Hosts Del Mar took place during a loud stretch for hosting security. A series of server rooting incidents and freshly disclosed exploits across cPanel, Linux, and Apache reminded the industry how exposed core infrastructure still is, and how fast attackers now move once a foothold appears. We sat down with Patrick, CRO of Monarx, a cybersecurity company, who co-organized the event. We talked about why malware volumes have jumped roughly 10x year over year, why behavioral analysis is winning over signatures, what changes when both attack and defense run on AI, and why competing hosts are sharing threat intelligence with each other despite being direct competitors.

This interview is part of a series recorded at Hosts Del Mar – a private, invite-only hosting industry gathering on Ibiza, organized by Atarim, Monarx, Patchstack, and StorPool Storage.
All Hosts Del Mar interviews →

Konrad: This is the second year we are sitting in the same spot. How is the event going so far?

Patrick: Other than the weather, which we cannot control, it has been a great event. There are a lot of very senior people here, and they are happy to interact, even when competitors are sitting right across the table from each other. The vibes are good, and this is something we want to keep doing for a long time. Hopefully people are enjoying it as much as we are. The yacht party tonight had to be cancelled because the harbor literally closed for all boats. That is how bad the weather is. So we are pulling an audible, renting the bar upstairs, having a good dinner, and Matt and Panos are DJing. Apparently they have skill sets we did not know about.

Konrad: It does not feel like a typical industry event. It feels more like a gathering.

Patrick: That is the point. Does business get done here? Sure, because we have people who already work together. But that is not why we do it. The point is to enjoy it and to build community. This space is tight-knit. People respect each other and help each other, even when they compete. Hosts Del Mar is an extension of that. We also want to thank our customers, partners, and clients, bring them out here, and tell them we appreciate what they are doing.

Konrad: What do you think is happening in the industry right now?

Patrick: The gorilla in the room is AI. Everyone is spinning up agents, doing vibe coding, trying to figure out what their customers want. A lot of our partners are doing unique things around OpenCloud. Other companies here are launching more agent-based products in the coming weeks. It is changing so fast that I genuinely do not know what you and I will be talking about on this same couch in three years.

Konrad: Last year we already talked about rising malware volumes. What does the picture look like in 2026?

Patrick: We have already caught and remediated more malware this year than we did in all of 2025. And 2025 was already 10x what we caught the year before. The nature of AI makes it easier for almost anyone to launch attacks, and there are bots crawling everywhere. The growth curve is steeper than anyone expected this fast.

Konrad: We are speaking right after a wave of server rooting incidents and exploits in cPanel, Linux, and Apache. How do you read that?

Patrick: It is a crazy, fast-moving time. I hope this does not become a recurring thing, but realistically more is coming. Once a server gets rooted, it is very hard to prevent in the first place and a big headache to clean up and patch. What I found interesting is the industry response. There are companies that compete with each other every day, and they have now set up private WhatsApp groups to talk about what is going on and how to help each other. That is really cool to see, and it is part of why this space is unique.

Konrad: How is Monarx’s approach different in this environment?

Patrick: We use AI to fight the AI. That is how we catch things early. Someone else does not need to get hacked first, and a signature does not need to be published, for us to stop something. We do behavioral analysis and decide for ourselves whether something is malicious. That is the core difference. We are not waiting for a known pattern.

Konrad: Your detection is also tied to a global network.

Patrick: We have partners on six continents. When someone gets popped anywhere in that network, our whole database updates. So if a partner in Africa gets hit, every other partner globally gets the benefit of that detection. I use the analogy that a rising tide floats all boats. We update our engines thousands of times a day based on what we see across that network. That is how we end up catching more in a single quarter than we did in a full previous year.

Konrad: What is the takeaway for hosting providers from the last few months?

Patrick: Servers are going to keep getting rooted. Malware volume is going to keep going up. AI lowers the cost of attack for anyone who wants to try. The hosting industry has to assume that, and it has to keep doing what is already starting to work: staying close as a community, sharing what each operator sees, and using AI on the defense side just as fast as the attackers are using it on offense.