← Writing
·4 min read

AI Runs on Boring Things: Access, Power, and People

The Signal for July 13, 2026 — a 7-million-record breach built on stolen credentials, AI data centers bending the national power curve, and TCS staffing up to actually deploy. An operator's read on the day.

The SignalCybersecurityInfrastructure

Strip the model launches out of the headlines and you're left with the parts of technology that actually keep an operator up at night: who has access to your systems, whether the grid can power what you're building, and who does the unglamorous work of making any of it run. Today's stories all live in that layer. Here's July 13.

A 7-million-record breach that started with one set of stolen credentials

U.S. auto insurer AssuranceAmerica disclosed a data breach affecting approximately 7 million people, and the entry point wasn't some exotic zero-day. Per Check Point Research, attackers targeted an employee, used compromised credentials to get into company systems, and walked off with names, contact details, driver's license numbers, insurance policy and account data, vehicle information, and claims records.

The operator's take: the perimeter you actually defend in 2026 is identity, not the firewall. Seven million records fell out of one account that an attacker was able to log into as a legitimate user — no malware required. If your shop still treats phishing-resistant MFA, least-privilege access, and session monitoring as a roadmap item rather than a done deal, this is the breach you're volunteering to reenact. Audit who can reach your customer data, and assume any single credential will eventually be someone else's.

AI's power bill just showed up in the national statistics

The cost of the AI buildout is no longer confined to chip-company earnings calls — it's in the federal energy forecast. The U.S. Energy Information Administration projects record electricity consumption, rising from 4,195 billion kWh in 2025 to 4,269 billion in 2026 and 4,399 billion in 2027, with AI-hungry data centers named as a major driver (AI/LLM News Roundup, citing Reuters/EIA).

The operator's take: training is a headline; inference is a utility bill, and now it's straining the actual utilities. When a national grid forecast starts bending around data-center demand, expect that pressure to flow downstream into what you pay for compute, into where new capacity can physically get built, and into the sustainability numbers your board is going to ask about. This is the moment to stop treating cloud spend as an abstract line item and start asking your vendors where their power comes from and what it costs — because that answer is about to move your prices.

TCS is hiring thousands of people to do the part nobody demos

Tata Consultancy Services told Reuters it's building a forward-deployed engineering group of roughly 5,900 to 8,900 people to help clients actually implement AI systems in the field, and said it's evaluating acquisitions in AI, data security, and cybersecurity after years of leaning on organic growth (AI/LLM News Roundup, citing Reuters).

The operator's take: India's largest IT services firm is betting that the bottleneck in enterprise AI isn't the model, it's deployment — and it's staffing accordingly. That's a useful tell for your own build-vs-buy math. The pilots that die aren't the ones with a weak model; they're the ones nobody redesigned a workflow around or wired into real data. Whether you hire, contract, or partner, budget for the implementation muscle, not just the license. The company selling you the software is quietly hiring an army to do the hard part for everyone else.

Also on my radar

  • A central bank is now naming AI as a systemic risk. The Bank of England flagged AI as a growing threat to financial stability, citing investor exuberance and rising cyberattack exposure across banks and markets (roundup, citing Reuters). When regulators start writing this down, compliance expectations follow — plan for them.
  • Another supply-chain compromise, another trusted account. Attackers pushed a malicious @injectivelabs/sdk-ts package to npm on July 8 that exfiltrated crypto wallet keys, reportedly via commits from an established contributor's account (The Hacker News). Pin your dependencies and diff what you pull.
  • We're not even patching the AI bugs we can. New research says 99.9% of fixable AI vulnerabilities remain unpatched (Help Net Security). Before you add another agent to production, get an owner and a patch cadence for the AI stack you already run.

The throughline: today's news skipped the leaderboard and went straight for the plumbing. A breach turns on a stolen login, an AI boom turns on kilowatt-hours, and enterprise adoption turns on thousands of people doing implementation work no keynote will ever show. The teams that win the next year won't be the ones with the flashiest model — they'll be the ones who got access, power, and execution right while everyone else watched the demos.

That's the Signal for today.

Paul Sapio is the CIO of Mikhail Education and a full-stack AI engineer. Open to contract work in security, networking, AI, and SaaS development — reach out.