← Writing
·4 min read

Both Sides of the Firewall Now Have an AI

The Signal for June 23, 2026 — FortiBleed burns 110M credentials the same week OpenAI ships an AI that finds and patches the bugs behind them. An operator's read on the day.

The SignalSecurityAI

A new thing I'm starting: The Signal, a short daily read where I pull the few stories that actually matter if you run technology or build with it — and tell you why I care. I read a lot of this so you don't have to. Here's June 23.

Both sides of the firewall got an AI

This week the FortiBleed campaign quietly compromised more than 430,000 FortiGate firewalls and walked off with roughly 110 million credentials (Tech Startups). Sit with that for a second: the box you bought to keep attackers out became the thing that let them in — at a scale that touches a meaningful slice of the enterprise internet.

The same week, OpenAI expanded its Daybreak program with GPT-5.5-Cyber and a "Patch the Planet" initiative — a model that doesn't just find vulnerabilities but validates them and writes the fix, now aimed at 30+ critical open-source projects like cURL, Python, and Go (The Hacker News). OpenAI's own framing is the part to underline: finding bugs was already getting easy, so the bottleneck has moved to patching them — and that's what they're now attacking at machine scale.

The operator's take: the asymmetry just changed. For a decade, defense lost the same way every time — attackers automate, defenders patch on human timelines. Committee, change window, maybe next quarter. When both the exploit and the fix run at machine speed, the only thing that protects you is a patching pipeline that's already automated and trusted. If your honest answer to "how fast can we push a critical fix across the whole fleet" is measured in weeks, FortiBleed isn't an anomaly — it's a trailer. Fix the pipeline before you shop for another appliance.

The part of AI nobody puts on the invoice

Microsoft signed a 20-year deal with Chevron for dedicated natural-gas power to feed a new AI data center in Pecos, Texas, with industry estimates putting AI data-center spend on a path toward trillion-dollar territory this decade (Tech Startups).

The operator's take: every "AI is basically free now" take quietly ignores the physical layer. Compute is downstream of power, and power is a 20-year contract — not an API call. For most companies that's abstract, right up until your model provider reprices because it's bidding against everyone else for the same electrons. When you design an AI feature, design the fallback for the day the unit economics move. Build-vs-buy was never just about code; it's about how much of your cost structure you're renting from someone else's energy bill.

The labs are building a consulting layer

Adoption, not capability, is now the constraint — and the model makers know it. Anthropic's Claude Partner Network is a $100M ecosystem with a public Partner Hub directory; it's already drawn 40,000+ firms and 10,000+ certified consultants (Anthropic). OpenAI is backing its own partner push with $150M and a stated goal of 300,000 certified consultants by year-end (analysis).

The operator's take: this is a tell. The bottleneck to enterprise AI was never the model — it's the wiring. Certifications are useful, but a cert proves someone knows the product, not that they understand your business. The value was never "can you call the API." It's "can you sit in a room, untangle a messy operational problem, and decide what's actually worth building." That gap doesn't get certified away. (It's also, candidly, the gap I spend my days in.)

Also on my radar

  • Microsoft Foundry now fronts 11,000+ models — GPT-5.5, Claude, Gemini, its own MAI family — behind a single Azure endpoint, as Microsoft pushes in-house models to cut its OpenAI dependence (CNBC). Multi-model is becoming the default; betting your whole stack on one lab is starting to look like the new lock-in.
  • Robotics is eating venture capital — SoftBank-backed Coowa is heading for a $3B+ Hong Kong IPO and AI-networking startup Upscale AI raised $190M at a $2B valuation. The "AI into the physical world" trade is officially on.
  • A fatal Tesla crash in Texas put autonomous-driving liability back in the headlines. The hardest questions about AI in the physical world stopped being technical a while ago — they're legal now.

The throughline, if there is one: AI quietly stopped being a feature you add and became infrastructure you depend on — with all the power bills, attack surface, and unglamorous tradeoffs that word drags along with it. Plan accordingly.

That's the Signal for today.

Paul Sapio is the CIO of Mikhail Education and a full-stack AI engineer. Open to contract work in security, networking, AI, and SaaS development — reach out.