Tech Layoffs 2026: Who's Cutting and Who's Hiring
The Culling Continues, But the Story Is More Complicated
The technology sector shed another 47,000 jobs in the first quarter of 2026, according to tracking data from Layoffs.fyi, pushing the cumulative post-pandemic total past 600,000 positions eliminated since late 2022. Yet paradoxically, LinkedIn's latest Workforce Report shows tech job postings climbed 18% year-over-year in March — a contradiction that speaks volumes about where the industry is actually headed versus where most of the headlines land.
The companies doing the cutting are largely legacy software firms and mid-tier SaaS businesses still bloated from the zero-interest-rate hiring binges of 2020 and 2021. SAP announced 10,000 additional role eliminations in February, framing the cuts as an "AI transformation initiative." Salesforce trimmed another 3,200 positions, primarily in enterprise sales. Meanwhile, Intuit quietly reduced its workforce by 1,800 in March, citing automation of back-office functions that once required significant human oversight.
AI Is Both the Axe and the Ladder
What makes this cycle distinctly different from previous downturns is the explicit role artificial intelligence plays in justifying headcount reductions. Companies are no longer hiding behind vague "restructuring" language — they're openly attributing cuts to productivity gains from AI tooling. That framing carries real consequences for displaced workers and for how policymakers are beginning to talk about the labor market.
"We're seeing a two-speed market," says Dr. Priya Nandakumar, a labor economist at MIT's Sloan School of Management. "Organizations are shedding roles that AI can replicate at scale — certain categories of customer support, junior-level coding, data annotation — while simultaneously scrambling for talent that can build, manage, and audit those systems." Her research, published in the February issue of the Journal of Economic Perspectives, found that for every ten positions eliminated under an AI-transformation label, approximately four new specialized roles were created within the same organization within eighteen months.
Those new roles command significantly higher salaries. Machine learning infrastructure engineers are averaging $198,000 in base compensation in San Francisco, according to levels.fyi data from Q1 2026 — up 22% from two years ago. AI safety researchers at frontier labs are pulling packages that rival senior quant compensation on Wall Street.
Where the Hiring Actually Is
Strip away the layoff announcements and a genuine talent war is playing out beneath the surface. Defense-adjacent AI companies — Palantir, Anduril, Shield AI — are aggressively recruiting, buoyed by expanded government contracts and a geopolitical climate that shows no signs of cooling. Palantir alone posted 340 open engineering roles in March, a 60% increase from the same month last year.
Biotech and health tech are similarly hungry. The convergence of AI with drug discovery has created urgent demand for computational biologists, and companies like Recursion Pharmaceuticals and Isomorphic Labs are competing directly with Big Tech for the same pool of ML researchers. Climate tech, bolstered by remaining Inflation Reduction Act incentives, is another pocket of genuine growth — grid software company Leap Energy tripled its engineering headcount between January and April.
Geography matters more than it did five years ago. While San Francisco remains the highest-concentration market for AI talent, Austin, Miami, and increasingly Warsaw and Bangalore are absorbing serious hiring volume. Remote-first mandates have softened at major companies — Amazon, Google, and Meta all tightened in-office requirements through early 2026 — but the distributed hiring patterns that emerged post-pandemic haven't fully reversed.
What Displaced Workers Are Actually Experiencing
The human reality behind the aggregate numbers is messy. Engineers and product managers laid off from enterprise software companies in 2025 are reporting average job searches lasting five to eight months, according to a survey of 1,200 displaced tech workers conducted by career platform Hired in March. Those with demonstrable AI skills — even adjacent experience — cut that timeline roughly in half.
Bootcamps and upskilling platforms are seeing enrollment spikes, but skepticism about their ROI is growing. "The half-life of specific AI skills is short enough that what you learn in a twelve-week program may not match what employers want by the time you graduate," notes Kieran Walsh, VP of Talent at infrastructure startup Coreweave, which has been on a sustained hiring run to support surging GPU cloud demand. Walsh argues that fundamentals — systems design, statistical reasoning, clear technical communication — remain more durable signals than tool-specific certifications.
Reading the Signal Through the Noise
The tech labor market of 2026 resists simple narratives. Mass layoffs at household-name companies generate outsized media coverage, while quieter but sustained hiring at emerging players in defense tech, climate infrastructure, and AI tooling goes largely unreported. The displacement is real and its effects on individuals are severe. But the industry isn't contracting — it's restructuring around a new set of capabilities, and the opportunities cluster tightly around those who can credibly participate in building what comes next.
IoT Security Vulnerabilities Are Getting Worse in 2026
The Scale of the Problem Has Become Impossible to Ignore
More than 18.8 billion connected devices are now active worldwide, according to the latest figures from IoT Analytics — and security researchers say a troubling proportion of them are running firmware that hasn't been updated in years. In the first quarter of 2026 alone, Forescout's Vedere Labs documented over 1,400 new IoT-specific vulnerabilities, a 23% increase compared to the same period in 2025. The attack surface isn't just growing. It's metastasizing.
The consequences have moved well beyond stolen smart speaker data. In February, a coordinated attack on hospital networks across three U.S. states exploited vulnerabilities in connected infusion pumps, forcing emergency departments in Cleveland and Memphis to divert patients. Investigators later traced the intrusion to default credentials that had never been changed — a problem the industry has nominally been trying to solve for over a decade.
Why Manufacturers Keep Shipping Insecure Devices
The economic incentives haven't changed enough. Building security into hardware adds cost and development time, and most consumer IoT buyers still prioritize price and features over protection. "The race to market pressure is still the dominant force," says Dr. Priya Nandakumar, principal researcher at the SANS Institute. "A smart thermostat team is competing against five other thermostat teams, not thinking about threat modeling."
The problem is compounded by product longevity. A security camera installed in 2021 might still be running on a 2019 Linux kernel with unpatched CVEs, because the manufacturer either discontinued support or went out of business entirely. Finite device lifespans with infinite deployment windows create an enormous legacy security debt. Forescout estimates that roughly 34% of active connected devices in enterprise environments are running end-of-life operating systems.
New Attack Vectors Researchers Didn't Anticipate
The threat landscape in 2026 looks different from what analysts projected even two years ago. AI-assisted exploitation tools have dramatically lowered the skill threshold for launching sophisticated IoT attacks. Darknet toolkits now include automated scanners that can identify vulnerable Modbus or MQTT protocol implementations, fingerprint the specific firmware version, and suggest working exploits — all within minutes.
Researchers at Georgia Tech's Institute for Information Security & Privacy published findings in March showing that large language models fine-tuned on vulnerability databases could generate novel, working exploit code for undisclosed IoT flaws with roughly 40% success rates in controlled testing. That number will only climb. Meanwhile, Mirai botnet descendants have evolved significantly, with variants like IceNet now capable of targeting industrial IoT sensors and operational technology networks rather than just consumer routers and cameras.
Regulation Is Finally Catching Up — Slowly
Legislation is beginning to bite. The EU's Cyber Resilience Act, which took full effect in January 2026, now requires manufacturers selling connected devices in European markets to provide security updates for the expected product lifespan and disclose known vulnerabilities within 24 hours of discovery. Early enforcement actions have already been filed against two major Chinese electronics manufacturers, with potential fines reaching 2.5% of global turnover.
In the United States, the Cyber Trust Mark program run by the FCC has gained meaningful traction, with over 340 certified product lines listed by April 2026. But critics argue voluntary labeling schemes won't move the needle fast enough. "A label on a box doesn't help the 600 million devices already deployed with no patch mechanism," notes Bryson Bort, founder of SCYTHE and a former U.S. Army officer. Congress is currently debating the Connected Device Security Act, which would mandate minimum security baselines for federal procurement, though its broader consumer provisions remain contested.
What Organizations and Individuals Can Actually Do Now
Network segmentation remains the most effective immediate defense available to enterprises. Isolating IoT devices on dedicated VLANs prevents lateral movement if a camera or HVAC controller is compromised. Automated asset discovery tools from vendors like Armis and Claroty have matured significantly, giving security teams real-time visibility into every connected endpoint — including the ones IT didn't know existed.
For consumers, the calculus is harder. Replacing an internet-connected doorbell because its firmware is no longer supported isn't realistic at scale. Security researchers recommend at minimum changing all default credentials immediately upon setup, disabling UPnP wherever possible, and checking manufacturers' support timelines before purchasing. Some routers from Asus and Netgear now include built-in IoT scanning features that flag potentially compromised devices — a small but meaningful development. The core tension, though, remains unchanged: convenience drove the IoT boom, and security has been retrofitting itself to the aftermath ever since.
Cloud Security Best Practices Every Enterprise Needs in 2026
The Breach Economy Is Forcing a Cloud Security Reckoning
When a major European financial consortium disclosed in February 2026 that misconfigured cloud storage buckets had exposed 47 million customer records, the incident sent shockwaves through enterprise boardrooms worldwide. The breach, estimated to cost upwards of $380 million in regulatory fines and remediation, wasn't the result of a sophisticated nation-state attack. It was preventable. That uncomfortable truth is reshaping how enterprises approach cloud security — and the urgency has never been higher.
According to Gartner's 2026 Cloud Security Report, 99% of cloud security failures through 2027 will be the customer's fault, not the provider's. Misconfigurations, over-permissioned identities, and inadequate monitoring remain the dominant attack vectors. With global cloud spending projected to exceed $1.1 trillion this year, the attack surface has grown proportionally massive — and threat actors are keeping pace.
Zero Trust Architecture Is No Longer Optional
The perimeter-based security model is functionally dead in cloud environments. Enterprises clinging to legacy VPN-centric frameworks are discovering that flat network architectures create catastrophic lateral movement opportunities once an attacker gains initial access. Zero Trust — the principle of never implicitly trusting any user, device, or network segment — has transitioned from industry buzzword to operational necessity.
Microsoft's 2025 Digital Defense Report found that organizations with mature Zero Trust implementations experienced 60% fewer breach-related incidents compared to those without. The framework demands continuous verification at every access point, micro-segmentation of cloud workloads, and least-privilege access enforcement across all identities. Critically, Zero Trust isn't a single product purchase — it's an architectural philosophy requiring coordinated implementation across identity providers, endpoint management, and network controls. Enterprises should begin by mapping their most sensitive data flows and building verification controls outward from those critical assets.
Identity and Access Management Remains the Frontline
Cloud identity infrastructure is where most enterprise breaches originate. CrowdStrike's threat intelligence team reported in Q1 2026 that identity-based attacks now account for 71% of cloud intrusions, with attackers exploiting service accounts, API keys, and OAuth tokens that carry excessive permissions and often lack rotation schedules.
Best-practice IAM in 2026 means mandatory multi-factor authentication for all privileged access, automated credential rotation using secrets management platforms like HashiCorp Vault or AWS Secrets Manager, and regular access reviews that actually remove dormant accounts. Equally important is eliminating standing privileged access in favor of just-in-time (JIT) access provisioning — granting elevated permissions only when needed and automatically revoking them afterward. Enterprises operating across AWS, Azure, and Google Cloud simultaneously must also invest in cloud infrastructure entitlement management (CIEM) tools that provide unified visibility into permissions sprawl across multi-cloud environments.
Shared Responsibility Confusion Is Costing Enterprises Millions
Despite years of industry education, the cloud shared responsibility model remains widely misunderstood at the enterprise level. Cloud providers secure the underlying infrastructure; customers are responsible for everything they build on top of it — data encryption, access controls, network configurations, and application security. That line gets blurry fast, and the gap between assumption and reality is where attackers thrive.
Palo Alto Networks' Unit 42 incident response team handled 340 cloud-related cases in 2025, and in 78% of them, the root cause traced back to the customer's side of the shared responsibility boundary. Practical remediation starts with cloud security posture management (CSPM) tools — platforms like Wiz, Orca Security, or Prisma Cloud that continuously scan cloud environments for misconfigurations and compliance violations. Automated remediation capabilities within these platforms can address low-risk findings without human intervention, freeing security teams to focus on high-priority threats.
Encryption, Logging, and Incident Response Complete the Picture
Encryption strategy in 2026 must extend beyond data at rest. Enterprises should enforce TLS 1.3 for all data in transit, implement customer-managed encryption keys (CMEK) for sensitive workloads, and evaluate confidential computing options for data in use — particularly relevant in healthcare and financial services where regulatory scrutiny is intensifying under frameworks like the EU's updated DORA requirements.
Comprehensive logging through centralized SIEM platforms, combined with cloud-native tools like AWS CloudTrail, Azure Monitor, and Google Cloud Audit Logs, provides the visibility necessary for both threat detection and post-incident forensics. Critically, logs must be stored in immutable, separate environments — attackers increasingly target logging infrastructure to cover their tracks. Finally, incident response plans must be cloud-specific and tested regularly through tabletop exercises that simulate real-world scenarios. Generic IR playbooks designed for on-premises environments consistently fail when applied to cloud breach scenarios, a gap that costs enterprises an average of 47 additional days in breach containment according to IBM's 2025 Cost of a Data Breach Report.
Smart Home Ecosystems Are Finally Growing Up in 2026
The Interoperability Breakthrough That Changes Everything
For years, the smart home industry's dirty secret was fragmentation. A Google Nest thermostat that refused to talk to an Amazon Echo, Apple HomeKit devices stranded in their own walled garden, and frustrated consumers returning products by the millions. That era is effectively over. The Matter 2.0 protocol, ratified by the Connectivity Standards Alliance in February 2026, now supports over 600 certified device categories — up from 180 at launch in 2022 — and for the first time includes robust support for energy management systems, garage door controllers, and whole-home audio devices. The practical result: a Philips Hue bulb can now be managed natively through Samsung SmartThings, Apple Home, and Google Home simultaneously, without a single workaround.
"We're seeing return rates on smart home bundles drop by roughly 34 percent year-over-year," said Lena Hartwell, senior analyst at Parks Associates, speaking at CES 2026 in January. "Consumers now have a reasonable expectation that devices will work together out of the box, and manufacturers are being held to that standard in a way they simply weren't three years ago."
Google, Apple, and Amazon Reposition Their Platforms
Each of the three dominant ecosystem players has responded to the post-fragmentation landscape by doubling down on software intelligence rather than hardware lock-in. Google's Home platform received a significant overhaul in March 2026, introducing Gemini-powered automation routines that learn household patterns without requiring manual configuration. In internal testing cited by Google, the system correctly anticipated morning lighting and climate preferences within four days of installation for 78 percent of households tested.
Apple, meanwhile, quietly expanded HomeKit's local processing architecture with the release of HomePod Ultra in late 2025. The device acts as a dedicated home hub capable of running on-device AI inference, meaning automations execute in milliseconds without a cloud round-trip. Privacy-conscious consumers have responded enthusiastically — HomePod Ultra sold out within 72 hours of its November launch and maintained backorder status through Q1 2026. Amazon's Alexa, now powered by its Nova foundation models, has pivoted toward what the company calls "ambient intelligence," where the assistant anticipates requests rather than waiting to be summoned. Early third-party reviews suggest the results are uneven, but the directional shift is unmistakable across all three platforms.
Energy Management Becomes the Killer Feature
If 2024 was the year of smart lighting and 2025 was dominated by AI cameras, 2026 belongs to energy management. Surging electricity costs across North America and Europe — average US residential rates climbed to 17.3 cents per kilowatt-hour in Q1 2026 according to the EIA — have made smart energy features the primary purchase driver for new adopters. Devices like the Ecobee SmartThermostat Premium and Sense Home Energy Monitor are being bundled directly with utility rebate programs in 23 US states, effectively subsidizing hardware costs for consumers who agree to participate in demand-response grids.
Startup Span.io reported a 210 percent increase in its smart electrical panel installations during Q1 2026, with the majority of customers citing integration with home solar and EV charging as decisive factors. The company's panel communicates directly with Tesla Powerwall, Enphase batteries, and Ford Charge Station Pro, dynamically shifting load based on time-of-use rates — a capability that was technically possible but practically inaccessible to most homeowners just 18 months ago.
Security and Privacy Concerns Follow the Growth Curve
The expanded ecosystem has attracted renewed scrutiny from regulators and security researchers. A widely circulated report from Bishop Fox in April 2026 identified 14 Matter-certified devices from six manufacturers that exposed local network credentials through improperly secured Bluetooth commissioning flows. The CSA responded with an emergency patch requirement, but the incident underscored that interoperability and security are not automatically aligned goals.
The UK's Product Security and Telecommunications Infrastructure Act, which took full effect in January 2026, now mandates minimum security update commitments and unique default passwords for any connected device sold domestically. Several analysts expect similar legislation to advance through the US Congress before year-end, particularly following the Bishop Fox disclosure. "Certification for interoperability and certification for security need to be the same conversation," argued Zack Ganot, co-founder of IoT security firm Device Authority, in a recent LinkedIn post that circulated widely among industry professionals.
What the Next Eighteen Months Look Like
Hardware makers are already positioning for the next competitive frontier: context-aware sensing. Presence detection that distinguishes between specific family members, not just motion, is moving from prototype to product. Aqara's FP3 human presence sensor, shipping in Q3 2026, uses millimeter-wave radar to identify up to six individuals by gait signature. Paired with AI assistants that maintain per-user preference profiles, the practical implication is a home environment that adapts to whoever enters a room without a voice command or manual input. The smart home's long-promised ambient computing future is arriving — somewhat belatedly, but with considerably more infrastructure behind it than any previous wave of enthusiasm could claim.
