The systems subversion era represents Schneier's most philosophically ambitious work. Building on the trust and power analysis of the trust-and-surveillance-era, this period generalized the concept of hacking beyond computer systems into a unified theory of how powerful actors subvert the rules of any system to their advantage — and what governance structures can resist that subversion.
A Hacker's Mind
a-hackers-mind (2023) is the defining work of this era. Schneier's central move was to generalize hacking-as-systems-subversion from its technical origins into a broad analytical framework. A hack, in this formulation, is any action that follows the rules of a system while violating its intent — exploiting loopholes, edge cases, and gaps between the letter and spirit of rules rather than breaking them outright.
This definition, which in the cryptography-era applied specifically to cryptographic attacks and in the security-thinking-pivot was extended to software and network systems, now encompasses financial systems (tax avoidance, legal arbitrage), legal systems (procedural manipulation, filibuster abuse), democratic systems (gerrymandering, voter suppression), and corporate governance (regulatory capture, stock buybacks structured to exploit ambiguities). Hacking, Schneier argued, is the characteristic tool of the powerful — those who have the resources to find and exploit loopholes at scale — and understanding it as a unified phenomenon is the first step toward designing systems resistant to it.
Power asymmetry as central concern
The systems subversion era reflects a sustained engagement with the political economy of power. Where the security-commentator-era focused on security measures and their effectiveness, and the trust-and-surveillance-era focused on surveillance and its political consequences, this era places the question of power asymmetry at the center. Schneier's argument is that the same security-mindset that allows security researchers to find vulnerabilities in computer systems can be applied to identify the structural vulnerabilities in any rule-governed system — and that the people most likely to be exploiting those vulnerabilities are those with the most to gain and the fewest constraints.
This framing connects Schneier's security analysis to broader political theory, particularly to arguments about regulatory capture, oligarchic governance, and the failure of democratic institutions to constrain concentrated economic power. Schneier is explicit about this connection in a-hackers-mind and in his blog writing from this period.
AI security
The emergence of large language models and AI systems as mainstream technologies brought Schneier's security-mindset to bear on a new domain: the security implications of AI systems, and the ways that AI can be used both to attack and to defend. Schneier's writing on AI security in this period applies his established analytical frameworks — threat-modeling, security-economics, the feeling-safe-vs-being-safe distinction — to questions about AI-generated disinformation, AI-assisted cyberattacks, and the security of AI systems themselves. His essay ai-and-trust is a compact statement of the trust-framework analysis applied to AI: why AI systems present a distinctive trust problem, and why existing trust mechanisms are poorly calibrated to handle them. He also testified before Congress on AI risks in testimony-ai-federal-government, bringing this analysis directly into the policy process.
His concern about AI is characteristically structural: not primarily about individual AI failures but about the power dynamics they create. AI systems that concentrate capability in the hands of a small number of corporations or governments extend the same power asymmetries that characterize the broader surveillance economy.
Harvard Kennedy School and policy engagement
Schneier's ongoing position at harvard-kennedy-school deepened during this period, moving from Fellow to Lecturer in Public Policy. This institutional context reinforced the policy and governance dimensions of his analysis. His engagement with legal scholars, political scientists, and policymakers is visible in the argument structure of a-hackers-mind and in the policy prescriptions he developed alongside the analytical framework.
The systems subversion era is ongoing. The intellectual trajectory it represents — from cryptography to security process to surveillance to power structures to systemic subversion — is one of the more dramatic intellectual arcs in the history of technology policy thinking, and it is not yet complete. The essay collection we-have-root gathers the blog writing and shorter pieces from the early part of this era, documenting the range of issues Schneier was engaging simultaneously. His affiliations during this period also extended to organizations working on the infrastructure of digital rights: inrupt, Tim Berners-Lee's initiative to decentralize web data, and tor-project, which builds the anonymity infrastructure that makes surveillance-resistant communication practically possible.