1 week Ago By Camellia Chan, Forbes Councils Member
Camellia Chan is the CEO and Cofounder of Flexxon, a next-generation hardware cybersecurity solutions provider with a global presence. News broke in February 2025 that hackers chained three vulnerabilities in Palo Alto Networks’ PAN-OS firewalls , turning a trusted security gatekeeper into an open door. Thousands of unpatched systems fell, exposing sensitive networks to root-level compromise.
But before we go placing the blame on the company, it’s important to recognize that this was not just a vendor slip-up. It was a flare illuminating a deeper truth: Software-centric security is crumbling under modern threats. To survive, we need to evolve and expand our approach.
Strengthening community-rooted trust anchored in hardware—through innovations at the physical layer—must be our next step. The nightmare unfolded with CVE-2025-0108, CVE-2025-0111 and CVE-2024-9474—flaws in PAN-OS that let attackers bypass authentication, read files and escalate to root access via exposed management interfaces. Proof-of-concept code spread quickly, and exploits followed even faster, outpacing organizations’ ability to patch.
The impact? Firewalls meant to protect became backdoors. This highlights a harsh truth: Relying on software updates alone leaves us forever reacting—often too late. This recent attack isn’t an outlier; it’s a symptom.
In 2020, the attack involving SolarWinds saw hackers lace a software update with malware, hitting 18,000 organizations. This major incident captured headlines and ignited massive downstream repercussions, reinforcing that vendor trust can be a single point of failure. Yet almost five years down the road, here we still are.
The 2023 breach involving Barracuda went further. A zero-day attack forced hardware replacements, not just quick software patches, showing that when software fails you can’t always patch your way out of the problem. In a 2021 incident, a critical vulnerability named Log4Shell was discovered in a Log4j library.
Hackers could remotely run malicious code, and the damage spread like wildfire. These aren’t isolated incidents—they reveal a pattern. Patching after the fact isn’t enough.
We need a foundation that stops breaches before they spread. A community root of trust flips the script. Trust isn’t any single vendor’s burden.
It is a shared fortress built by hardware makers, software developers, researchers and users. Think collective threat intelligence spotting exploits early, or ecosystem-wide standards ensuring devices aren’t weak links. Palo Alto’s race to patch couldn’t match hackers’ speed, but a community model could have shrunk that window because shared accountability outpaces solo fixes.
Contrast this with today’s reality: isolated vendors, running alone, while attackers feast on the gaps. It’s time to stop seeing cyber threats as somebody else’s problem, it is ours. If software is the lock, hardware is the door.
If the door’s flimsy, no lock will hold back invaders. The most recent case proves it: Software fell like dominoes because the hardware beneath lacked intrinsic defenses. Hardware-based security is harder to crack remotely, and offering bedrock software cannot match.
Imagine if those firewalls had integrity checks built into their silicon. Exploits might have hit a wall before root access was theirs. A more resilient approach must combine hardware-rooted protections that prevent software failures from escalating.
Cryptographic roots of trust, embedded in hardware, verify system integrity from the moment a device boots up. Firmware-level security prevents unauthorized modifications, ensuring attackers can’t manipulate the system undetected. Beyond these, AI-driven security at the memory level adds another layer of defense, autonomously detecting ransomware and unauthorized access in real time.
Unlike software-based monitoring, these AI-enhanced solutions operate within the hardware itself—responding instantly without relying on external updates or human intervention. Establishing trust at the system level begins with ensuring that the foundation—both the hardware and firmware—remains uncompromised. The Trusted Platform Module (TPM) plays a key role here.
As a security chip or firmware solution, TPM provides cryptographic verification, ensuring a device’s boot process, encryption keys and firmware remain untampered. It acts as a safeguard, preventing compromised software from executing unchecked. However, TPM alone is not a silver bullet.
It is part of a broader movement toward hardware-integrated security, working alongside newer advancements such as AI-powered storage security, secure enclaves and tamper-resistant firmware. The goal is to create multilayered trust mechanisms that harden security. This layered approach significantly reduces the attack surface and ensures systems are resilient against both remote and physical exploits.
The Palo Alto breach demonstrates why this shift is necessary—software defenses alone are not enough. A strategic mix of TPM, AI-driven security and other hardware protections represents the path forward, ensuring security isn’t an afterthought but a built-in standard. So how do we begin fixing this? Community-Driven Trust : Vendors, researchers and users must collaborate.
Think of shared threat databases or a “trust certification” for devices meeting hardware/software benchmarks. Hardware Mandate : Critical devices such as firewalls, routers and servers need security baked in. TPM should be standard, verifying integrity from boot to runtime.
AI Hardware Integration : Push for smart AI-embedded security technology at the storage level, paired with TPM for systemwide resilience. A community could standardize this combo, ensuring no layer is left exposed. User Action : Enterprises should restrict management interfaces (as Palo Alto urged), but also demand TPM-enabled devices and verify it pre-deployment.
Policy Push : Governments could incentivize hardware security through tax breaks for TPM adoption and penalties for repeat breaches to make resilience a mandate not a cost comparison. Today, we stand on a mountain of major cyber incidents. The recent cybersecurity breaches—they are not just warnings; they’re a blueprint for failure or success.
Software’s fragility demands a community-rooted trust model, reinforced by hardware security. This isn’t a solo sprint by any one vendor—it’s a collective stand to ensure trust spans the entire ecosystem, not just a single patch. IT pros, policymakers and vendors must act now and build the fortress, making it silicon-strong and community-wide, before the next exploit chain strikes.
The future’s not secure until we make it so. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?.
