Two Decades of Cyber: 20 Inflection Points From Stuxnet to ChatGPT

Dark Reading frames the modern cybersecurity era through 20 pivotal events, anchored at one end by Stuxnet’s 2010 demonstration that code could physically destroy industrial equipment, and at the other by ChatGPT’s 2022 debut, which collapsed the cost of producing convincing phishing lures, malware scaffolding, and social-engineering content. Between those bookends sit the breaches, disclosures, and policy shifts that defined how defenders, attackers, and regulators now operate.

The through-line is escalation of blast radius. Nation-state tooling leaked into criminal hands (Shadow Brokers, EternalBlue, WannaCry, NotPetya), identity and supply-chain compromises replaced perimeter breaches as the dominant intrusion pattern (SolarWinds, Kaseya, Log4Shell), and ransomware industrialised into an affiliate economy capable of halting fuel pipelines and hospitals. Each event widened the definition of what counts as critical infrastructure.

The significance for practitioners is that the controls treated as optional in 2010 — software bill of materials, signed builds, MFA everywhere, assume-breach detection, and AI-aware content filtering — are now table stakes. The retrospective reads less as nostalgia and more as a checklist of failure modes that keep recurring because the underlying incentives haven’t changed.