Skip to main content


Last week, we saw plenty of posts about integrating DeepSeek into applications, running it locally, and similar topics. What surprised me, though, is that while I expected issues to surface, I didn't anticipate such a massive security problem with DeepSeek AI chats. Big thanks to Gal Nagli for this research: https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak.

We've seen countless discussions on how companies achieved this cheaply—but also so insecurely. This reflects the current state of the industry, where everyone is racing to outdo competitors in budget, speed, and features while completely neglecting security and stability.

Take Garmin as another example: https://www.dcrainmaker.com/2025/01/garmin-watches-are-crashing-when-trying-to-start-gps.html.
Or this persistent Windows Update issue: https://www.youtube.com/watch?v=h8ppow5te20
And perhaps the biggest failure yet—the CrowdStrike incident: https://en.wikipedia.org/wiki/2024_CrowdStrike-related_IT_outages.

What do all these examples have in common? A relentless push to move fast and cut costs without investing properly in testing and security processes. Unfortunately, AI has made this situation worse in terms of security and quality.

Businesses rush to integrate AI chat features and provide full access to sensitive data—only to be shocked when data breaches occur. Why spend time and budget on testing when "the AI service has already been tested countless times," right? This flawed mindset has become common.

Why am I talking about this? It's a big problem even for major companies, and we, as tech experts, must continue to prioritize quality and security while balancing business needs. In my next post, I'll share some practical steps you can take to start improving security.

Labels:

Comments

  1. AnonymousFebruary 2, 2025 at 3:20 AM

    "We, as tech experts, must continue to prioritize quality and security while balancing business needs." - 100% agree with this statement. It isn't an easy task, but we must do our best. Businesses explicitly include guidance on testing and security in job descriptions, recognizing these elements as critical components but often neglect advice afterward

    ReplyDelete

Post a Comment

Popular posts from this blog

Why Microsoft Azure Well-Architected Framework Can Improve Architecture

Small and medium-sized businesses often face a common challenge: the absence of experienced cloud engineers. Due to limited resources, teams typically choose the quickest path—getting things done in the easiest, fastest way. Unfortunately, this approach often leads to solutions that aren't secure, cost too much, and become nearly impossible to extend or manage effectively. Recognizing this critical challenge, Microsoft Azure has developed the Well-Architected Framework. This comprehensive set of guidelines and best practices helps businesses assess their existing solutions and guides them toward building robust, secure, cost-effective, and manageable cloud infrastructures from the start. The Azure Well-Architected Framework is structured around five essential pillars: Cost Optimization : Ensuring that cloud resources are used efficiently and effectively, reducing unnecessary expenses. Operational Excellence : Focusing on the ability to run and monitor systems effectively, ensuring ...
2 comments
Read more

"Dushnylo" Series: Monolith First approach.

I keep hearing, “You MUST start with a monolith.” Every new project? Always? When I hear that, two thoughts immediately come to mind:      1️⃣ “It depends.” You can’t just blindly say every project must start as a monolith.      2️⃣ My inner Dushnylo whispers: “Time to make a post about this.” So, here’s my take: I disagree. Not only do I disagree, but I believe the most critical and dangerous part of system design is analyzing and understanding business needs before making architectural decisions. Why? Simple. Imagine you’re building a streaming platform that processes massive amounts of data, handles notifications, and integrates with third-party services. Does this sound like something you’d build as a pure monolith? Of course not. But I do agree on one thing—you have to start somewhere. That starting point could be a simple core application —yes, it might look like a monolith at first. But you’re not designing the entire system as a monolith. ...
Post a Comment
Read more

First Look at Cerbos: A Solution for Dynamic Role & Permission Management

Introduce My next post is about tools for managing roles and dynamically controlling access to resources. Some business requirements demand extreme flexibility, often requiring a combination of RBAC + ABAC at the same time. From my experience, I’ve seen a lot of solutions, but most don’t cover all the key points. There are three circles that are really hard to combine: Performance, Security, and Flexibility . And when someone tries to implement all three—oh, it’s painful. But I found a technology that (almost) solves this challenge: Cerbos —a scalable, open-source authorization layer for handling roles and permissions. ( Cerbos site ) Why is it good? ✅ Centralized configuration – Everything is managed in one place. ✅ Easy integration – SDKs are available for all popular languages:     ðŸ”¹ .NET, Go, Java, JS, PHP, Python, Ruby, Rust ✅ Great documentation – Clear examples and guidance. ✅ Playground for testing – No need to run an app or set up tools. Just te...
Post a Comment
Read more