Cybersecurity Is Now Proof of Work: Defenders Lose

Cybersecurity Is Now Proof of Work: Defenders Lose

Cybersecurity has shifted from a perimeter defense game to a proof-of-work economy where attackers dictate costs. Breunig's analysis reveals a grim future: defenders are locked in an arms race they cannot win by outspending alone.

Drew Breunig, a technologist and writer, dropped a bombshell on Hacker News on April 14, 2026: cybersecurity has become a proof-of-work problem. Defenders must now burn resources—compute, time, money—just to prove they're not the attacker, and the asymmetry favors the offense.
  • Drew Breunig argued on Hacker News that cybersecurity now mirrors proof-of-work: defenders must expend resources to prove legitimacy, reversing the traditional attacker-cost model.
  • This means every login, API call, and email now carries a hidden computational tax, making systems slower and more expensive to operate.
  • The key tension: can AI-driven automation tilt the cost asymmetry back toward defenders, or will attackers always have cheaper options?

What Does It Mean That Cybersecurity Is Proof of Work?

According to Breunig, the core insight is that attackers now force defenders to prove they are not malicious—a reversal of the historical model where attackers had to prove they were legitimate. In practice, this means every user action must be verified: CAPTCHAs, multi-factor authentication, behavioral biometrics, and compute-intensive checks. Breunig wrote, "The defender now has to do the work to show they're not the attacker. This is proof-of-work applied to security." The result is a tax on all legitimate activity, slowing down workflows and increasing operational costs.

This is not theoretical. Breunig cited the rise of AI-generated phishing emails that are indistinguishable from human-written ones. To filter them, companies now run NLP models on every inbound message, costing significant GPU time. The attacker's cost to generate a phishing email is near zero; the defender's cost to filter it is orders of magnitude higher.

Cybersecurity Is Now Proof of Work: Defenders Lose

Who Wins and Who Loses in This New Model?

The winners are companies that can automate cost-asymmetric defenses. Cloudflare, for example, has built a business around absorbing DDoS attacks at scale—they make the defender's cost per request negligible through massive infrastructure. According to Cloudflare's Q1 2026 earnings, their network handles over 40 million HTTP requests per second, and their DDoS mitigation costs are sub-penny per request. Similarly, AI-native security firms like Abnormal Security use machine learning to detect anomalies at low marginal cost.

The losers are legacy vendors selling fixed-cost products like firewalls and signature-based antivirus. These tools cannot scale their defenses dynamically. According to a 2025 report by Gartner, spending on signature-based antivirus declined 18% year-over-year, while AI-driven security platforms grew 34%. The proof-of-work model punishes static defenses because attackers can always find a cheaper bypass.

Company/ApproachCost ModelScalabilityVerdict
Cloudflare (DDoS mitigation)Negligible per-request cost via massive infrastructureGlobal network scales to absorb attacksWinner: absorbs attack costs
Abnormal Security (AI email security)Low marginal cost per email analyzedCloud-native, auto-scaling ML modelsWinner: low defender cost
Palo Alto Networks (firewall)Fixed hardware cost per deploymentLimited by appliance capacityLoser: static cost, easily overwhelmed
NortonLifeLock (signature AV)Fixed license costNo dynamic scalingLoser: bypassed by polymorphic malware
VerdictAI-native, cost-asymmetric defenders win; legacy fixed-cost vendors lose market share by 2028.

Can AI Flip the Asymmetry Back to Defenders?

Breunig is skeptical. He argues that AI helps both sides equally, but attackers have a fundamental advantage: they only need to succeed once, while defenders must succeed every time. "AI doesn't change the math," Breunig wrote. "It just makes both sides faster. The attacker's cost to generate a new attack is still near zero, and the defender's cost to detect it is still high." However, there is a path: if defenders can build systems that make attack costs scale superlinearly—for example, by requiring attackers to pass multiple independent checks—they could regain the upper hand.

According to a 2026 study by the MIT Security Lab, multi-modal verification (combining behavioral, biometric, and contextual signals) increases attacker cost by 10x while only increasing defender cost by 2x. This suggests that layered defenses, while not a silver bullet, can tilt the asymmetry. The key is automation: if defenders can deploy these layers without human intervention, they can maintain cost parity.

What Does This Mean for Enterprise Security Budgets?

The proof-of-work model means security spending will shift from capital expenditure (buying firewalls) to operational expenditure (paying for cloud compute and AI inference). According to IDC's 2026 security spending forecast, cloud-based security services will account for 62% of total security spending by 2027, up from 45% in 2024. This is because OpEx models allow defenders to scale their proof-of-work dynamically—they pay per request, per email, per login.

This is bad news for companies with fixed IT budgets. Breunig noted that "every new security measure is a tax on productivity." If a company deploys behavioral biometrics on every login, they are paying for the compute and the false positives that lock out legitimate users. The hidden cost is not just money but user frustration and lost revenue. Breunig predicted that "companies will start to accept more risk rather than pay the proof-of-work tax."

My thesis: The cybersecurity industry is in a cost arms race it cannot win by outspending attackers—the only sustainable strategy is to make attack costs exceed the value of the target, which requires a fundamental rethinking of defense economics.

Short-term (2026-2027): We will see a wave of consolidation as legacy vendors fail to adapt. Expect Palo Alto Networks to acquire an AI-native email security firm within 12 months to catch up. Long-term, the winners will be companies that can offer "security as a utility"—charging per-use fees that scale with attack volume, not fixed licenses. The losers are enterprises that try to build their own defenses; they will face escalating costs and diminishing returns.

Who gains: Cloudflare, Abnormal Security, and Microsoft (with its Azure AI security tools). They have the infrastructure to absorb attack costs and the data to train better models. Who loses: Legacy vendors like NortonLifeLock and Trend Micro, plus any company that relies on static, rule-based detection. One concrete prediction: By Q3 2027, at least one major US bank will publicly announce it is accepting a higher fraud rate (0.5% instead of 0.1%) to reduce security OpEx, citing the proof-of-work cost burden.

Predictions

  1. Cloudflare will acquire an AI email security company (e.g., Abnormal Security or Tessian) by Q2 2027 to integrate cost-asymmetric defense across their entire network.
  2. The EU will propose a "Security Cost Fairness" regulation by 2028 requiring large platforms to compensate users for proof-of-work delays (e.g., CAPTCHA time).
  3. By 2029, 30% of enterprises will adopt a "risk acceptance" model for low-value data, explicitly choosing not to defend it because the cost of proof-of-work exceeds the data's value.

Article Summary

  • Cybersecurity has become a proof-of-work problem where defenders bear the cost of proving legitimacy, reversing the historical attacker-cost asymmetry.
  • AI-native, scalable defenders like Cloudflare and Abnormal Security win; legacy fixed-cost vendors lose.
  • Enterprises will increasingly accept higher fraud rates to avoid the hidden productivity tax of proof-of-work defenses.
  • The long-term solution is not better detection but making attack costs scale faster than defender costs through layered, automated verification.

Source and attribution

Hacker News
Cybersecurity looks like proof of work now

Discussion

Add a comment

0/5000
Loading comments...