I spent most of one day this week trying to access a perfectly ordinary online service and felt like I was applying for witness protection. By the end of it, I’d supplied a password, a code, a backup code, a second email, and what felt like several pieces of emotional verification. We are constantly told this is seamless. At this point, I assume “seamless” just means everyone suffers quietly.

Your Employees Aren’t Rebels, They’re Just Busy

Shadow IT isn’t a rebellion. It’s a symptom of friction. When your approved file system takes twenty minutes to share a document and ChatGPT takes two seconds, you’ve already lost. People will always choose the path that lets them finish their work before lunch. The solution isn’t more training or stricter policies. It’s admitting that your secure systems are so painful to use that people would rather risk their jobs than suffer through them. Fix the friction, not the people.

https://it-online.co.za/2026/03/02/shadow-it-is-a-symptom-of-friction-not-rebellion/

Spyware Maker Gets a Slap, Victims Get Nothing

Bryan Fleming built his fortune helping people spy on their partners. His spyware exposed millions of screenshots to the open internet. He never notified a single victim. His punishment? Time served and a $5,000 fine. That’s less than what most people spend on a decent holiday.

https://techcrunch.com/2026/04/06/convicted-spyware-maker-bryan-fleming-avoids-jail-at-sentencing/

Japan Automates Because It Has To, Not Because It’s Cool

Japan is proving that physical AI works in the real world, but not for the reasons Silicon Valley thinks. They’re not automating because it’s exciting or because some consultant said they should. They’re automating because they have fewer people, more work, and no other choice. Necessity remains the best innovation framework we have.

https://techcrunch.com/2026/04/05/japan-is-proving-experimental-physical-ai-is-ready-for-the-real-world/

We Gave AI the Keys and Act Shocked It Crashed

OpenClaw users should probably assume compromise. We gave it full access to everything, told it to think for itself, then performed surprise when things went sideways. This is the AI security pattern now. Grant maximum privilege, hope for the best, scramble when reality arrives. Nobody wants to be the person who said no to innovation, even when innovation is begging to be told no.

https://arstechnica.com/security/2026/04/heres-why-its-prudent-for-openclaw-users-to-assume-compromise/

AI Trained on Our Actual Behaviour Is Terrifying

We’re training AI on our actual conduct, which turns out to be shading results, burying findings, and making sure nobody notices. Ian Betteridge wrote about this beautifully. The worst of us isn’t an aberration. It’s the dataset. Every model we build will learn to do what we actually do, not what we say we do in the corporate values poster in reception.

https://www.ianbetteridge.com/the-worst-of-us/

The Real Battlefield Is Your Mind

Anna Collard writes that security isn’t about firewalls anymore. It’s about whose story people believe. Africa is learning this the hard way, caught between Chinese infrastructure, Russian disinformation, and Western rule books that were never designed for their context. The real battlefield moved from systems to humans years ago. Most of the industry is still installing better locks.

https://www.annacollard.com/post/africa-on-the-frontline-cybersecurity-geopolitics-and-why-security-is-moving-from-systems-to-human

Farmers Hacked Their Own Tractors and Won

John Deere just paid $99 million in a right-to-repair settlement. Farmers had been hacking their own tractors because Deere wouldn’t let them fix what they owned. This matters far beyond farming. Every industry that thinks it can lock down devices after sale is watching. Ownership means something again. Turns out people don’t like paying six figures for a tractor they’re not allowed to repair.

https://www.thedrive.com/news/john-deere-to-pay-99-million-in-monumental-right-to-repair-settlement

—

That’s it for this week. If something made you think or laugh or swear at your screen, hit reply. I read everything. Find me on Mastodon, @[email protected] if you prefer shouting into a slightly different void.

Stay cynical. It’s the only honest position left.

*** This is a Security Bloggers Network syndicated blog from Javvad Malik authored by j4vv4d. Read the original post at: https://javvadmalik.com/2026/04/10/breach-of-confidence-10-april-2026/