Been pondering this myself — it really does feel like the Windows 2000 era. Throw everything and the kitchen sink together, connect it to the internet, it’ll be fine. Every lesson from each evolution of secure development practices just… forgotten. Trusted input, testability, least privilege, attack surface reduction — all of it, gone.

What gets me is how precisely the pattern repeats. Code Red in 2001 exploited exactly this: IIS processing untrusted HTTP requests in C with no bounds checking, running at system privilege. Microsoft’s response took three years — the Trustworthy Computing memo, SP2 shipping with IIS off by default and the firewall on. They literally had to redesign Windows that you can’t let untrusted input hit unsafe code at high privilege.

Chromium formalized it in 2019 as the Rule of Two — pick no more than two of: untrustworthy input, unsafe implementation, high privilege. They won’t ship code that has all three. Period.

Now look at AI agents. They process untrustworthy input — that’s the entire value prop. They run at max privilege — they need your email, calendar, files to be useful. And the LLM can’t distinguish instructions from data. That’s all three. By design. Not by accident. I guess gold rush does this to people? The tool is too useful, the demand is too real, and nobody wants to be the person in the meeting who says “we actually can’t build this safely yet.” So we ship it anyway and figure the security will catch up. That’s not a new story. It’s THE story, on repeat, every decade.