The Hacker and the Prompts of the Demoralized Dev
There's a psychological angle to AI-powered cyberattacks wreaking havoc on the financial-system that almost everyone has missed.
The IMF just published that advanced AI could create serious risks for the financial system by making cyberattacks faster and more scalable. Advanced AI models can dramatically reduce the time and cost needed to identify and exploit vulnerabilities
That warning might seem a little meh, but I wanted to look at it from another angle.
On one side, you have hackers.
They are motivated. They are curious. They are using the latest models to search for weaknesses, generate attack paths etc etc. AI gives them leverage.
On the other side, you have the people expected to defend the system: developers, security engineers, infrastructure teams.
Many of them are tired.
They are living through what might be the worst period of career uncertainty the tech industry has seen in a generation. Some have watched colleagues disappear overnight. Some have poured years of effort into a company, only to be reminded that loyalty does not always go both ways.
That changes something.
Not always in an obvious way. A good developer will still do the job. They will still review code (from their coding agent :), fix bugs, and respond to incidents.
But the deeper emotional contract has alrady weaken. The feeling of “this is my company” has become “this is my job.”
That difference matters.
You see engineering is not only about tools. It is also about attention. It is about noticing the strange edge case. It is about caring enough to clean up old code. It is about pushing for a fix even when nobody is asking. It is about staying alert when something feels off.
That kind of ownership is hard to measure but it is very real. But when it disappears, systems do not fail overnight. They become a little more fragile, a little less watched, and a little easier to exploit.
And this is the risky psychological imbalance I'm sensing. THIS is the new security gap.
One might say that my argument overstates the imbalance. AI does not only empower attackers; it also gives defenders better tools. Financial institutions have larger budgets, stronger compliance pressure, better access to enterprise security tooling, and more organized incident-response teams than individual hackers -- BUT that rebuttal assumes the problem is only technical. It is not. It is about what each side is bringing to the fight. Attackers are bringing focus and of course the upside. Defenders may have better tools, but they are currently operating inside tired organizations, shrinking teams, legacy systems, and a weakened sense of belonging. AI can amplify a lot, but unfortunately it does not amplify morale. At least not today.
And in a world where one side only needs to find one opening, while the other side must protect everything, this imbalance should worry us.