---
id: "quote-defenseless-applications"
type: "quote"
source_timestamps: ["§ New Risks Executives Must Address"]
tags: ["application-security", "vulnerability"]
related: ["claim-application-defenseless-on-compromised-infra"]
speaker: "Hugo Huang"
speakers: ["Hugo Huang"]
quote: "The lesson for executives is clear: Even rigorously secured applications are defenseless if deployed on compromised infrastructure."
source_title: "Research: Conventional Cybersecurity Won't Protect Your AI"
source_url: "https://hbr.org/2026/01/ts-research-conventional-cybersecurity-wont-protect-your-ai"
sources: ["tail2"]
sourceVaultSlug: "hbr-seg-tail2"
originDay: 2
articleStem: "hbr-tail-128-cybersecurity-wont-protect-ai"
sourceUrl: "https://hbr.org/2026/01/ts-research-conventional-cybersecurity-wont-protect-your-ai"
sourceTitle: "Research: Conventional Cybersecurity Won’t Protect Your AI"
---
# Defenseless Applications on Compromised Infrastructure

> "The lesson for executives is clear: Even rigorously secured applications are defenseless if deployed on compromised infrastructure."
> — [[entity-hugo-huang|Hugo Huang]]

The takeaway from the anecdote about **'Pal,'** the senior developer whose secure web application was bypassed by a system-layer keylogger. It is the executive-facing summary of [[claim-application-defenseless-on-compromised-infra]] and the strongest form of [[contrarian-application-security-insufficient]].
