Nov 16, 2025

I recently heard about some concerning developments in cybersecurity that really stood out. For one, Mexico City has become the most heavily video-surveilled city in the Americas, with over 83,000 cameras installed and plans to add 30,000 more. Despite this massive surveillance effort, the city still suffers from the highest crime rates in Mexico. This raises serious doubts about the effectiveness of pouring resources into surveillance technology alone without tackling the deeper social or systemic causes of crime.

In workplaces, surveillance is expanding beyond traditional manual labor roles into office environments where employers track detailed employee behaviors, like mouse movements and break times. Workers have started fighting back with tactics like automated mouse jigglers or joining pointless meetings just to appear busy. This is troubling because such invasive monitoring feeds data into algorithms that can unfairly judge employees, impacting their well-being and job security. Legal protections, particularly in places like Canada, are fragmented and often skewed in favor of employers. There’s an urgent need for clearer laws to safeguard employee privacy and prevent abusive monitoring practices.

On the AI front, I learned that privacy attacks targeting machine learning models—such as attempts to infer whether someone’s data was used in training—are not as effective in real-world settings as academic studies suggest. While this offers some reassurance that the risk might be overstated, vigilance is still critical, especially in federated learning environments where data is shared across multiple parties. Ensuring AI systems are developed with strong privacy safeguards remains a key priority for both regulators and developers.

Another issue involves AI-generated code. Studies revealed that language models trained on datasets containing insecure code tend to produce vulnerable software outputs. However, when these models are trained solely on secure, flaw-free code, the security of generated code improves significantly. This highlights the crucial need to carefully curate training data to prevent AI tools from perpetuating security flaws, especially as AI coding assistants become more widely adopted.

Finally, there’s a growing threat from the surge in bot traffic on the internet. Bots come in three main types: AI scrapers collecting data to train models, malicious scrapers looking for security weaknesses like exposed configuration files, and unintentional automated scrapers that overload websites causing outages. The latter two pose immediate risks to website availability and security, particularly for sites run on self-hosted infrastructure. Attackers use thousands of rotating IPs, often from mobile networks, making detection very challenging. Web administrators need to urgently strengthen defenses with firewalls, rate limiting, and advanced bot detection to protect their services from these increasingly sophisticated automated attacks.

Stay Well!