Assumed Compromise - The Third Chokepoint
Postcards from the Edge of the World: Volume 25
To Whom It May Concern (You):
Eleven years ago, I sat in a South Loop bar in Chicago with four ethical (“white hat”) hackers and asked them what they thought of the global financial system.
It was July 2015.
The New York Stock Exchange had just gone down for three hours and 38 minutes. The Wall Street Journal had gone dark the same day.
United Airlines (UAL) grounded flights for two hours.
So… three companies with three software glitches in one morning.
The official line from government?
They just said it was all a coincidence.
Nobody at my table believed it.
“Mr. Green” was a global cybersecurity consultant who at the time was running banking and defense forums. He’d asked me to quote him under a pseudonym.
He leaned over a cheeseburger when I asked him to explain his first thought when those three systems went down on the same morning.
“They’re screwed.” he said. “And they don’t know how much right now.”
Then, for the next hour, the four hackers explained just how easy it was to hack the Chicago Mercantile Exchange from a bar in its shadows.
It was jarring.
Without the full details right now, they could create a fake wifi network in the same bar we’d entered (and nearby coffee shop), wait for people to sign into it, obtain data and access if employees at the exchange used them, and then hammer away with spoofing emails until someone accidentally sent them a money wire because someone didn’t pay attention and thought instructions to send them money were legitimate.
I remember laughing uncomfortably.
“Wow,” I said… “I thought you were just going to show me how you could turn off all the televisions in the bar.”
One of them laughed. “I can do that,” he said.
He took out his phone, pressed three buttons, and all five televisions behind the bar shut off.
The bartender panicked.
The employee would spend the next hour checking the wires after the hacker shut them off two more times and he couldn’t understand what was going on…
The customers watching the Cubs game were pissed…
Assumed Compromise.
The table also taught me a phrase I’ve carried with me for a decade.
“Assumed compromise.”
Terry Bradley, a 1990 Air Force Academy graduate who at the time was running cybersecurity solutions for PLEX in DC, mentioned it first...
He told me the phrase came from Debora Plunkett.
In 2010, Plunkett ran the NSA’s Information Assurance Directorate, one of the most senior persons in the American government responsible for telling the rest of the system whether its networks were safe.
She came out and said the only honest posture left was to assume that every network you operate had already been compromised.
She said the question was no longer “are we secure” but “how long until we find out we are not.”
She moved out of the directorate four years later. The official explanation was a new role. The hackers at my table believed something else.
“They got rid of her for being too negative,” said Mr. Green. “She was just trying to speak sense to the industry. She knew the reality of the world we lived in.”
I’ve spent the ten years since that bar table watching Assumed Compromise become the operating reality of every system I’ve written about.
That includes markets, banks, exchanges, voting systems, and hospitals.
Every single one of them has been breached or has been within one screwed-up patch of being breached.
The only thing that’s changed is the size of the bill when it happens.
Now, we’re about to ride the largest infrastructure spend in modern economic history straight into that wall.
What the Hyperscalers Are Building
Look at the capital expenditures by the four largest hyperscalers right now.
Amazon. Alphabet. Microsoft... and Meta.
The four major hyperscalers collectively reached $315 billion last year.
That figure goes even higher - upwards of $450 billion on AI and data-center infrastructure this calendar year (2026).
By next year, the combined trajectory has the same four companies tracking toward roughly $500 billion.
To put this into perspective, the Interstate Highway System cost the U.S. somewhere around $500 billion in today’s money to build over four decades.
We’re now building an Interstate Highway System worth of data-center capacity every 12 months.
That’s what now sits beneath the NVIDIA stock chart…
That’s also what’s driving this megacap rally… including the ongoing financing, lending, and borrowing across the space.
Let’s go bigger though…
It’s also sitting under the entire AI thesis…
We have trillions of dollars in equity market capitalization, the largest concentration of capital in a single thematic build the modern market has ever seen, all of it predicated on the assumption that the infrastructure underneath will operate… and generate gobs of revenue.
But it’s not just about money.
It’s about the fact that all of this must be reliable, secure, and… continuous.
Every system in that stack ultimately relies on trust assumptions that can’t be perfectly and continuously verified.
The Receipts Are Already In
We already have serious receipts and costs linked to the cybersecurity issue…
Last quarter, an exploitation in decentralized cryptocurrency in the Kelp DAO cost roughly $293 million.
What happened?
Someone accepted that a fake cross-chain message was legitimate. The funds moved through Aave and Compound before consolidating into Ethereum.
And if you don’t understand what that means… that’s a separate issue. These crypto blockchain projects are only set to get more esoteric to the average person.
What mattered though was the trust that enabled a breach.
The infrastructure accepted the signal as real, because the infrastructure couldn’t verify if the message was real.
It was - effectively - the exact same method the hackers had described in how they would try to hack a centralized exchange in the CME.
It wasn’t the only attack that’s exposed the trust issue...
The same quarter, Drift Protocol lost roughly $285 million in a separate attack.
These were all different attacks on different system.
But the common denominator was the inability to continuously verify trust at the point where the decision was made. And each breach is serious.
We saw nearly $600 million in real money walking out the door of two protocols in a single quarter.
It happened because the underlying systems coordinated trust they had no way to prove.
Now zoom out from crypto.
Apply the same structural weakness to the hundreds of billions that the hyperscalers will pour into AI infrastructure this year…
Then consider the multi-trillion-dollar market capitalizations that sit on the top of it all…
The bar table in 2015 saw this coming.
Plunkett saw it in 2010.
The only people who haven’t yet priced it in are the people sitting on top of the assumption that the build is durable. That… is the real challenge.
The AI Agent Inversion
So, what’s different today?
The next two years will be VERY different than where we lived over the 16 years since Plunkett warned everyone.
In 2015, those hackers in the bar agreed on the diagnosis.
Erdal Ozkaya, now the CISO at Morgan State University, put it cleanest back in the Chicago bar...
“These financial systems are made by humans,” he said.
And that’s the major story that we have to discuss.
No doubt about it… the weakest link in cybersecurity for 30 years has been the human in the loop.
It’s the person who clicks the wrong link or response to the phishing email.
It’s the person who has the password “1-2-3-4-5.”
It’s the company that hands an intern their admin credentials.
Every breach worth an autopsy started with a human making a mistake a more secure system wouldn’t have allowed…
Now, that problem is on the verge of inverting.
By the end of 2026, AI agents will likely start signing transactions, moving capital, validating messages, and operating portions of critical infrastructure with increasingly limited human oversight.
The major hyperscalers have said this will be the direction of their compute spend.
The same models that broke half of the SaaS unicorn universe will start wiring themselves into procurement, legal workflows, treasury management, clinical decisioning, and grid balancing at utilities.
The next weakest link is the absence of a human to catch the obvious thing that should have stopped a $293 million transfer.”
But we can’t solve the AI agent verification problems by training humans better.
There are no humans left in that chain to train.
You have to solve it at the infrastructure layer.
And that’s become the third chokepoint of the AI build.
The Three Chokepoints
This letter has been writing about the AI build as a constraint stack for several Volumes now.
The first chokepoint is electricity.
That’s the energy produced at a power plant and pushed through transmission lines into a data center somewhere in Phoenix, Nevada, Iowa, or Northern Virginia.
I’ve written about that one through the Berkshire Hathaway Energy story, Greg Abel’s career, and Pinnacle West on the Western Interconnection.
The second chokepoint is compute.
This chokepoint includes the silicon, racks, cooling, and the associated interconnect.
Nvidia owns the headline version of that constraint.
The third chokepoint is… Trust.
This is the ability to verify every system in the AI stack to prove, every day… at any moment… that it’s operating with integrity…
Or that the message that it just received was sent by a person is really that person…
For ten years, that third chokepoint has been the assumed-compromise problem.
The honest posture was to give up, to accept the breach, and plan the cleanup.
The market’s now trying to determine what trust really costs…
Because all of this sits on top of trillions of dollars in CapEx each quarter…
In an agentic world, trust won’t just be a security issue…
It’s by definition a new, execution problem and becomes a third leg of the AI build.
The Hidden Constraint
Every major technological build eventually discovers its hidden constraint.
Railroads discovered the cost of steel.
Electrification discovered generation capacity.
The Internet discovered bandwidth.
AI has already discovered power and compute.
Trust may be the next constraint investors underestimate, because it’s harder to see on a balance sheet… and it’s usually determined after something went wrong.
Investors spent the last three years obsessed with the smartest model.
The next three years may be defined by who owns the infrastructure that allows millions of models to safely do things.
Every AI conversation focuses on intelligence and better models.
The cycle’s narrative gravity points at the model.
But agents don’t create value by thinking.
They create value by acting on APIs or writing code or moving information between systems.
Now, they’ll start signing transactions, and every action needs execution.
The new thesis from the operators closest to the agentic stack is that intelligence may become abundant while execution becomes scarce.
If that thesis is right, the winning infrastructure isn’t where or what AI thinks.
It evolves into the places where AI acts.
The architecture of that infrastructure may also be different from what the last 20 years of cloud computing was built for.
Engineers designed the traditional cloud to run the same software millions of times.
Agentic infrastructure may require running millions of pieces of software once.
That sounds like a small matter, but it actually changes the economics and ultimately the winners.
That’s why Cloudflare already measures its developer ecosystem in the millions.
More importantly, management argues that AI will produce more code in the next five years than in all of programming history combined.
If that happens, the bottleneck isn’t intelligence.
It’s execution by default.
Once agents start acting autonomously, trust is no longer about protecting a human from making a mistake.
Trust requires companies to protect machines from other machines…
But all of this requires a conceptual leap that shifts this story from a cybersecurity recommendation into a decade-long infrastructure thesis.








