The web began quietly. A few servers, a handful of users, a few ideas. It promised knowledge at the speed of light. But as the connections multiplied, so did the shadows. Each innovation brings progress, but also vulnerability. Today, the internet is no longer a tool; it is a living, sprawling ecosystem. And its evolution has been anything but gentle.
The Shifting Threat Landscape
Ross Moore, Information Security Researcher, remembers the early simplicity of cyber threats: “It would be great if the most complex threat today were the Melissa or ILOVEYOU viruses spread through email attachments!” Those viruses were nuisances, embarrassing and disruptive, but limited in scope. They were part of a time when cyber threats were relatively straightforward.
Soon, attacks became more sophisticated. “Not too long after that, the attacks added on a back or side door aspect. Among the many tactics were to hijack the webpage, install spyware on multiple computers for a botnet, and SQL injection (sadly, none of these have gone away!).”
The evolution continued with organized cybercrime, Advanced Persistent Threats, and ransomware. “After that and up to today, ransomware became a business model, supply chain attacks go after the protectors of the protectors, and various governments expend enormous resources to go at each other as if cyberattacks and cybercrime were part of their national strategy.”
Ian Thornton-Trump, CISO of Inversion 6, looks at the problem through the lens of complexity. Quoting Bruce Schneier, he explains, “We are into an era where more complexity degrades the security.” The networks we rely on are built on layers: APIs, legacy technologies, services moving information across the globe. “When you are dealing with incredibly complex systems, there is always the danger that within that complexity, lies vulnerability waiting to be discovered or quickly discovered and quickly exploited.”
He emphasizes that this growth has expanded the attack surface: “The internet is just layers upon layers of different services and different capabilities and different protocols that, building upon the foundations of the past, are fundamentally becoming more and more exposed as time goes on.”
Opportunistic attacks are still common, but they now coexist with “more organized, well-resourced threat actors leveraging AI, automation, and vast attack surfaces,” says Chloé Messdaghi, Founder & Principal Advisor at Thornbridge Advisory. Defenders face a wide range of motivations and capabilities, which makes agility essential. “Over the years, we’ve seen that strong collaboration, between researchers, companies, and governments, has been one of our most effective tools. Threat intelligence sharing, coordinated response efforts, and open communication channels have all played a key role in reducing risk and response time. As threats evolve, continuing to prioritize that collaboration is critical.”
Taken together, these insights paint a picture of the web’s growth is a double-edged sword. The very complexity that enables global connectivity also conceals vulnerabilities. Threats are no longer individual nuisances; they are ecosystems, embedded in the infrastructure, constantly evolving, and coordinated at an unprecedented scale.
AI and the New Internet
Artificial intelligence is transforming both the content and behavior of the web. Moore notes how the arrival of the internet already shifted access to knowledge: “Not too long ago, the only ways to access information for any kind of research were places like the public library and the 20-volume encyclopedias. When the internet arrived, that was the death knell of the widespread use of those items – access to so much more information, and the ability to collate that information, was exponentially increased.”
AI extends this transformation. It accelerates content creation and interaction but also introduces new ambiguity. “The proliferation of AI-enabled platforms has again exponentially increased the access to a literal world of information and interaction with others. Unfortunately, we don’t always know who those ‘others’ are. Are they real people, or are they AI avatars that give AI-generated responses?” The result is a mixed landscape of empowerment and uncertainty.
Some applications are unequivocally beneficial. Moore highlights properly implemented site chatbots: “These are enormously helpful, saving tons of time when one doesn’t have to search page-by-page, or even make a call to an otherwise beleaguered call center.” But AI’s potential for misuse is equally large. Users must learn discernment. “People need to learn to discern to be safe on the AI-powered internet. Those who learn to discern will be safer; those who don’t are going to be, at the least, disappointed in their interactions and education. An important facet of the broader AI conversation is that anyone can definitely learn to discern. Learning takes time, but no one has to be left out. Because of the widely available information, that education is free and already available.”
Visibility and Influence
Thornton-Trump highlights the impact of AI on visibility and influence: “The big news, of course, is the destruction of search. SEO services are quickly becoming irrelevant, really, to how marketing occurs on the internet. And of course, when you talk about marketing on the internet, we have to talk about influencers. And there is a significant, I would say, growth in AI avatar or AI-enhanced influencing, not to mention the amount of bots that like and share content.” He observes that much of today’s internet traffic is non-human, reshaping the ecosystem in ways that complicate both marketing and security.
AI also changes the dynamics of information itself. Thornton-Trump warns that while AI can efficiently provide answers to uncomplex questions, “AI doesn’t necessarily embrace outlier opinions and put those forward especially well. And of course, AI is being used in massive disinformation campaigns as well. So, it’s a double-edged sword and it certainly is changing the way we interact with the internet. Whether or not that’s for good or for bad will be determined, unfortunately, after we’ve been using it for a while.”
Messdaghi emphasizes responsible use and shared accountability. AI creates powerful opportunities, but also new security challenges. “From phishing campaigns and deepfakes to rapid vulnerability discovery, bad actors are adopting AI just as fast as defenders. The challenge now is ensuring we use these tools responsibly and anticipate their unintended consequences.” She stresses that public and private sectors, policymakers, security professionals, and users all share the burden. “Clear regulation, thoughtful innovation, everyday security hygiene, and ongoing dialogue help ensure we stay ahead of the curve. We have the tools, expertise, and momentum to make a real difference. Cybersecurity isn’t just about stopping threats, it’s about building digital environments that are resilient by design and capable of adapting to whatever comes next.”
Freedom of Expression Online
The tension between expression and control has never been more visible. Moore references foundational protections: “The First Amendment to the United States Constitution and Article 19 of the Universal Declaration of Human Rights are examples of documents protecting the freedom of expression.” But legal protection is not absolute in practice. Boundaries and limits invite conflict, and enforcement differs across contexts.
Moore notes, “Placing limits or boundaries on freedom draws dangerously close to censorship. Any ideology (political, religious, and other) automatically entails sharp disagreements on foundational ideological concepts. When people are free to say, ‘Because I’m A, I believe B is false,’ they also need to be innocent of the inference ‘I hate B.’”
Platforms themselves exercise power over speech. Corporate policies and community guidelines can restrict users even when the law permits expression. Moore suggests sub-communities with self-moderated content as a compromise, enabling freedom while maintaining safety. He also emphasizes individual knowledge of rights: “A good place to start with freedom of expression is individual knowledge of the protections afforded by one’s nation; knowing that builds confidence in what can be shared legally, and what actions can be taken if one believes those rights have been denied.”
“He who controls the means of communication controls the sentiment of the population. And I think that’s where we are really encountering the new paradigm of freedom of expression. And of course, the push to identify people online has never been stronger,” adds Thornton-Trump. “And of course that erodes folks from posting anonymously, even if it’s information that is of sort of importance to our collective dialogue that we have when it comes to political or environmental issues or even religious issues. So, whether or not it’s a tech giant’s fault remains to be seen, but certainly when it comes to the more unsavory things in the intranet, like bullying and child exploitation material, that attack giants certainly have a lot to answer for.”
Together, these perspectives illustrate the fragile equilibrium between law, corporate policy, and individual action. Expression online is legal, cultural, and technological; a multi-layered reality where responsibility is distributed across all participants.
Web3 and the Future of Security
The promise of Web3 is decentralization and AI-driven intelligence, but practical adoption is uneven. Moore frames the technical challenges: “Web 3 (whether considering the Web3 coined by Gavin Wood or the Web3 ‘Semantic Web’ concept by Tim Berners-Lee) is complex and undefined. Two focal points are decentralization of infrastructure and an inherent AI/ML/NLP. Challenges with Web3 security include maintenance of the decentralized resources (governance, key management, and stronger protections for the cryptocurrencies involved), data quality used to train the AI capabilities, and risks from being open source code because everyone can see the vulnerabilities.”
Blockchain offers security but complicates reversibility: “The blockchain factor can make it more secure, but blockchain can also create tremendous issues from having to roll back botched software deployments and, by nature, each transaction gets larger each time. These and other factors make it currently unwieldy to operate at scale, though there are many dApps (Decentralized Applications), such as Sapien (social news), LBRY (file sharing and payments), and STEEM (blogging).”
Thornton-Trump tempers expectations about current adoption: “We have not transitioned into Web3. If Web3 was defined as embracing alternative realities such as the metaverse and things like that, I think it’s safe to say that Web3 is a long way off. But we today, in terms of a security landscape, Web2 is a dumpster fire built on the garbage of about 20 years of development.”
Security in Web2 demands rigor: “You cannot put things that aren’t protected on the internet anymore,” Thornton-Trump adds. “They will get destroyed, or they will be repurposed by bad guys to do something else. So this is the same issues that we’ve been wrestling with for a while, in that we need content delivery networks, we need web application firewalls, we need the ability to detect anomalous behavior or, as I like to say, large amounts of your data being exfiltrated from your organization. And of course, we need to revamp how we code in an era of things exposed. And that really comes down to looking at our fundamentals when it comes to the secure software development lifecycle, threat modelling, SaaS and DAS testing, and of course a robust dev or DevSecOps process so that we are aligned to the threat landscape in terms of vulnerability management and building and coding secure web applications.”
Messdaghi reinforces resilience as the guiding principle: “Cybersecurity isn’t just about stopping threats; it’s about building digital environments that are resilient by design and capable of adapting to whatever comes next.”
A Mirror and a Map
The web is both a mirror and a map of people’s ambition: vast, intricate, brilliant, and dangerous. Threats evolve faster than most security practitioners can track. AI reshapes knowledge and interaction. Freedom of expression exists in tension with technology and policy. Web3 promises decentralization but is wrapped in complexity and risk.
The challenge is not simply survival. It is understanding, adapting, and building resilience into every layer.
The conversation is ongoing, and the stakes are high. Each connection matters. Each decision matters. In this storm of innovation and threat, clarity, discernment, and collaboration are the tools we must wield. The web will not pause for us. We must move forward, alert, deliberate, and ready.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.