Three infrastructure stories this week show how dependencies break in unexpected ways. Google’s reCAPTCHA stopped working for users who removed Google services from Android. AWS’s North Virginia data center went down for hours. And AI is creating gaps in how we find and fix security problems.

Google Locks Out Custom Android Users

Google’s reCAPTCHA service now blocks users running de-googled Android phones — devices where users removed Google Play Services and other Google components for privacy reasons. These users can’t complete basic web tasks like signing up for accounts or making purchases on sites that use reCAPTCHA.

This matters because it shows how vendor lock-in works in practice. Google isn’t just checking if you’re human — it’s checking if you’re using Google’s ecosystem. For businesses, this is a warning about single points of failure in authentication systems.

If your business relies on reCAPTCHA, you’re now excluding users who chose privacy over convenience. That’s a customer segment you might not realize you’re losing. Alternative solutions like hCaptcha or Cloudflare Turnstile don’t have this dependency.

AWS North Virginia Goes Dark

AWS’s us-east-1 region had a major outage affecting multiple data centers. Companies like FanDuel and Coinbase went offline for hours. AWS said recovery would take “hours” — which in cloud time means your business is down for half a workday.

Us-east-1 is AWS’s oldest and largest region. It’s also where many companies run everything because it’s cheap and has the most services. That convenience becomes a liability when it fails.

This is exactly why we build multi-region architectures for clients. Not because outages happen often, but because when they do, you can’t afford to wait for Amazon to fix their hardware. Your customers don’t care that it’s AWS’s fault — they care that your service is down.

AI Creates New Security Blind Spots

A new analysis shows AI is disrupting two established security practices. First, the “responsible disclosure” culture where researchers privately report bugs to companies before going public. Second, the “coordinated vulnerability disclosure” process where multiple vendors get advance notice of problems affecting shared components.

AI systems make these processes harder because vulnerabilities are less predictable and harder to isolate. Traditional software has clear boundaries — you know which version has which bug. AI models blend training data, inference code, and deployment infrastructure in ways that make root cause analysis messy.

For businesses building AI systems, this means your security team needs new processes. The old “patch and test” approach doesn’t work when the vulnerability might be in training data or model behavior, not just code.

This connects directly to what we see building custom AI agents. Clients often ask about security, but they’re thinking about traditional threats — data breaches, access controls, network security. AI introduces model-specific risks that require different detection and response strategies.

The infrastructure lesson is clear: dependencies multiply failure modes. Google’s ecosystem, AWS’s regional concentration, and AI’s complexity all create new ways for systems to break. The companies that survive these failures are the ones that design for them upfront.