The Matrix Resurrections security assessment

A look at what’s changed in the Matrix in the 18 years since the last update.

In December 2021, the creators of the Matrix rolled out a massive update, The Matrix Resurrections, perhaps to address the dire state of security in the system. As often happens with system bug fixes, the update resolves some but not all issues — and adds some new ones in the process.

What’s changed in the Matrix in the 18 years since the last update? Today, we’re evaluating the latest installment from a cybersecurity perspective. As usual, spoiler alert!

Fighting pirate avatars

As before, external hackers have infiltrated the Matrix. In the original trilogy, whether the system was serious about fighting the Zion Resistance or just pretending to be was never entirely clear (and the Matrix is hardly the only fictional universe that’s convoluted). The new movie creates the impression that the Matrix programs genuinely do not want outsiders in their system, that countermeasures are in full force but simply not effective enough.

Pirate signal from hacker ships

Hacker ships continue to transmit pirate signals to the Matrix, as they did before in “real reality.” No firewall was ever implemented at the entrance to the Matrix, though that would have been logical. Using a Zero Trust approach from the start would have prevented a lot of hassle.
Status: Unsolved

Pirate avatar transfer system

Either the Matrix defeated the system that broadcast pirate avatars through simulated telephone landlines and the hackers had to invent something new, or the hackers improved their methods and abandoned wire telephony. Either way, the system is different now: The new breed of rebel uses a complex system of dynamic redirects. In other words, the rebels can now turn doors and mirrors into portals both for quickly transporting pirate avatars from place to place and for logging in to the system. That’s very similar to the work of the Keymaker in the second movie — perhaps the hackers managed to replicate (or borrow) part of his code.
Status: Worse than before


Pirate avatar tracking system

The Matrix has become far more responsive to outside avatars’ actions. Countermeasures are now applied (and much more quickly) in almost every case of rebel infiltration — perhaps the creators of the Matrix followed our recommendations for the original trilogy and finally implemented EDR. Moreover, hackers are now forced to obfuscate their tracks constantly, for example by opening portals in a moving train to keep their activity hidden from the agents for longer.
Status: Greatly improved

Matrix agents

The Matrix has abandoned its unique and probably resource-intensive agents. They remain as code, but they exist exclusively within a looped, double-virtual simulation. The Matrix, you see, has learned to switch the avatar of any connected human to bot mode, acting for the system. Visually, the difference is that, whereas an Agent previously replaced a person’s avatar, now the avatar outwardly remains the same but is taken over by the AI.

By comparison with agents, bots act more primitively, but they can operate in swarm mode, synchronously and (subjectively) more efficiently. Physical laws still govern the bots’ behavior, however, and the result is essentially the same. Hackers can still get the job done; they just have to work a little harder for it.
Status: Different, not better

Rogue programs

The Matrix used to be full of unnecessary programs that had no useful system functions. Along with the update, the AI purged obsolete software throughout the system, destroying the vast majority of rogue programs — not all, of course, but precious few remain. Some have emigrated to the physical world (we won’t say how; that would be one spoiler too many). In any event, getting rid of outdated software is the right move.

Status: Greatly improved

Network segmentation

The Matrix’s attitude toward isolating subnets remains poor. From the outside, the rebels manage to break in —not only to the Matrix, but also to a simulation of the Matrix, deployed inside on double-virtual servers. In other words, the simulation is on the same thoroughfare, so to speak; once inside the network, an intruder can go anywhere — say, accounts or R&D. In short, the implementation is very sloppy, especially given the absence of an entrance firewall or Zero Trust system.

Status: About the same

Anomaly control system

The original trilogy’s system for controlling anomalies in the code (by means of the One) no longer works. Instead, we have a new system, in which the One and Zion no longer go through cycles of recreation; rather, the Matrix tries to manipulate the reconnected Neo through Trinity and colleagues.

The result is even more deplorable than before. Instead of one human with some avatar code anomalies, they get two — and that might not be all.
Status: Much worse

The problem of ex-Agent Smith

The Matrix did not destroy the code of former Agent Smith, but instead took control of it and tried to implement it in a complex new anomaly control system. The AI is likely interested in that part of the code that retains elements of Neo’s code.

The part responsible for uncontrolled replication seems to have been deleted. However, by the end of the movie, Smith frees himself (as usual, thanks to Neo’s intervention), and he remains in the Matrix. What’s more, he can now jump from avatar to avatar, an ability the Matrix can’t control. In other words, if before Smith was a rather stupid virus, it has now morphed into a full-fledged APT.

Status: Much worse

New problems

The balance of power has changed significantly. First, Zion was not destroyed at the end of the original trilogy, which greatly strengthens humanity. Second, following a split on the machine side, some AI carriers — both intelligent machines and purely software-based personalities — are now on humanity’s side. The result is several fundamentally new issues.

Data leaks

The AI carriers absconded with a fair amount of information, some of which is sensitive. The humans now know a lot more about the architecture of the Matrix and various critical systems.

Critical infrastructure security

The hackers are far more active in the “real reality” and now periodically attack critical infrastructure at the physical level. Moreover, the renegade machines actively help humanity hack into other machines at the hardware level, for example, by breaking into the harvester control system and other protected objects. As a result, the Zion rebels can continue stealing the bodies of humans connected to the Matrix.

General takeaways

To sum up, the Matrix update has worsened the overall security of the machines, not improved it. If the AI had not turned enslaved humans into batteries, perhaps people could have helped out with an independent vulnerability analysis — well worth the effort before rolling out a massive update.