build new centers. They even entered into a deal to reopen the notorious Three Mile Island nuclear power plant.

Spree ends

That has all come to an end. As reported in Bloomberg last week, the company decided to scale back data center projects in the UK, Australia, and Indonesia. Data center development in Illinois, North Dakota, and Wisconsin is also canceled. All tolled, Microsoft has walked away from more than 2GW. That’s on top of the news that Microsoft had walked away from two data center projects in the US and Europe, piling on to a February announcement that it was canceling data center leases.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

Greg Linres, Huntress principle threat Intelligence Analyst

Phishing grows but can be blunted

Lou Covey February 28, 2025

Phishing attacks are on the rise again with the help of sophisticated generative-AI tools. However, new defenses and increased wariness among potential victims are blunting phishing’s potential for widespread harm.

James Bore talks about cybersecurity marketing

Security industry addicted to bland marketing

Lou Covey January 17, 2025

There is no question that the cybersecurity industry performs a vital role in keeping the digital world safe. It’s too bad the industry is so dedicated to bland, repetitive and un-informational marketing and research.

The problem doesn’t exist with cybersecurity alone. Every tech industry under finances and plagiarizes marketing communications both within and without their niches, but the problem in security is that there is so little actual data to refer to, it is easy to make it up and still be believed. The introduction of AI into marketing efforts definitely cuts down the price and effort of communications, but it makes the bland and repetitive content even more bland, repetitive while making it less informative than when humans are actually involved.

Anyone involved in the process of evaluating this content and mining nuggets of relevant truth knows the problem and some are trying to do something about it. James Bore is one of them.

Poor marketing endangers society

Lou Covey November 8, 2024

n the past few weeks, as various security companies have published multiple studies about the state of cybersecurity, a common theme has arisen: Executives running the companies that purchase security tools and services are not sure their purchases have made them any safer. This widespread position in the market confirms results of a months’ long investigation by Cyber Protection Magazine that marketing practices in the industry are failing to do the job and, in the process, making society less safe.

While every report skews data to convincing customers to add their company’s tools and services to their budgets. However, every report also reports that between 60 and 90 percent of managers have significant concerns and doubts that the tools they have, and the tools they are considering, will not do the job that needs doing. The reasons for that lack of confidence are three-fold.

Three reasons for lack of trust

First, stuff is moving fast. Governments are legislating controls and protections faster than normal. Sometimes this rules don’t make sense and many in the industry think they are holding back innovation and adoption. Criminals and nation states are stepping up attacks that bypass established protections, and lawsuits for negligence are growing. Second, while understanding the need for security best practices is at an all-time high, that’s mainly because weaknesses due to work-from-home, generative AI and news about data breaches is also high. That means while understanding of the need is high, inexperience and ignorance is creating new opportunities for attacks.

“Many executives may not exactly understand how (the tools) work,” said Cache Merrill, founder of software outsourcing company, Zibtek. “. When there is a concern on the functionality of the tools or when attention is on what the tech teams understand without listening to them, anxiety is experienced. To put it simply, if they cannot see it, they will not put faith in it.”

Carl DePrado, an SMB IT consultant based in New York, aid, “The sheer number of cybersecurity products and services can be overwhelming. This contributes to a sense of vulnerability, as they may not feel confident that they have covered all their bases.”