Talkin' Bout [Infosec] News | NASA Gets Phished by Chinese

This episode dives into the economics and competitive dynamics of the AI industry, including discussions on profitability, pricing strategies, monopolization, and the rise of open and distilled models—particularly concerns around Chinese AI competition. The hosts also cover a reported long-running phishing campaign linked to Chinese actors targeting NASA-affiliated researchers and engineers, highlighting how social engineering was used to extract sensitive aerospace information.

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

(00:00) - PreShow Banter™ — Making More Money than OpenAI
(04:58) - NASA Gets Phished by Chinese - 2026-04-27
(07:22) - Story # 1: ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
(13:07) - Story # 2: A Mexican surveillance giant you’ve never heard of is now watching the U.S. border
(19:59) - Story # 3: Scam messages offering ships safe transit through Hormuz, security firm warns
(24:24) - Story # 4: Apple fixes bug that let the FBI recover deleted Signal messages
(27:49) - Story # 5: Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
(30:28) - Story # 6: cDc communications | CULT OF THE DEAD COW | The Hacktivismo Declaration: Rebooted 2026-04-21
(34:07) - Story # 7: NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
(36:29) - Story # 8: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite
(41:34) - Story # 9: Discord group says it accessed Claude Mythos by guessing location
(44:19) - Story # 10: Introducing GPT‑5.5
(46:46) - Story # 11: CERT-In Advisory CIAD-2026-0020
(50:47) - Story # 12: pro j e c t d e a l

Links
Story # 1: ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
Story # 2: A Mexican surveillance giant you’ve never heard of is now watching the U.S. border
Story # 3: Scam messages offering ships safe transit through Hormuz, security firm warns
Story # 4: Apple fixes bug that let the FBI recover deleted Signal messages
Story # 5: Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Story # 6: cDc communications | CULT OF THE DEAD COW | The Hacktivismo Declaration: Rebooted 2026-04-21
Story # 7: NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
Story # 8: How UNC6692 Employed Social Engineering to Deploy a Custom Malware Suite
Story # 9: Discord group says it accessed Claude Mythos by guessing location
Story # 10: Introducing GPT‑5.5
Story # 11: CERT-In Advisory CIAD-2026-0020
Story # 12: pro j e c t d e a l

Click here to watch this episode on YouTube.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Creators and Guests

Host

Corey Ham

Corey Ham has been with Black Hills Information Security (BHIS) since 2021 delivering red teaming and OSINT services. Currently, Corey leads the ANTISOC team at BHIS, providing subscription-based continuous red teaming to BHIS clients. Outside of his time at BHIS, you can find him out in the woods or up on a mountain somewhere.

Host

Hayden Covington

Hayden Covington joined Black Hills Information Security (BHIS) in the Summer of 2022 as a SOC Analyst. He chose BHIS after hearing many great things over the years and seeing the quality of work, as well as finding people who have the same passion for the field as he does. His favorite part of the job so far has been the community. Previously, Hayden worked in a SOC for a Naval contractor, where he also served as their SOAR project manager and SME, as well as insider threat lead. When he’s not working, Hayden can be found doing anything athletic (like triathlons!), as well as enjoying video gaming and Formula 1.

Host

John Strand

John Strand has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry-shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks.

Host

Ralph May

Ralph is a U.S. Army veteran and former DoD contractor who supported the United States Special Operations Command (USSOCOM) with information security challenges and threat actor simulations. Over the past decade, he has provided offensive security services at Optiv Security and Black Hills Information Security (BHIS) across various industries. His expertise spans network, physical, and wireless penetration testing, social engineering, and advanced adversarial emulation through red and purple team assessments. Ralph has developed several tools, including Bitor (set to release in January 2025) and Warhorse, which enhance efficiency in penetration testing infrastructure and operations. He has spoken at numerous conferences, including DEF CON, Black Hat, Hack Miami, B-Sides Tampa, and Hack Space Con.

Host

Wade Wells

Wade Wells has been working in cybersecurity for a decade, focusing on detection engineering, threat intelligence, and defensive operations. Wade currently works as a Lead Detection Engineer at 1Password, where he helps build and mature scalable detection programs. Outside of his day-to-day work, Wade is deeply involved in the security community through teaching, mentoring, podcasting, and running local events

Guest

Aisling nic Lynne "siriciryel"

Aisling nic Lynne is a cybersecurity practitioner with strong interest in privacy and forensics, all the way back to setting up GPG inside her AOL IMs in college. Her broad technical background includes being a sysop for a top-20 supercomputer, high-energy particle physics experiments, and aero engine engineering. She is a second-generation ttrpg player, handyma'am, and would collect more Star Wars LEGO sets if only she had a place to put them. Some people want to see the world burn; she wants to see people's eyes alight with understanding.

Producer

Ryan Poirier

Ryan Poirier began his time at Black Hills Information Security (BHIS) as the Video Producer and Editor in August 2020. Ryan polishes and perfects every webcast, podcast, and workshop on the BHIS, ACM, and WWHF YouTube Channels. Prior to Ryan’s time at BHIS, he worked for one of the largest public schools in the United States, conducting their video production and live broadcasting. He joined the BHIS team because he felt like it would be a great group of people to work with, and he couldn’t pass up the perfect next step in his career. Outside of his time with BHIS, Ryan does freelance photography, attends Cars & Coffee events, and expands his knowledge of audio and videos.

What is Talkin' Bout [Infosec] News?

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
Join us live on YouTube, Monday's at 4:30PM ET

Corey Ham: 00:01

Dude, are you telling me I make more money than OpenAI? Yes.

John Strand: 00:04

You make more money than

Corey Ham: 00:06

I love that logic.

Aisling nic Lynne: 00:08

I make more money than OpenAI.

Corey Ham: 00:10

If you if you made $1 from selling a hot dog last year, you made more money than OpenAI anyway.

Ralph May: 00:16

Well, so it's not uncommon. Not not it's not uncommon for these big businesses to burn a ton of Yeah.

Corey Ham: 00:22

Yeah. I know how economics work. Blah blah blah blah. We had Amazon not turning a profit for ten years, and now Bezos is buying 15,000,000

Ralph May: 00:30

And now do wanna go look at their profit sheets per quarter? It's, like, disgusting

Hayden Covington: 00:34

what the numbers are. Right? Like, it is

Corey Ham: 00:36

it is And I

John Strand: 00:36

I love Amazon. They're like, you all fight on the AI thing, and when you get it sorted out Yeah. Shit on our infrastructure.

Corey Ham: 00:46

Oh, yeah. Instead of being the AI, they're just the platform that AI is on. Right. And and two or three

Ralph May: 00:52

I I have one good example, like Uber. Right? They were burning tons and tons of capital, and I think they still are. But the point I'm trying to bring up here, they had to raise their prices because everything was so cheap. It was all, like, great in the beginning, but they gotta make money eventually, and that goes to save for AI.

Ralph May: 01:06

Right?

Corey Ham: 01:07

Yeah. Well, also, the monopoly. That's the tech that's the tech point. Yeah. If you're your market, Yeah.

Corey Ham: 01:12

Push down all the prices, then you monopolize it, and you push them back up.

John Strand: 01:15

Yeah. It's none of none of these bastards are gonna do that. Right? Because, like, literally, there's nothing I hate to say this, but there's almost nothing special. Like, there's no, like, patentable special sauce.

Hayden Covington: 01:27

Yeah.

John Strand: 01:27

That they're going to get. So and everybody eventually can just run their own local models. They can run it on their own infrastructure if they want. So how do you completely get a monopoly in this particular space in a way that, like, Anthropic or OpenAI wins the AI? You're not going to.

Hayden Covington: 01:45

So And that's why they kept Mythos secret for a while. A lot of people hypothesize is because the the Chinese model would just distill it and then release it open source within a couple of years. Right? And so if you I get a public model, it'll get distilled. That's true.

Corey Ham: 01:59

Yeah. Wait. Wait. Wait. Hold on.

Corey Ham: 02:01

Name a distilled model that's actually good.

Hayden Covington: 02:03

I mean, composer's distilled off of, like, anthropic, isn't it?

Corey Ham: 02:08

No. No. Composer was No. Composer was supposed to

Ralph May: 02:11

Kimmy. It's actually Kimmy.

Hayden Covington: 02:12

Found it

Ralph May: 02:12

in the source code.

Corey Ham: 02:13

It was Kimmy. Oh, that's right.

John Strand: 02:14

I saw it.

Corey Ham: 02:15

That was yeah. Saying. Okay. So my question is name a distilled model that anyone would actually use.

Hayden Covington: 02:20

There was one. I can't remember the name.

Ralph May: 02:22

I'll use a Chinese model if it's cheaper

Wade Wells: 02:23

than use. No one's using it. Terry, I

John Strand: 02:27

found one of its it's from Canada. You would know it.

Corey Ham: 02:30

Coin isn't distilled, is it?

Wade Wells: 02:31

No. I don't know. I just I just literally just

Corey Ham: 02:34

But here's the deal,

Ralph May: 02:35

Here's the deal, Corey. If if Anthropic not if. When Anthropic raises the rates enough, you will start paying more attention about these other models.

Corey Ham: 02:43

Yes. You're right. Also, we did start this conversation by saying, how can we not talk about Aisling nic

Hayden Covington: 02:49

Funny. Lynne. Funny. Apparently, the minimax models were just I'm

John Strand: 02:53

I'm, like, in bed out to be arrested. Like, there should be sirens behind me, and

Corey Ham: 02:57

I'm Yeah. I think you're on a shipping container. Hostage. Donna's being held

John Strand: 03:01

hostage. So where?

Hayden Covington: 03:03

It's like that clip where it's, like, the dude from Harry Potter that got arrested, and in his mugshot, he's, like, freaking out. Like, that does not help when you look innocent guy.

Corey Ham: 03:12

Send us a picture. I wanna see this. I don't know what you're talking about.

Hayden Covington: 03:14

Of the Harry Potter thing? Oh, okay.

Corey Ham: 03:16

A guy from Harry Potter got arrested? Is it Snape? I knew he was the bad guy the whole time.

Hayden Covington: 03:22

It's oh, here we go.

Wade Wells: 03:25

It was it

Aisling nic Lynne: 03:26

was one

Wade Wells: 03:26

it was one of it was serious play

John Strand: 03:29

because Legit. Because that would be less controversial than Harry Potter right now.

Hayden Covington: 03:33

Oh, my Discord needs to do 42 updates. One moment.

Ralph May: 03:36

Yeah. That's normal,

Corey Ham: 03:39

actually. Only 42, dude. It's just distilling your model.

Hayden Covington: 03:42

Yeah. Yeah, dude. I wish it would distill me right now.

Wade Wells: 03:45

Wasn't it one of Draco Malfoy's, like, henchmen? It was one of those two guys?

Hayden Covington: 03:49

It was it was Harry's godfather, the one that got arrested and was, like, tripping out in his mugshot. Gary

John Strand: 03:55

Old man?

Wade Wells: 03:56

It's Gary Old man? Yeah.

Hayden Covington: 03:58

Oh my gosh. Okay. Now it's doing eight more updates.

John Strand: 04:01

AI is getting so good at putting my face on random things. I'm really learning who I actually look like. Like, in Robocop?

Wade Wells: 04:09

Yeah. You could call a Robocop, John. John Robocop with themed.

John Strand: 04:12

Human android or, you know, like, cyborg. I I just, yeah, that's great.

Aisling nic Lynne: 04:19

Yeah. There's the picture. Yes.

Corey Ham: 04:21

I see the mugshot. It looks like it's from the actual book though.

Ralph May: 04:24

I mean,

Corey Ham: 04:24

it might It

Hayden Covington: 04:25

might be. It's it's from it's from Google Images, apparently Pinterest, so that's why it looks like garbage quality.

Aisling nic Lynne: 04:31

As far as I know, that

Wade Wells: 04:33

is from the movie.

Aisling nic Lynne: 04:34

Didn't have an image for that. That is from the movie.

Hayden Covington: 04:37

Well, it is from the movie.

Wade Wells: 04:38

Yeah. He's screaming at interest because the mentors are eating him.

Hayden Covington: 04:41

Corey Ham: 04:42

I was about to be like, dang. Hate got a DUI? What what is going on? Alright. Should we start the show, or should we just talk about AI for twenty minutes?

John Strand: 04:49

Let's start the show.

Corey Ham: 04:50

Do need use other AI?

John Strand: 04:52

No. Start just driving. Go to him.

Corey Ham: 04:53

So Go for it. Roll the finger. Go ahead. Do do do it. Hello, and welcome to Black Hills Information Security's talking about AI.

Corey Ham: 05:17

Wait. No. Sorry. Wrong show. Talk about news.

Corey Ham: 05:20

It's April, and we're here to talk about all kinds of fun things. We have scattered spider people going to jail, pleading guilty. We've got Mexican surveillance giants taking over border control. We've got phishing text based on, are you trying to pass the Strait Of Hormuz? Click here.

Hayden Covington: 05:39

Oh.

Corey Ham: 05:40

We've also got access to Glasswing AKA Mythos. No. We don't. But some Discord group claims that they did. Mhmm.

Corey Ham: 05:49

So we'll get into that.

Hayden Covington: 05:50

I didn't wanna see the strato Hormuz one. That just seems like an AI was told, like, hey. Go fish people based on current events, and it was like, you got it, boss. I'm on it. I'm on it.

Corey Ham: 05:58

But I'll run a quick round of introductions. There's only six of us today, so our Brady Bunch vibes are key. We've got Hayden to my wait. Hayden, who's our sock person. We've got who is our resident, I guess, flammability assessment

John Strand: 06:16

coordinator. Flame on. Have put a lot of

Aisling nic Lynne: 06:20

swords on fire in my day.

Corey Ham: 06:22

John Strand who's not tweeting about how much he's spending on Claude, but could be if he wants to get that VC money.

Ralph May: 06:28

Oh, that's sweet GC cash.

Aisling nic Lynne: 06:30

He could be living the dream.

Corey Ham: 06:32

It's all he got. Ralph who is currently building a Raspberry Pi or something. I don't know. Who knows? Dallas.

Corey Ham: 06:37

Building his own Raspberry Pi?

John Strand: 06:39

Could be like a Rubik's cube.

Ralph May: 06:41

He It's AI pie.

Corey Ham: 06:43

An AI pie. Pie? And then we've got Wade, who's ordered some pizza from the BHIS Hackin' Fresh webcasts pizza company.

Wade Wells: 06:51

It's excellent. No pineapple. This is a no pineapple.

Ralph May: 06:54

Oh, I love pineapple. Pizza house.

Corey Ham: 06:55

No. It's it's a it's personal choice.

John Strand: 06:58

An apple on pizza thing? Okay.

Corey Ham: 07:00

I only have pineapple

Wade Wells: 07:01

on You said you didn't wanna be controversial, John.

Ralph May: 07:03

Here we go. Here we go.

Corey Ham: 07:06

Should we just do the AI? Should we spend the whole first part of the show talking about AI or the whole second part

John Strand: 07:10

of the show? The other stuff.

Corey Ham: 07:12

Let's do second. Let's we'll do second half.

Hayden Covington: 07:14

So because on the second half, they'll cut us off.

Corey Ham: 07:17

We'll do this non AI articles first. If you hate AI, you can leave halfway through. That's perfect. So first of all, there was a Krebson security article, basically talking about how Tyler b, one of the members of Scattered spider, pled guilty. He's a UK citizen and was actually, like, fleeing the police, and was, like, in Spain, and then he was flying to Italy.

Corey Ham: 07:39

I like how the picture they're using of him is from when he was, like, seriously 12.

Ralph May: 07:43

Yeah. Why why is that?

Wade Wells: 07:45

That's when he was active.

Corey Ham: 07:47

Well, we know what he looks like for

Hayden Covington: 07:51

When he was actively hacking the truth, though.

John Strand: 07:54

I gotta be honest

Hayden Covington: 07:54

with that.

John Strand: 07:55

If that guy rolled out with, like, a guitar, I'm like, this song is about to just fucking slam. Or like, he looks like he looks like what is it? The Hives or whoever, like, when, like, really kick ass music was back in the early two thousands, but that's a horrible picture.

Hayden Covington: 08:12

You also come out. Computer geek. I didn't know we still used that word.

Corey Ham: 08:16

I know. This is like the the picture there is a very much, like, I feel like I'm at, like, a Seinsbury or something in The United Kingdom, like, reading basically the I'm reading the equivalent of, like, the National Enquirer. Like

Hayden Covington: 08:28

Right. Yeah.

Corey Ham: 08:29

He's just gonna The article

John Strand: 08:30

out. And then it's off. Like, it's just that's only only four people in the audience will get that reference. That's it. So

Corey Ham: 08:40

The, you know, the article is pretty in-depth, but, basically, it just runs through the history of Scattered Spider. For those who don't know, they breached, you know, MGM and Marks and Spencer's and a bunch of other companies. They had SIM swapping and a bunch of other members. It was an English speaking cybercrime group. So

John Strand: 08:58

Which kinda thought right? With the sophistication of the social engineer, we thought that they were English speaking from the start.

Corey Ham: 09:05

So and just to be clear, he was extradited. Is that that's the other thing that we're kind of Hey. Not really covering here is that he was, yeah, dragged to court in The US, and there's the picture of him being dragged by some Spanish police to The US. So

John Strand: 09:19

The lesson to be learned here is don't commit crimes where you could be extradited from Yeah.

Corey Ham: 09:24

That's like a lot gun violence.

John Strand: 09:25

Cyber criminals are, like, in Kansas, you're like, what the hell were you thinking? Go to ball.

Corey Ham: 09:30

All of them were too. Like, the group is okay. So the group is a guy from Florida guy from Florida, a guy from Texas, a guy from another guy from Texas, a guy from Jacksonville, North Carolina, another couple from The UK. Like, I don't know.

Hayden Covington: 09:44

I thought you were kidding.

Aisling nic Lynne: 09:45

No. No.

John Strand: 09:46

No. Really? They were No.

Aisling nic Lynne: 09:48

Like No. Really? They were so successful. Wow.

Ralph May: 09:53

Yeah. So

Corey Ham: 09:54

So yeah. I

John Strand: 09:55

mean I guess in this one situation, out of the billions of dollars that were stolen and all the damage, these guys were caught. So that just proves that crime doesn't pay.

Corey Ham: 10:05

Yeah. It doesn't pay.

Hayden Covington: 10:07

It pays for a little while, and then it

Corey Ham: 10:09

won't pay because you can't pay for AI with Bitcoin.

Wade Wells: 10:13

No. Well, you

Ralph May: 10:13

should able to, though. Why can't you prove that?

John Strand: 10:16

That's a good

Corey Ham: 10:16

question. Let's start Because of KYC, man. It's we can't have nice things. Alright?

Ralph May: 10:21

That's Anyway That's

Corey Ham: 10:23

not what KYC stands for. KYC definitely stands for no abusing AI if we Yeah. Yeah. Yeah.

Ralph May: 10:30

It's an acronym, but you have to look deeper.

Hayden Covington: 10:33

It says they linked him through, like, reused usernames and email addresses.

Corey Ham: 10:36

But, like Oh, dude. He no. No. It gets worse. He logged in to Namecheap from his home IP.

Hayden Covington: 10:43

Oh my god. Oh. Okay. Well, you deserve it at that point. If you're, like, this prolific, like, hacker group and your OPSEC is that bad

Ralph May: 10:50

Well, he didn't think he was gonna get caught.

Corey Ham: 10:52

These kids are 16 years old. Are you telling me they don't have fully developed frontal lobes? Nope. Turns out they don't.

Hayden Covington: 10:58

I guess they're developed enough to hack these giant companies, but not to use a different email.

Ralph May: 11:02

That's a sign that's nature From a a, what do you call it? A, mind perspective here. This is about risk. Like, they don't care. They don't think about the sequences.

Ralph May: 11:12

That that

Corey Ham: 11:13

It's the same thing as me riding a motorcycle with no helmet at

Ralph May: 11:16

each 17. Because it's cool.

Corey Ham: 11:18

Because it's cool. It's cool. The the the group, I think, in general, the comm, whatever you wanna call them, their basic thing is, like, this shouldn't be this easy to hack these big companies. So that's what I know doing. The best.

John Strand: 11:32

I'm actually a motto. I almost feel

Wade Wells: 11:34

like this is

John Strand: 11:36

Infosec jackass. Like, what's the dumbest thing that you could do? And then you're like, don't don't no. Oh, goddamn. You logged into Namecheap from home.

John Strand: 11:45

Oh, jeez. That's that's gonna hurt.

Hayden Covington: 11:47

They're just playing chicken to see who gets caught first.

John Strand: 11:49

Yeah. It's like who's doing the dumbest thing.

Aisling nic Lynne: 11:52

Kinda. Yeah. It really gives that vibe kidding. A lot.

Corey Ham: 11:55

Yeah. I'm not I think that's pretty accurate.

Ralph May: 11:57

I mean, I think it's good that they got caught because it actually shows that there is some kind of punishment that could come along.

Wade Wells: 12:05

Yeah. You don't hack from a exactly what John said. You don't hack from a state that has extradition treaties. That's

Aisling nic Lynne: 12:10

it. That's like

Ralph May: 12:10

a big that'd be the whole country.

John Strand: 12:12

Not a real vibe. Or if

Corey Ham: 12:14

or if you're gonna

Aisling nic Lynne: 12:15

do it, you get the heck out right away. Like, you go, okay. It was easier because I was inside the, you know, firewall boundaries or whatever. Bye.

Corey Ham: 12:25

Yeah. If there's them

Ralph May: 12:26

being arrested, then nobody else would know.

John Strand: 12:28

Cybercrime groups don't f with China. Because I think that China has a completely different way of dealing with things. Yeah.

Wade Wells: 12:35

The Chinese executed a dude who is phishing. Like,

John Strand: 12:39

they don't extradite.

Corey Ham: 12:41

Mean actually fishing or fishing with

Wade Wells: 12:43

No. A Fishing with a p. They used he got caught scamming and fishing.

Hayden Covington: 12:47

They just

Wade Wells: 12:48

started, like, yeah, got executed now. So

Corey Ham: 12:49

He was sending phishing emails while illegally fishing in this in the South China Sea?

Hayden Covington: 12:55

Didn't have a phishing license. You gotta get one of those work for

Ralph May: 13:01

the state. Yeah.

Corey Ham: 13:02

What's next? We can talk about so this is kind of interesting. So, basically, it looks like The US has contracted with a company called secure Securitech Securitech, which is the a Mexican company that has pretty broad surveillance capabilities to monitor The US border. I don't really know how big the contract is or what it is, but, essentially, everyone's freaking out because they're just assuming that this is kinda sketchy, that the company isn't properly secured or doesn't have proper data custodianship and all that stuff. But, yeah, I don't know.

Corey Ham: 13:36

It's an interesting angle to think about, like, hey. Watch our border for us. And by the way, we're gonna pay you a huge, you know, contract fee to do that.

Aisling nic Lynne: 13:48

It's kinda fun. The 1,270,000,000 number is not like how much they're spending this year, but a lot of it comes out of not a lot of years, that all that's pesos. Right. It's it's initially an uninflated, pesos, so this is just tallies over the last, like, ten years or so. But the thing that caught my eye is, apparently, Mexico is spending about 5% of the entire global spend on surveillance tech,

Corey Ham: 14:21

most

Aisling nic Lynne: 14:21

of it going to this one company. And I went, 5%? That seems like a lot. Isn't Mexico small? And I checked, and, like, it's three times the fraction that their population is out of the world.

Aisling nic Lynne: 14:36

Like, they're one point six and one point three percent of the whole world depending whether you're counting people to have cameras on or landmass to have cameras on. But one way or another, they're spending, like, three times how many people they've got worth of the global share of spend on this. Also, look at this building. Is it me at all, or does that look like the tower in the middle of a prison yard except this is the entire city?

Hayden Covington: 15:03

Looks like Arasaka Tower.

John Strand: 15:04

Very Bantham Panampticon at that point. So so so I wanna talk a little bit of background on this. So what happens whenever you're dealing with intelligence, like in The United States, have something like con CONUS, which is Continental United States. And you cannot do surveillance on US citizens without a warrant. Right?

John Strand: 15:25

So one of the things that countries do, because a lot of countries have similar laws, is they will hire companies from other countries to get that data instead. So that's a way of circumventing it. So The United States, instead of actually directly monitoring US citizens, they acquire data and like surveillance data and things like this from various third in third party independent companies or completely different countries to do it on our behalf because it's illegal for them to do it through this direct means. But if they buy it through these third party services, then it's I guess it's kind of like money laundering, but intelligence laundering.

Corey Ham: 16:05

Mhmm. I think that's a good analogy.

John Strand: 16:07

This is really common. So you may have something where somebody in The UK says, well, we were monitoring data, and it looked like somebody in The United States is doing something. And The United States can open up a FISA warrant at that point and be like, well, we weren't monitoring, but someone said, now they can start monitoring that individual. Yeah. So this this didn't surprise me all that much, especially because of what's going on on the border.

John Strand: 16:30

And now they can just acquire the surveillance directly without having to do the surveillance themselves of law. Can

Wade Wells: 16:37

we scroll down to that one image? Like, if you go to the news article, scroll down. Wait. Right. Stop right there.

Wade Wells: 16:42

Look at those monitors. I want some of those. That's what I'm really looking at.

Corey Ham: 16:45

You see

Hayden Covington: 16:46

how big they are?

Corey Ham: 16:46

That's just a TV. You can't call it

Wade Wells: 16:48

a blind Is that a TV?

Aisling nic Lynne: 16:49

Is it like a four

Corey Ham: 16:50

k TV in

Aisling nic Lynne: 16:51

your lap?

Corey Ham: 16:51

It's just a 43 inch TV. No one's stopping you.

Aisling nic Lynne: 16:53

It looks like it's almost touch screen.

Hayden Covington: 16:55

It looks like

Aisling nic Lynne: 16:58

it's gotta be touch screen. It right? Right?

Wade Wells: 17:00

Yeah. Could you like, you're you're pulling up logs, enhance, and, like, oh, okay. Then unenhancing, throw the logs over there, bring

John Strand: 17:06

in some new logs.

Ralph May: 17:07

Dude, why?

Hayden Covington: 17:08

A pew pew map on it, man. You have to

Corey Ham: 17:10

Pew pew, man. If you

Ralph May: 17:11

if you enhance the logs enough on that screen, you could actually see this red actor.

Wade Wells: 17:15

My cloud code would look so great. Yeah.

Corey Ham: 17:18

Oh, yeah. Right there.

Hayden Covington: 17:20

Ask

Corey Ham: 17:20

him. Can you imagine vibe coding on that screen right now? Dude, I cannot imagine watching my cloud usage slowly chip away on that. Oh, man.

John Strand: 17:27

It's just a scattered spider. I don't understand. I know. There's Have you ever read the book Scorpion King? Because this is starting to feel a lot more like Scorpion King.

John Strand: 17:38

If you haven't read the book, you should. It's a fantastic book. But

Corey Ham: 17:40

Have not read the book?

John Strand: 17:42

Gotta look movie That's

Corey Ham: 17:44

not related.

Hayden Covington: 17:44

Dwayne to the Theron. Theron.

Aisling nic Lynne: 17:47

Actively making a

John Strand: 17:48

note. That's not it.

Ralph May: 17:50

I'm sorry.

John Strand: 17:51

Scorpion king is there's a drug lord that controls the border on the Mexican side that controls and stops immigration.

Ralph May: 17:58

Mhmm.

John Strand: 17:58

And but it's very very similar to this type of scenario.

Corey Ham: 18:03

Alright. I

Hayden Covington: 18:04

think I found the wrong scorpion king.

Corey Ham: 18:06

This is I searched it on the scorpions?

Hayden Covington: 18:09

No. I searched it on a book app, and it looks like a series of spicy novels. So I'm not gonna add that one to my I mean,

Aisling nic Lynne: 18:16

that doesn't surprise me either.

Hayden Covington: 18:18

I'm gonna I don't think that's the one John was talking

Corey Ham: 18:20

AI slop in the world. I know. Romance. I can only imagine.

Hayden Covington: 18:24

Steen is just as bad.

Ralph May: 18:26

A AI slop. There's this real I writer slop in that comic. That's true. I've read both

Aisling nic Lynne: 18:32

of them. Writers are still a thing.

John Strand: 18:34

I got the I got the book name wrong. It's the house of the scorpion.

Ralph May: 18:38

Oh, okay.

Corey Ham: 18:39

That's why

Ralph May: 18:39

I just can't find

Corey Ham: 18:40

He got confused with the Romans. The other one was Romans. Novel. Yeah. Don is reading another spicy romance novel on his trip.

Corey Ham: 18:48

House of the

John Strand: 18:49

Scorpion is the name of the book. Sorry. My bad. I sent you all the spicy novels, which now I'm hoping that there's a spike at Scorpion King novels like a romance novel. To go off the way

Corey Ham: 19:01

it did. Can't see how it's romantic. Like you can't Google that. Me like a scorpion and poisoned me.

John Strand: 19:07

Look. There is there are

Aisling nic Lynne: 19:08

a lot a lot

John Strand: 19:10

of dinosaur work. Like, it

Corey Ham: 19:13

is Oh, yeah. Dinosaur porn is a whole separate that's a different podcast, John.

Ralph May: 19:17

Don't get too scared. We are really going down a rabbit hole, guys.

Corey Ham: 19:19

We should talk

Hayden Covington: 19:20

about Cisum, I think.

John Strand: 19:21

Alright. Let's keep going on

Corey Ham: 19:23

tangentially, real quick before Aisling. Tangentially related to that, actually, was an interesting article in New York Times. I didn't put it in the show notes, but, basically, this morning, there was an article about how The US, like, gold is tech is basically, like, laundered, like, money, essentially. Like, a lot of the gold that we issue in, like, US backed gold currency is actually mined in, like, slave labor mines and sketch scenarios. So this is just the intelligence equivalent to that.

Corey Ham: 19:51

It's like, basically, there's a document that says this is mine, and they're like, alright. We didn't look any further than that. Anyway, anyway, let's talk about the straight of horror moves. So current events, obviously, Reuters, reported an interesting article about, basically, are sending fraudulent messages, promising safe passage to the Strait Of Hormuz in exchange for cryptocurrency. Basically, I guess we don't know necessarily.

Corey Ham: 20:20

We're assuming this is a scam, but, maybe this like, on a I feel like this is phishing. Like, we've gotten to, like, the next level of phishing where, like, it's kind of looks like a scam, but also it could be legit. Like, there could just be some pirates that have some crypto and are like, hey. Pay for us, and we'll defend you. I don't know if that's a thing.

Ralph May: 20:40

The irony is that they're fishing with people who are on boats. So it's like, it makes more sense. Right?

Aisling nic Lynne: 20:46

Like, they are they are fishing the Strait Of Hormuz.

John Strand: 20:49

Yeah. They're usually just They're

Corey Ham: 20:51

fishing the Strait Of Hormuz the other way.

John Strand: 20:53

Yeah. Wasn't there, like, five ships that ran the blockade yesterday? I wonder if

Hayden Covington: 20:57

they was like a cruise ship.

John Strand: 20:59

And they're like, oh,

Corey Ham: 20:59

you're cruise ship. Yeah. It was a booze cruise. Everyone was drunk as hell.

Aisling nic Lynne: 21:05

There were definitely two ships, and one of them definitely got shot at by Iranians. They were like, no. You didn't pay for anything.

John Strand: 21:13

Set a course for booze.

Corey Ham: 21:15

Listen. There was no warranty. Okay? There's no

Hayden Covington: 21:20

this basically warranty. This basically just says that someone is, you know, is fishing or whatever you wanna call it, pretending to be, like, Iranian authorities. And I I thought this was way funnier when it was just like I was imagining, like, a grandmother being texted like, hey. Do you need to get through the straight of our moves? I got you.

Corey Ham: 21:37

Don't worry. Send us 1 bitcoin, and we'll get you through.

John Strand: 21:40

But if we get back to it, I mean, we were joking about it at the beginning. It's like Iran is charging, like, what, 2,000,000 in Bitcoin Yeah. Or in cryptocurrency.

Corey Ham: 21:49

That's the scam. Yeah.

Hayden Covington: 21:50

That's not that. They're both

Ralph May: 21:52

scams either way.

John Strand: 21:53

What the real situation is as well. Yes.

Corey Ham: 21:57

That's basically the campaign is taking advantage of the chaos and basically being like, would Iran actually charge this much in Bitcoin to get across? I mean, maybe.

John Strand: 22:05

Yeah. But outside of the realm.

Corey Ham: 22:08

It a Who would have thought? Just like that Nigerian prince that had all that money, and he was trying to give it away.

Wade Wells: 22:13

Yeah. There was a there was some Middle Eastern country that you you used to have to pay them to sell you to sell your product to them. Like, you'd have to send them a actual direct deposit, and it was a real corporate standing that they'd used to do in order to make sure that the salespeople weren't taking their time and that they would actually set stuff up. And the reason I know this is because we got I I I have triaged a phishing email that was based on that, and then the actual company who did that has a thing on their email address. It's like, we no longer do this.

Wade Wells: 22:45

Do not send any money to anyone because people kept sending money to these phishers and abusing it. Yeah. Which is wild. Why would you anyone to sell them something? Right?

Wade Wells: 22:54

It's like

Aisling nic Lynne: 22:55

Well, that's kinda cultural

Wade Wells: 22:56

thing maybe.

John Strand: 22:56

Wait a Wait a minute. So with Amazon the cult. With Amazon it. They they owed us money for some stuff that we did. And they had this whole entire thing.

John Strand: 23:07

They're like, so if you wanna get paid early, then how about you pay us? They have like a separate company. 5% of the total amount that Amazon owes you in order for us to pay you early. And we're like, what?

Hayden Covington: 23:20

What? That

John Strand: 23:21

nope. That totally was the thing. And it was legit. We called her a point of contact and they're like, yeah, that's another company we spun off. So what they do is literally look at who they owe money to.

John Strand: 23:31

And they're like, yeah, if you pay us 5% of the total amount of money we owe you, we will pay you early. The funny thing was they were six months late when we got that email. And we're like, no. And then they responded back, well, if you wanna get paid, how about you pay us five it was ridiculous. So, yeah, these types of things, the reason why the scams work is because there's a bunch of companies that operate like that.

Wade Wells: 23:56

I had a I a corporate contract that they tried to bake that in, that if they paid me on time, they got the a 5% discount. And I was like, no.

Aisling nic Lynne: 24:05

Take this take this

Wade Wells: 24:06

out of the contract. I'm just gonna charge you 5% more.

Hayden Covington: 24:08

How's that? I'm like, hey. I'm late, I'll charge you 5%. Exactly.

John Strand: 24:12

Right. I was unbelievable.

Hayden Covington: 24:13

Percent, you know, non added fee.

Wade Wells: 24:17

Shout out shout out to ChatGPT for reading that contract for me and pointing that out. You know? Oh, yeah.

Hayden Covington: 24:21

What a great lawyer, honestly.

Corey Ham: 24:24

Alright. So continuing on our non AI articles, we talked a couple weeks ago, maybe last week, about essentially the FBI discovered a way to mine the notifications on iPhones. Essentially,

Ralph May: 24:37

the

Hayden Covington: 24:37

That was a cool one.

Corey Ham: 24:37

There was a bug that let the FBI recover deleted signal messages because the context the content of the messages was stored in the notifications database of the I o of the iPhone, but, that has now been fixed. And so Apple published that they fixed that, and it's now not a problem anymore. And so that's kinda fun because now I can freaking turn back on message notifications because I know. Like to them off. It was awful for a week because I was just it would always just say signal, new message, and I'd be like, what is it?

Corey Ham: 25:09

Is it a bee? Is it a fish?

Hayden Covington: 25:11

Is it important? Gonna say, could you not just, like, have your notifications off and not show up on, like, the home screen? I guess that would be So unclear.

Aisling nic Lynne: 25:19

So a couple of a couple of things were happening. The messages were coming through, and for people who had set it so that you could see the message content ever Yeah. Then the notifications database had what the message content was.

Corey Ham: 25:33

Which is basically everything.

Hayden Covington: 25:34

That was

Corey Ham: 25:35

the default behavior. Right. No one was probably going in there and switching that.

Aisling nic Lynne: 25:41

Like that. Very few people. Very few. Less a less than

Corey Ham: 25:45

Yeah. One

Aisling nic Lynne: 25:46

Yeah. But the the real bug was not so much that this was in the notifications database, and therefore, the FBI could dig it out of the notifications database. It was the fact that if you deleted an app, it didn't clear notifications that were that were from some old app.

Corey Ham: 26:04

So they didn't just get

Aisling nic Lynne: 26:05

rid of it.

Corey Ham: 26:06

They deleted the whole app.

Aisling nic Lynne: 26:08

Right. They delete the entire app, and then the notification database stuff hadn't been touched. That was the bug.

Hayden Covington: 26:15

That's what Apple had to fix. Okay.

Aisling nic Lynne: 26:19

And Yeah. Because people like, even if you had the you're not allowed to see what this is on the home screen. You're only allowed to see what this is if you're actually unlocked, not the home screen, lock screen. Then it would still have the text. It would actually go into that.

Aisling nic Lynne: 26:33

Like, when people went, oh, well, I'll switch it up, there would just be a little notifications database saying there was notification. It was signaled.

Hayden Covington: 26:42

I skipped the middleman. I just still memorize my notifications because they're funny.

Corey Ham: 26:47

Dude, the Apple summaries are so the Apple AI is such a joke. It's, like, worse than any other AI.

Hayden Covington: 26:52

It's honestly always give me a laugh. It's some wild stuff.

Corey Ham: 26:55

It's worth turning on because of how bad it is. Oh, I know. Every suggested response it'll give you will be like, yes or no. Like, that's the only response.

Hayden Covington: 27:03

Oh, thank you.

Corey Ham: 27:04

Like, one that text you, like, I'm at Costco. What do you need? And it's like, yes, no. How is that helpful?

Ralph May: 27:12

Summarize.

John Strand: 27:12

Those felt like emails from me. Said, you what?

Corey Ham: 27:15

Approve or deny. That's all it says on John's email.

Hayden Covington: 27:18

It's approve or ignore.

John Strand: 27:19

Buttons. Approve, deny. That's it.

Corey Ham: 27:22

No. I like Hayden's version. Approve or ignore.

Ralph May: 27:25

Yeah. I heard I heard Apple's gonna get spicy this year. They're gonna partner with x for their AI.

Wade Wells: 27:31

Oh god.

Corey Ham: 27:32

That's not true. Partner with Google. Don't be

Corey Ham: 27:34

talking fake news in here. Sorry.

Ralph May: 27:36

Sorry. Alright. Come on, man. Let me

Hayden Covington: 27:38

You got stuck in Twitter, man.

Corey Ham: 27:39

What are

Hayden Covington: 27:39

you trying to do over here?

Wade Wells: 27:40

I know. Right? Right? Look at

Corey Ham: 27:41

this. Get out of here.

Aisling nic Lynne: 27:42

I know. Yes. No. The binary set can be used to encode strings.

Corey Ham: 27:47

So let's talk about the Bitwarden CLI thing. I think that was pretty hot. Ralph, you wanna dig us through that one? I see. You're you're you're I know you're, like, a Bitwarden user, so this probably hit you pretty hard.

Ralph May: 27:58

Actually actually, I'm not a Bitwarden user right now, but there's nothing wrong with Bitwarden. I I I'm using one password right now, but there's nothing wrong with Bitwarden. But anyways prefer

Hayden Covington: 28:05

one password. Yeah.

Ralph May: 28:07

Yeah. Their in their NPM package got compromised, and their NPM package is what they used for their CLI, so the Bitwarden CLI, and it was another supply chain attack, which we've already done, like, three or

Corey Ham: 28:20

Yeah. Yeah. It was through Checkmark's.

Hayden Covington: 28:21

Yeah.

Corey Ham: 28:22

Checkmark's. Checkmark's is probably a serial. Sorry about

Hayden Covington: 28:26

that. Yeah.

Ralph May: 28:28

So if you were using the Bitwarden CLI, you should definitely, you know, see if you had updated the NPM package recently or got this compromised version. I don't think from what I saw, it was actually in the wild very long. They did detect it pretty quickly.

Hayden Covington: 28:44

It was like a few hours, I think.

Ralph May: 28:46

Yeah. Yeah. They did get It wasn't it wasn't wild, but there's a very specific use case. So it's not someone who is just using it.

Corey Ham: 28:52

And You'd

Ralph May: 28:53

have to have to the CLI is probably Yeah.

Corey Ham: 28:55

Yeah. The CLI is probably a small percentage of the

Wade Wells: 28:58

actual I'm totally I'm gonna tell you if someone's using the CLI, it's most likely programmatically. There's there's more secrets. That's why.

John Strand: 29:05

Dune references. Alright.

Corey Ham: 29:06

Oh, yeah. You gotta have Dune references. Yeah.

Hayden Covington: 29:10

Also, what what is Adam, maybe I don't give them the attention. This company, whenever they put out an article, I see it on Ocent. They started advertising like, their reporting on these sorts of things, and that just is so wild to me. You put out, like, a CTI article and then make it an ad, like, literally on Twitter.

Corey Ham: 29:28

Standard for all security. Well, well, no.

Hayden Covington: 29:30

It's like an ad promoted on Twitter kinda ad.

Corey Ham: 29:34

Oh, I see.

Ralph May: 29:34

To get you to go read the article on their website. Yeah. Well, they wanna drive traffic. I mean, I'm sure they're selling something else. There says pricing at the top.

Ralph May: 29:41

Right? So That's a pretty

Corey Ham: 29:42

good way for to make sure that I can't see your ads because I block all that or sorry. See your articles because I block all the ad I'm

Hayden Covington: 29:51

gonna put pricing at the top of my personal website and see if anybody clicks it.

Corey Ham: 29:54

Wait. How do I buy Hayden? What's the pricing on that?

Hayden Covington: 29:57

It depends on how my week's going. Alright. So it's dynamic pricing?

Ralph May: 30:01

I think dynamic pricing.

Wade Wells: 30:02

I wouldn't wanna pay for Hayden's Claude Claude account. Right? Like, if you buy Hayden, you have to also pay for Claude and,

Corey Ham: 30:08

like, that's It's like it was my brother.

Ralph May: 30:09

It's in his contract.

John Strand: 30:10

Yeah. I don't I know the numbers.

Hayden Covington: 30:12

So It's it's Listen. I only hit my quota a few times this week so far. Alright?

Corey Ham: 30:19

Dude, is hard.

Aisling nic Lynne: 30:20

This week so far.

Ralph May: 30:22

You have a quota.

John Strand: 30:23

So far, it's Tuesday.

Corey Ham: 30:25

So Monday. Continuing the this is kind of an article, a nonarticle. I don't know I don't know if anyone really knows or cares about this, but apparently, the cult of the dead cow has rebooted themselves as of April 21. I don't know that much about them or care. Does anyone have an opinion on this?

Corey Ham: 30:43

John, you might.

John Strand: 30:44

I I don't know who who who's in it. Like, who's who's in the article? Because one of the problems I have is, like, there's there's kind

Hayden Covington: 30:51

of like

Corey Ham: 30:51

blood roughing, dude.

Hayden Covington: 30:52

Oh, yeah.

Ralph May: 30:53

Oh, yeah. No. I totally don't know now.

Hayden Covington: 30:55

I played Call of Duty with that guy.

Corey Ham: 30:58

Yeah. Cultdeadcow.com.

John Strand: 31:00

If we scroll down, like, who are the members? Right? Because, you know, there's all kinds of people that were associated with Cult of the Dead Cow and the previous Loft Heavy Industries group and things like that. But the problem I have is like, you can't go to a conference without running into four or five Greybeards like myself. They're like, I was part of Cult of the Dead Cow.

John Strand: 31:18

And it's like, no, dude. You were just dead Defcon when back office 2,000 was released. That doesn't mean you're cult of the dead cow. Know? Close, but not

Ralph May: 31:27

Okay.

Corey Ham: 31:28

So, basically, I I read the, like, manifesto or whatever, which I guess they don't know how to, like, justify text because it's, like, just a really tiny margin.

John Strand: 31:38

Anyway that would be a comp. They got media content.

Corey Ham: 31:41

I don't know. I I really don't know. Like, I read this. I'm just like, I so, basically, what is the point of this? It just feels like a salty like, I don't know.

Corey Ham: 31:51

I really don't know what the goal or point of this is.

Hayden Covington: 31:53

Where's the pricing page? Find it.

John Strand: 31:55

Yeah. Yeah. The merch.

Wade Wells: 31:56

The merch is coming. Alright.

Hayden Covington: 31:57

Oh, yeah.

Ralph May: 31:58

Merch

Corey Ham: 31:58

drop. Really just, like, they're like, oh, we we don't like things that no one else likes, like like privacy. We care about privacy. It's like, okay. Well So

Hayden Covington: 32:07

it's a manifesto.

Corey Ham: 32:08

So we it's a manifesto, but it doesn't have any manifesting in it. It's just like a no. I don't know.

John Strand: 32:14

And and look. Good on them. If you wanna start up your own if they call themselves anything else than restarting the cult of the dead cow, then no one would give a shit. So good on you for pulling up a name for something that meant something back in 1999 and 2000, I guess. Yeah.

Corey Ham: 32:32

I don't super understand this. It's basically just like, the Internet isn't free. Shucks. Alright.

John Strand: 32:37

See you later.

Corey Ham: 32:38

Like, okay.

Ralph May: 32:39

Why does everybody want everything to be free? Right? Like, I don't Make

Hayden Covington: 32:42

kids these days, man. It's because of that phone.

Corey Ham: 32:44

I god.

Ralph May: 32:47

When you go to the grocery store, you're

Corey Ham: 32:49

not like, why is this not free? Goddamn. Like, I okay. Truthfully, if you're in the cult of the dead cow, get in touch because what I wanna know, I wanna know one thing. What was the final straw?

Corey Ham: 33:00

Was it AI generated Spider Man videos? Like, what did it for you?

John Strand: 33:03

Oh. Was it surveillance capitalism? Is that what finally did it?

Corey Ham: 33:07

No. That's a minor thing, John. I've been doing that for fifteen years. Right.

John Strand: 33:11

Yeah. That's it.

Hayden Covington: 33:12

It was the spaghetti. Videos.

Corey Ham: 33:13

Yeah. Maybe it was the spaghetti. I wanna know, like, what was the final straw? Was it, like, having to tip 20% minimum at coffee shops? Is that what it Like, I don't know what

Hayden Covington: 33:21

it was. That would do it for me.

John Strand: 33:22

If a shit gets back on the road should have come back to rage against the machine.

Hayden Covington: 33:25

On 30.

John Strand: 33:26

And I'll dare. Then it'll be like, looks

Corey Ham: 33:27

great. That.

John Strand: 33:28

99 again. Let's do this. But reviving cult of the dead cow, this point, just start yourself start yourself something new. Don't build upon the ashes or

Corey Ham: 33:36

something else. Also yeah. A lot of those

Wade Wells: 33:38

Cult of the living calf.

John Strand: 33:40

Just for the record, a

Corey Ham: 33:41

lot of those old school security dudes are some of the toxic assholes on the planet. But, anyway

John Strand: 33:46

Hey. Hey. Hey.

Ralph May: 33:49

He's in the old fashioned

John Strand: 33:51

now, assholes.

Aisling nic Lynne: 33:52

You're fine. He's right.

Corey Ham: 33:57

John, you've built an entire community centered around this fact anyway.

John Strand: 34:02

But you're fine. You know? So

Corey Ham: 34:06

I think it's time to pivot and just talk about AI for the rest of show.

Ralph May: 34:10

Oh god. Now the downhill.

Hayden Covington: 34:12

We we can start

Ralph May: 34:13

it Okay.

Hayden Covington: 34:13

Wait. Wait. Wait. Can start it very lightly.

Corey Ham: 34:15

Okay. One more there's one more. Apparently, someone at NASA got Phished. Don't know. I

Hayden Covington: 34:21

one I the ships? Man.

Wade Wells: 34:22

The one I read. No. I read this one. There's no link to it. I didn't see it in the news.

Wade Wells: 34:26

Yes.

Corey Ham: 34:27

You got it. Good news. Oh, so much.

Wade Wells: 34:29

So pretty much this the this guy was pretty good hacker. No. It was a fishing organization out of based out of China who worked for Chinese aerospace. Right? Like, they actually tracked them all the way back down.

Wade Wells: 34:42

Launched a pretty good phishing campaign for the last like, since I think it was 2017 in the article. See, zoom in on that. I'm in gallery mode, so I can't even read it.

Corey Ham: 34:52

Twenty seventeen twenty twenty one. Professors, researchers, and engineers.

Wade Wells: 34:58

One was emailing people asking them for, hey. Can you send me the plans to that one machine? I left them on my other email, and boom. Oopsie. There you go.

Wade Wells: 35:05

Got some secret stuff right off the bat. And they've been doing it for a while. They tracked it all the way back to one particular dude, which once again, hackers can't get away. Hopefully, this guy probably can't leave China now. But

Corey Ham: 35:16

Not that he came before because he had state secrets.

Wade Wells: 35:19

And he That's a good point. Yeah. But they they popped him on a bunch of different charges, right, and waiting. I think he's on the FBI's most wanted list now too.

Corey Ham: 35:28

Think the first Phish was like, how did you go to the moon? Please explain in detail. They

Hayden Covington: 35:35

wanted that rocket, dude.

John Strand: 35:36

You know, Noah, how that starts is like, I think the world is flat. And then you start arguing, and you're like, well, prove. Well, I run satellites. What kind of satellites? Well, you wouldn't know them.

John Strand: 35:46

Well, of course, you would say that because it's part of the conspiracy. Screw you. Here's the top secret classified satellite shit just to prove that

Corey Ham: 35:54

the world War Thunder.

Wade Wells: 35:55

I was about to say it's the War Thunder technique

Ralph May: 35:57

dude.

Corey Ham: 35:58

This is okay. The truth is that got on mic right now. It turns out Sung Woo is just really addicted to War Thunder. So anyway.

Wade Wells: 36:05

Yeah. Tsumugli was really good at pretending to be like, there was very, very good osentan on each individual that they fished down to, like, their friend group and him masquerading as people who they're, like, friends with.

John Strand: 36:18

That's the way

Aisling nic Lynne: 36:18

you do it, man. Right.

John Strand: 36:20

You play the guitar on a beer.

Corey Ham: 36:21

Beer fishing.

John Strand: 36:22

Alright. Be happy to go there.

Corey Ham: 36:25

Alright. What else we got? We got, there's an unk. There's some new unks. Oh, bunker.

Corey Ham: 36:34

Six six nine two, which is a social another social engineering campaign. Basically, this is a Google or Mandiant or whatever, post basically running through a bunch of

Wade Wells: 36:47

Same thing.

Corey Ham: 36:48

It's more we're really seeing a heavy heavy abuse of Microsoft Teams, and we are also, you know, abusing Microsoft Teams every day. It's because people are used to living in that, it's basically replaced the phone from my perspective. It it like, Teams is the new version of a vishing phone call, and lots of threat groups are abusing it. There's specific things, you know, people are contacting people through Microsoft Teams, and then they download some interesting stuff, auto hotkey, scheduled tasks. Like, it's all pretty basic, but again, good social engineering goes a long way.

Corey Ham: 37:21

There's some phishing pages and all that stuff.

John Strand: 37:23

So And the big thing from this, I was interviewed on this one earlier today on another thing. And the thing about this is there's nothing really super, like, cutting edge about this. It's just the speed of which they did it and all the different techniques that they chained together. And there was a lot of conversation of, are they using AI? And I'm at the point now where if anybody's asking if any threat actors are using AI, I'm like, yes.

John Strand: 37:49

Yes, they are. I I I don't I it it yeah. It it it's like whenever we test things at BHIS, they're like, woah, would the Russians use this technique? Yes. Yes, they would.

John Strand: 38:00

I it's just of course, they're using AI. Of course, different groups are using whatever vulnerabilities and techniques that they can utilize. But it is interesting because we are actually seeing these threat actors change chain these vulnerabilities together much much much faster than I think we have in in the past. And Wade, I'd like to get your take on that too. Because you had a lot of threat actors that kinda get stuck in one gear, use a handful of techniques.

John Strand: 38:25

But this there's a lot of techniques in this particular

Corey Ham: 38:28

There's not any AI technology in here at all. This is old school.

John Strand: 38:32

My problem sad. Like, wait, we use AI too for some of the stuff. It's not that there's an AI technique. It's the fact that they're chaining it together very, very, very quickly that leads me to believe that they might be using some AI with it. But that was my take.

John Strand: 38:45

Wait.

Wade Wells: 38:47

I didn't read that one, but I believe you.

John Strand: 38:49

I'll go ahead and then. Because Go

Wade Wells: 38:51

go ahead and

Ralph May: 38:51

yeah. I

Hayden Covington: 38:53

mean, I think there's still lend some credence to like what what Corey is saying. I think it was Corey that said it. That there's a decent chance that they are still just doing like old school sort of stuff. But then to John's point, like, you can script all of these things, but that becomes somewhat fragile. It would make a lot more sense to just have an AI orchestrate this sort of thing.

Hayden Covington: 39:10

Like, it doesn't take a whole lot of effort to tell it this is the the chain of events that I wanna have occur. And then I want you to ensure that, you know, if the output is this, go do that thing. If the output is that, go pivot this way. And, I mean, that would be, like, an afternoon.

Wade Wells: 39:25

Yeah. Yeah. I won't even say that.

Corey Ham: 39:27

I don't know. I just feel like it's Google. If they could have pulled the AI lever, they would have because that's what it's hot to do right now.

Hayden Covington: 39:32

But I mean, that's so hot.

Wade Wells: 39:34

You know you know what I'm kinda ready for is, like, you know how remember, like, like, living off the land bins and stuff like like, Lobbins? When is it gonna become law law AI? The law law agent? Living off different agents on their system and

Corey Ham: 39:49

you can say that. We we

Hayden Covington: 39:50

have actually an EDR agent as part of our SOC that we can deploy to, like, a Claude code session. And so we can receive logs and then inject, like, EDR response into Claude sessions. Like, Ethan, one of the guys that works with us, he he was we were testing it at one point at one of the Wild West Hackenfests where we're trying to block, basically, public pushes to, like, a guest or something like that. And so he goes to try to push something to a guest, and basically, the EDR agent just destroyed his Claude session. Like, he got a big warning banner and stuff.

Hayden Covington: 40:21

And we have more and more customers asking us, like, how do we monitor our AI? And I think that that's mostly just for, like, insider issues and people leaking things and stuff. But I think you do have, like, a point is, like, that just becomes, like, a tool that's internal that this attacker can use. Right?

Wade Wells: 40:37

Well, think about a lot of the a lot of the AI tools they're logging, one sucks. Right? And the other, they're just completely masquerading as a user. So you can't tell the difference between an AI doing something to the user, especially if they're using some type of OAuth or MCP on the host. Right?

Wade Wells: 40:50

Don't even get me started if they, like, bring in their own Cloud Code session, and then they're on their computer and OAuth to all your tools. Right? Like Yeah. That you can't really see that.

Ralph May: 40:59

And then Aisling

Corey Ham: 41:00

is also, I OAuth to everything because the server maintains the sessions, not the client.

Hayden Covington: 41:06

Wait. We gotta talk about that Cloud Code agent thing. I think you'd really be interested in that.

Wade Wells: 41:10

Yeah. There's there's a bunch of fun stuff around. I'm playing around with some things, but I'll we've been we've been meaning to schedule a meeting for quite some time now.

Hayden Covington: 41:18

Yeah. That's true. We gotta

Corey Ham: 41:18

narrow it Yeah. Just go on his pricing page. Just go on his pricing page. You're on

Ralph May: 41:22

the pricing page. It's just one thirty

Corey Ham: 41:24

minute. I'll pay you to have a very with me.

Hayden Covington: 41:27

It's gonna vary. The

Corey Ham: 41:28

the pricing might vary depending on his mood at the time, so just keep that in mind. So continuing on AI, mean, I think the bigger article that probably is on everyone's radar is, basically, a group is claiming to have access access mythos. For those that are have been living under a rock, mythos is their mythos? New anthropic model. It's the new anthropic model that's so hot and spicy and dangerous that it's too powerful to be released.

Ralph May: 41:55

It'll never be released.

Corey Ham: 41:57

But, also, apparently, was accessible through some random API keys that some threat actors were able to compromise. So, basically, the, like, the summary here, which is generated by Apple and completely invalid, and we're gonna have to start over Oh, okay. Because it's Apple, is basically that people claim to access it. They the Anthropic, like, group appears to have tracked it to some vendor API keys that were compromised, kinda like a supply chain type API key compromise. So, essentially, at this point, we can assume they didn't access the they could access the model.

Corey Ham: 42:32

So they could make queries and they could do stuff. Anthropic knows exactly what they did with the model and when they did it. Like, they already know this. Mhmm. It's more about, like, stunt, you know, stunt hacking than it is actual impact because the truth is being able to run queries for a couple days through mythos is not gonna get you what you need.

Corey Ham: 42:50

It's the actual model itself that you would need to really do any damage, and that was never at stake. But it is kind of just like a bad example for Anthropic.

Ralph May: 42:58

Well, does it this safe?

John Strand: 43:00

How is this yeah. How is this surprising at all? Right? Like, was invite only they gave but I don't know how many people they gave the invites to. I think

Hayden Covington: 43:06

they said

Aisling nic Lynne: 43:07

initial cohort.

Corey Ham: 43:08

They didn't say. I mean, they're they're roughly 40 companies, though. But, I mean, again, it's like Hard.

John Strand: 43:13

Right at that particular point. Right? Like, you have 40 companies. You can pretty much guess at least one of them is compromised or is gonna do or at least could do something stupid.

Ralph May: 43:23

They're compromised right now.

Corey Ham: 43:24

They should have done mythos to hunt before they freaking published it.

Wade Wells: 43:30

I thought the article stated that they pretty much just guessed where it was almost like it was URL embedded somewhere.

Corey Ham: 43:37

Correct. That's right. They they had to have the keys to access it, but then they also Okay. Guessed where it would live and how it would work. Yes.

Corey Ham: 43:44

Well, part

Hayden Covington: 43:44

of this that almost makes it, like, way more boring is it says specifically in one of these sentences, one of the members of the group already had privileged access as a worker at a third party contractor for Anthropic, which to me means, like, okay. Like, you go. That's how you got in because you worked with them. Like, But

Corey Ham: 44:00

he's saying, for sure. Yeah. You're not gonna believe this bank robbery, dude. You go and you get a job at the bank every day. They pay you.

Ralph May: 44:06

Steal from them every day.

John Strand: 44:08

They're philanthropic or something. As soon as this dropped, they're like, oh, thank god. We're still on the news. Like Right.

Corey Ham: 44:14

It's Yeah. Just marketing. No I think yes. John's right. We don't need

Ralph May: 44:20

we don't need the new anthropic model. OpenAI just released 5.5. It's better. I it's better. Just ask them. I'm calling them right now.

Corey Ham: 44:28

Okay. Yeah. So that's another news article for sure. So GPT five five, which, by the way, after Mythos dropped, OpenAI released GPT five four Cyber, which is supposed to be their initial Mythos competitor, which they said is not gonna be 40 companies. It's gonna be thousands of companies.

Corey Ham: 44:46

They're still gatekeeping it, but they're not they're gatekeeping it less. Oh. Then after five four, now they've released five five, which according to the numbers, if you look at if you scroll down to basically where it shows the, benchmarks, which is all anyone cares about these days, how does it do on CyberGym? It gets an 84 on CyberGym, which is similar to Mythos, And basically, that's their

Ralph May: 45:09

And they also They already released a Mythos caliber AI. Why is everyone still talking about Mythos? Like, it's the second coming of cyber.

Wade Wells: 45:18

Let me send you your your bank account real quick, Ralph.

Hayden Covington: 45:20

I will tell you.

John Strand: 45:22

You're do with the bank the name. Like, you know, whenever you're giving these numbers, like, 55.

Hayden Covington: 45:27

56.

Ralph May: 45:28

Yeah. You're gonna change a whole new name because it's a whole new transition.

John Strand: 45:31

When you call something mythos, I think that that is a much stronger pneumatic device. Yeah.

Ralph May: 45:36

Marketing right there.

Corey Ham: 45:37

It's because they were perfect. They were the first also, they I will say, like, to their hype it? They were the first to hype it. And to their credit, Firefox did confirm the bugs. OpenBSD did confirm the bugs.

Corey Ham: 45:49

Like, when they reported this stuff, the companies that they reported on were like, yeah. This was big. This is like Firefox got more bugs reported from Mythos than they had in the last entire year worth of Fuck about

John Strand: 46:00

Firefox article because I I gotta put on to pick with that article. Like, finally, the the defenders are ahead of the curve, and finally, we are defenders will be able

Corey Ham: 46:10

to announce their acquisition by Anthropic, dude. They're just

Hayden Covington: 46:13

looking for more money. They're like, please,

Corey Ham: 46:15

how much do

Ralph May: 46:15

you wanna bet? How much you

Corey Ham: 46:17

wanna bet?

John Strand: 46:17

I I can't remember. There was, like, 270 vulnerabilities that had discovered a 180 some exploits, I think. And then Firefox is like, this proves as defenders, we're gonna finally get it. It's like, no. We're effed.

John Strand: 46:29

Like, as defenders in the industry, we are screwed.

Corey Ham: 46:33

Yeah. Okay. So Dove Dove is crawling into us all being screwed.

John Strand: 46:38

Okay.

Corey Ham: 46:39

So there this is the first, like I don't know how major this is, but, essentially, the Indian government published this kind of advisory that's basically just like I mean, it's kind of inflammatory, but it's also, like, kinda true. I'll pay I'll paste it here. Basically, they essentially said what John said on the news last week, which is every CVE is now plus one. Plus one. It

Ralph May: 47:07

It is literally to our podcast.

Corey Ham: 47:10

Yeah. Basically, the Indian government officially posted essentially the the summary is like, anything you thought would get exploited in weeks will now get exploited in hours. Like, that's basically the gist of it. And so this is kind of interesting to see this on an official channel. Obviously, their website looks like it was vibe coded in 1996.

Ralph May: 47:27

But This this, you can't tell, was not vibe coded, man. No vibe coder can do it. At least

Corey Ham: 47:32

That's true, actually.

Hayden Covington: 47:33

Somebody drew that on a whiteboard before they coded that.

John Strand: 47:37

I think they coded it

Ralph May: 47:38

on a whiteboard, and they had to transition it to

John Strand: 47:41

I love it. You guys quit shitting on it. It's amazing.

Corey Ham: 47:44

Basically, says it just says a lot of the things that John said last week. It pretty much just says, like, vulnerabilities can be chained by AI incredibly easily. Every vulnerability that would have taken weeks to develop an exploit now takes hours to develop an exploit. Like, you just have to kind of like, it says right there, sharply reduce the time taken to apply patches within twenty four hours is now the benchmark.

Hayden Covington: 48:08

And you're talking about chaining. A lot of these models, like, especially with 5.5. One of the biggest points that they tried to make about it is that it can do things autonomously for longer. And then Claude released their auto mode, which allows it to do things autonomously for longer. And so the benchmarks, like, whatever.

Hayden Covington: 48:24

They're they're gonna be what they are, and they're always gonna be better than your competitor in some way. Right? But the biggest thing that they, like, sort of, like, try to scoot in there under the radar in a lot of cases is our our model can go do what you've asked it longer before you actually have to do anything. And a lot of cases, it's true. Like, five five can do things longer and better than five four can.

Hayden Covington: 48:45

And then Opus now, it'll usually work for a good long time before it actually needs something. Some of the times, more recently, it will deliver these things to me broken, but it can do most of the work for a good extended period.

Ralph May: 48:56

Wait until five point o comes out.

Hayden Covington: 48:58

It's gonna be even better.

Wade Wells: 48:59

I I was about

Corey Ham: 48:59

to say that. Go four nine first.

Wade Wells: 49:02

Well, at least it's not like

Hayden Covington: 49:03

the like, the OpenAI namings are like chat GPT five four spark light or, like, whatever it is. If you get, like, under

Corey Ham: 49:10

the hood, they're ridiculous.

Wade Wells: 49:12

They Mythos? You can't beat Mythos.

Aisling nic Lynne: 49:14

It's just too cool. Like

Corey Ham: 49:15

Yeah. Yeah. Odysseus. But they're never gonna

Ralph May: 49:17

release it, though. They're they're gonna release it, but they're not gonna call it mythos. They're just gonna keep it as, like, a myth.

Corey Ham: 49:21

They're gonna call it opus four eight Cyborg. Exactly. I

John Strand: 49:24

think the only thing that we can take from all of this is that Silicon Valley needs to come back. Like, that'll show, like No.

Corey Ham: 49:30

You've been saying this, and I fully agree. We need to get, like, a a reboot of, like it has to be a new show with new characters and new cast. But

John Strand: 49:38

Start over. Start over.

Corey Ham: 49:40

Let's say need to, like whole

Ralph May: 49:41

new it's a whole new Silicon Valley right now.

Corey Ham: 49:43

So okay. Like, stepping into some of the themes, like, just quickly, There is this new trend of token maxing Yeah. Basically, which is like it it it hit my radar. Normal diet technique. Okay.

Corey Ham: 49:57

Yeah. So yes. Exactly. So, basically, essentially, last week, there was, a startup with four employees that, like, bragged on Twitter about having an AI bill of a $113,000 last month. So, like, that's the economy that we're in right now.

Corey Ham: 50:14

And by the way, the company that's on the receiving end is still losing money.

John Strand: 50:18

DRock, how much have we spent this month on AI?

Corey Ham: 50:24

It's a it's concerning issue today.

Ralph May: 50:26

It's not it's if it's not big enough, that means that you're not using enough of it, which means that you're not gonna succeed.

Corey Ham: 50:31

So Anyone who would brag about how much they're using versus what they're actually making is not a good company. Yeah. I can burn a million

Ralph May: 50:39

platforms having output.

Corey Ham: 50:41

Yes. Exactly. I can have it analyze birds and burn a thousand dollars worth of usage for ten

Hayden Covington: 50:46

months or whatever. Speaking of burning a ton of usage, there is an article in here from, like, Anthropix website where they did marketplace for AI to basically negotiate things between their users. And so, like, it's it's a silly project, but there's, two nuggets in there that are actually somewhat interesting if you, like, dig for them. But effectively, these people in Anthropic, signed up and they would, like, put up something for sale and the AI would negotiate with each other. So, hey, I wanna sell, you know, 20 ping pong balls or whatever, and then the AI would decide to price it, and someone else's model would try to negotiate to buy that thing.

Hayden Covington: 51:22

And so,

Corey Ham: 51:23

like So it's Facebook marketplace.

Ralph May: 51:24

I know what

Hayden Covington: 51:24

I got. Still available? Pretty much. Available? The the two, like, really interesting points were were, like, number one, they they said that agent quality does make a difference, that the smarter agents got better deals.

Hayden Covington: 51:40

But then they also followed that up with people that were using or had like the dumber agents didn't realize it either, which I've I've I keep thinking about because when when I went to I went to Japan a month or two ago, and my wife was doing a lot of planning with, like, Gemini. And I realized she was on the, like, the free Gemini. And I was, like, wondering, like, how many times is it going to confidently say something incorrectly as we get more and more complicated into transportation schedules

Ralph May: 52:07

Mhmm.

Hayden Covington: 52:07

Just because it's, like, three one light or whatever.

Corey Ham: 52:10

You could absolutely ride a bike from Tokyo to Osaka. Exactly.

Ralph May: 52:14

It it was that far. Most people do it.

Corey Ham: 52:17

There was once or

Hayden Covington: 52:17

twice that we, like, had this weird convoluted train thing where you have to buy, like, two different tickets, and you have to, like, scan a bunch of stuff, and it got that wrong. And I, like I I think that goes to, like, sort of make the point that a lot of the folks that are, like, behind the trend on AI don't realize that they are. They just they think they're they're doing the stuff, but they're I

Wade Wells: 52:39

was about to say we gotta reveal the real secret here. Like, our heaviest AI user, probably on this this podcast does not give his wife access to his

Hayden Covington: 52:50

to his AI class.

Corey Ham: 52:51

Dude, I I share a iCloud pro so that you can

Ralph May: 52:54

get into Hold on. It's actually

Corey Ham: 52:56

She can It's part

Ralph May: 52:57

of the wedding vows.

Corey Ham: 52:58

Let let me defend myself. She

Hayden Covington: 53:00

can know

Corey Ham: 53:00

to have and to hold tokens until death.

Hayden Covington: 53:03

She burns tokens to help order our groceries each week now.

Corey Ham: 53:07

Okay. I'll just say that.

Wade Wells: 53:09

That's it. That's all

Corey Ham: 53:10

she Did you put her on Quinn or Mini Max or something?

Aisling nic Lynne: 53:12

No. That's

Hayden Covington: 53:13

chunky. She's five

Corey Ham: 53:14

five now. She's son of a bitch. You gotta get her on Mythos, dude. You gotta get her

Hayden Covington: 53:18

on Mythos. Gotta discover a vulnerability in Kroger.

Corey Ham: 53:22

You forgot to cook

Hayden Covington: 53:23

the Crater's API.

Corey Ham: 53:25

It's like, you just start getting free groceries. You're like, I am concerned about that.

Hayden Covington: 53:29

I I asked Mythos to

Ralph May: 53:31

to find better deals on groceries, and now I just get keep getting free groceries. Well,

Corey Ham: 53:37

why are they delivered by a guy with a hoodie and they have someone else

Ralph May: 53:40

It doesn't matter why. I don't ask questions anymore. You just do what he says. Okay?

Hayden Covington: 53:44

Like, the big personality difference though between these models is I think the biggest difference. Like, if you go from GPT, like, five four to five five, like, had an agent that was, like, almost annoyingly trying to make quips. Like, I left it because it was so annoying that it was almost funny. And then I changed to five five, and it became, like, a normal AI agent that would actually, like, keep a consistent tone instead of ending everything with a wisecrack.

Ralph May: 54:10

Yeah. I think that's gonna be You were you were using x's AI. That's what

Corey Ham: 54:13

it sounds. Yeah. So and for those that are saying John looks sad, it's because he did ask Derek how much to spend more money, how much we're spending. Looked at the socks AI spend.

John Strand: 54:23

Out of it for a little bit.

John Strand: 54:24

I'm sorry. Doctor, it'll be fine.

Corey Ham: 54:26

We had Mythos give us free groceries. Yeah. Cops coming. Don't worry about it.

Ralph May: 54:30

I just

Wade Wells: 54:30

I just Kroger. Yeah. Hayden Hayden is trying to write a new agent asking it stuff, and then it's like, know what? You don't look good in that mascara. And he's like, wait.

Wade Wells: 54:38

What? Like, his wife just

Hayden Covington: 54:42

It just spawns Stuart for me.

Corey Ham: 54:45

Yeah. I think, the whole mythos, g like, it's basically an arms race. And I think the thing, you know, maybe if we're predicting models for or models. We're predicting articles for next week. I think some of the other players are gonna enter this arms race.

Corey Ham: 55:01

Right? We're gonna see China. We're gonna see Deepsea start entering this arms race. That's when it's gonna get really dangerous is when you start. Because then it becomes, who can announce the most shocking thing they hacked with AI?

Corey Ham: 55:12

That's the next step of this.

John Strand: 55:14

But here's where this ends. Right? None of these like, all of

Ralph May: 55:17

these companies

John Strand: 55:17

trying to get some type of supremacy in this space. Right? They're all thinking, well, we'll be the one.

Ralph May: 55:22

I'll be

John Strand: 55:23

the We're gonna be the Google of AI. That's where they wanna be. None of them

Ralph May: 55:26

can wanna be that AI?

John Strand: 55:28

Whatever. Sorry. Google's out of the we don't even talk about

Hayden Covington: 55:31

the They just invested a ton of money in Anthropic.

John Strand: 55:33

But if we're looking at if we're looking at where this ends, like, none of this shit is patentable. Right? Like, their secret sauce is all mathematics that was written in the fifties and, you know, sixties and seventies and some in the eighties. And when you're looking at all of this, where it ends is anybody will be able to go and pull down a model from Hugging Face that's gonna do, like, let's say, 85% of what the really big ones do. So if you're looking at investing in this, and I wanna ask you guys this.

John Strand: 56:01

Like, who would you invest in? Like, who's gonna be the one that's going to win? Is there what what is their end state? How do they win? Because if they start raising their prices, then already with like me at BHIS, I was talking to Hayden.

John Strand: 56:15

I'm like, dude, do you want me to get you something I can put on your desk for $4,700? Look at him. His kitty. Look how happy he is.

Hayden Covington: 56:23

Yeah. Like, I I done that pricing. Like, if you are trapped in an ecosystem, like, you're cooked.

John Strand: 56:29

Yeah. So but we're we're

Corey Ham: 56:31

We should go one by one because I have very hot takes. I'll go last.

John Strand: 56:34

I'll let you go I'll let you go last. But for me as a business owner, if I'm looking at this and all of a sudden, let's say they, like, double or quadruple their pricing so they can get profitable, then BHIS and all the people that we have here, we have the skills, and we're like, epic. I'm gonna spend a quarter million dollars. I'm gonna build my own infrastructure, and we'll just build it out. And then we'll get small little units for the people that need about that level of power, for the really high end stuff that we're gonna build our own stuff.

John Strand: 56:59

I I I see I don't see how they win and like one of these guys makes a tremendous amount of ungodly amount of money moving forward. Unless you're Amazon or Microsoft or maybe even Oracle who's running the infrastructure for this shit.

Hayden Covington: 57:14

That's exactly what I

Corey Ham: 57:15

was Well, gonna you gotta be NVIDIA or you gotta be Amazon. Gonna be a Be the platform. It's just like Facebook. Why did they win? Because they were the platform.

Ralph May: 57:23

We're

John Strand: 57:23

The biggest winner out of all of this is ASML, whom very few people know about ASML. Right? The the NVIDIA, ASML, all of these different chip manufacturers, they're gonna win. Amazon's gonna win. I don't know how Anthropic and, you know, OpenAI and all these guys are going to win any of this shit.

John Strand: 57:41

Maybe Google just incorporates it inside of Google, and everybody's using it as part of Google searches.

Hayden Covington: 57:45

Yep.

John Strand: 57:46

So I would like to know, where's the end state? Who wins? Who makes lots of money outside of the hardware and platform vendors?

Corey Ham: 57:52

And by the way, we're not an investment advice. No. You're not taking Right.

John Strand: 57:57

Investment advice from us, you absolutely should, but you'll get what you've heard. Well

Ralph May: 58:03

Oh, alright. So I think that the winner here is totally nobody. No. They so, essentially, what's gonna happen is is that we're still in the arms race right now. So I think that the buying the local device, we're still gonna be in a but, like, for certain tasks, it's gonna work, but the arms race is still hot.

Ralph May: 58:22

And they're gonna invest as much money as they can to to stay in front of it, so you want to use their model right now. But at the end is where we're looking at, like, that's what John was bringing up. Like, where where does it end and how does it look? Right? And honestly, it it's kind of an explosion.

Ralph May: 58:39

Right? So at that final point where you can't really go any further and then it it does break down the price, it it like, they're gonna have to find other ways to make money than just raising the price. Right? And so, you know, we're depending on the model's capabilities and all these other things, and we're I think we're just kinda still in the early days right now. I I wish that we could just take a a personal model and run it and and have everything.

Ralph May: 59:01

But right now, they're gonna throw another billion at the next model to get you to keep staying in the system for right now. So

John Strand: 59:08

k. Wade?

Wade Wells: 59:10

One of them reaches AGI. Right? And then that makes them all their money back. Like, they don't even sell it. They just use it for everything else to make money.

Wade Wells: 59:21

Stocks, you name it.

John Strand: 59:22

It just goes crazy.

Ralph May: 59:23

This tow I can take. Alright.

Corey Ham: 59:25

And then it it becomes becomes the AI, basically. Like, instead of Anthropic being a company, Anthropic is a model that has AGI, and it operates on its own.

Wade Wells: 59:34

It nukes all the other AGIs right off the bat. It's

Corey Ham: 59:36

basically snow crash. This is snow crash.

John Strand: 59:39

There you go. The one that destroys humanity wins. Well,

Wade Wells: 59:45

we thought it doesn't necessarily need to destroy humanity. Right? It just has to knock out all the other AIs.

Ralph May: 59:50

Become slaves to the AI.

Wade Wells: 59:51

We're already slaves to the government, man. It's alright. We might have just another maybe he'll be nice.

Corey Ham: 59:55

Good good job with your segue.

Ralph May: 59:57

Take raising

John Strand: 59:58

their hand. So let's do it.

Corey Ham: 01:00:00

Alright. Aisling, what's your take?

Aisling nic Lynne: 01:00:02

One, I think XAI is going to lose first.

Hayden Covington: 01:00:06

I don't know who's actually gonna hit

Aisling nic Lynne: 01:00:09

I don't know who's actually gonna hit AGI, but I buy the weirdly dystopian Larry Niven take on what AI AGI does once it exists. It ramps itself up until it understands what the hell is going to happen with the history of the universe, the future of the universe, and then it shuts itself off forever. It doesn't do anything for us. It doesn't try to take us over. It navel gazes until it shuts down.

John Strand: 01:00:37

I like that one better than than Wade's.

Hayden Covington: 01:00:39

Yeah. I mean I think I would

Aisling nic Lynne: 01:00:41

better dystopian in that every time we try to make the machines do the stuff for us,

Corey Ham: 01:00:47

it checks the fuck out.

John Strand: 01:00:48

It feels like it feels like Panda when when Poe gets the thing. And it's like, this is it? And it's like, you know, the secret to the secret to the universe is you make your own path, and the universe is what you make it. It's like, that fucking sucks. And it's like, sorry, man.

John Strand: 01:01:05

That's what all the billions of dollars built up to. So I'm gonna go do nothing now. Alright.

Ralph May: 01:01:09

You found the medium life.

Hayden Covington: 01:01:10

I mean I mean, I'll I'll approach it from like a different angle. It's like, how do you win as like the common person? Because I'm not if I'm on my own dime, I'm not gonna go be able to buy an AI rig that can do the sorts of things that I could get from these other AI providers. I can't. It would cost $20.30 grand, and then it would make my power bill go so high that the city would probably one wonder what I'm doing.

Hayden Covington: 01:01:30

So, like, how do you win

John Strand: 01:01:31

time, though. So

Hayden Covington: 01:01:32

How do you win is, like, a a common person. Right? Is you have to be, like, decoupled from these ecosystems. Like, you cannot be chained to whatever whatever provider is in front right now because they probably won't be in front in a week, as you need to be able to have things and prompts and skills that are transferable between these different models to be able to hop to whoever is currently the best. Right?

Hayden Covington: 01:01:54

Because Anthropic was top of the world for a while, and now there's rumors of quality issues with some of their models. And ChatGPT says, don't worry. We give you more usage, and we're not having these same issues. So, like, you have to be decoupled in a way, and you can do that through just changing subscriptions. Just bill monthly, or you can use, like, a Raycast.

Hayden Covington: 01:02:14

Like, you can I could press command k right now and switch between several different models or API keys or whatever I want? So I'm using the same platform just decoupled from whoever that provider is. Right? But I don't think there's, like, a I don't think there's a good outcome for the common folk in in this sort of arms race here, because we will all get blood dry at some point.

Ralph May: 01:02:35

Yeah. I was I I oh, Joe, before you go, Corey, was just gonna say one thing. I I totally agree with that in the sense that, like, if the AI is the level, like, the level playing for everybody, then somebody's gonna wanna outplay the the little guy. Right? Like, if if we're all fair now because AI, some the we're something's gonna switch where only the rich have the really good stuff.

Ralph May: 01:02:57

Does that make sense?

Hayden Covington: 01:02:58

So yeah. Like, mythos.

Corey Ham: 01:03:00

Yeah. Yeah. Corey Ham. So okay.

John Strand: 01:03:03

I disagree with that. They they can barely keep tabs on the shit they have. It's whatever good stuff is, it's gonna leak.

Corey Ham: 01:03:11

Yeah. So basically okay. So my take, first of all, if I have to back a horse, I'm backing Google because they're the ones who are the best at monetizing anything. Right? Yeah.

Corey Ham: 01:03:22

That's basically their entire business model. They're also the only company that does AI things that is profitable or even reasonably sustainable.

Hayden Covington: 01:03:29

They only have everybody's data and emails.

Corey Ham: 01:03:31

If you if you're looking at OpenAI, hemorrhaging money like you wouldn't believe. Anthropic, arguably, hemorrhaging money like you wouldn't believe. Google, not hemorrhaging money, actually doing fine. Basically, I think we're at a point, like, DoorDash was in in, like, 2017 where the only person that was actually benefiting was the customer. Because DoorDash was spending a lot of money to deflate prices.

Corey Ham: 01:03:56

Mhmm. Restaurants were spending a lot of money to try to get DoorDash customers. The only people who had a good experience were the users. Obviously, now, why is DoorDash so expensive? It's because they actually price everything inaccurately.

Corey Ham: 01:04:07

AI is gonna trend towards that. So, like, as example, I use Anthropic. I don't get ads in my prompts. I have friends that use OpenAI or, use Freechat GPT, and they do get AI, ads in their prompts. So, like, it's gonna be the same thing of, like, Google is gonna monetize their prompts.

Corey Ham: 01:04:23

So it's kinda gonna become the same thing as every other ecosystem where it's like, how many ads are you willing to stomach and how much are you willing to pay? The more ads you're willing to stomach, the less you're gonna have to pay, and that's a personal decision.

Hayden Covington: 01:04:36

But but to to bring some, like, ray of light or ray of hope back into this. Right? Like John John mentioned something earlier in the show about, like, some hardware that you can buy about $5 that can run a bunch of models. It's not gonna run a frontline model. It's not even gonna run like a a sonnet.

Hayden Covington: 01:04:51

Right? But if you compare, like, an like, we'll we'll just use Haiku, like Anthropic's lowest worst model. Right? This is still an extremely powerful AI model. And if you can run something comparatively to that locally Yep.

Hayden Covington: 01:05:05

And just effectively on your desk, you can do things that, you know, you couldn't imagine having done several years ago. So I think that that sort of, like, technology will also scale up to meet that sort of changing landscape, where right now we're kinda cooked. But as, you know, more open source models get better, and there was some you probably talked to them about it on the news. So there was, like, a paper that came out from I can't remember who it was, but they did some crazy math and, like, really shrunk down a very powerful model. It's blanking on me now.

Hayden Covington: 01:05:35

But, like TurboQuant?

Corey Ham: 01:05:36

Yeah. Yeah. Yeah. Yeah. Yeah.

Corey Ham: 01:05:38

It was that one. So TurboQuant is is a Google, basically, technology that will shrink the value of the KV store. So that will significantly improve or reduce VRAM usage for home or for everyone, especially benefiting home users. I mean, I think it's like self hosting and and that stuff has always been the same. Like, Google Drive came out, and you could just upload whatever files you wanted to Google.

Corey Ham: 01:06:01

Then Nextcloud came out or what. Like, you know what I mean? It's like, you have self hosted alternatives that have always been an option. AI will be one of those options. It will be you know, the experience with Google Drive and with Nextcloud are different, and there's pros and cons to each.

Corey Ham: 01:06:15

You know?

Hayden Covington: 01:06:16

Am I am feeling that's a fine feel like that's a fine comparison. But, like, if you look at storage costs over time, it took a really long time for those to become more affordable. And I I don't know, like, if compute in terms of, like, GPU or CPU or even, like, vRAM power is gonna get to that point where that's somewhat affordable in the near future. Like, RAM prices just keep going up.

Ralph May: 01:06:37

Well, that's because they keep building data centers to keep going in the arms race. So we're, like, in the middle of it. Right? But I will say there are a couple there are a couple local model stuff that is starting to move into that space. Right?

Ralph May: 01:06:47

So one of them that I currently have is actually, like, transcribing. You know, if you wanna transcribe your meetings or whatever, you have

Hayden Covington: 01:06:54

all these people that show up

Ralph May: 01:06:55

to the meeting. They all run AI. Well, you could do that locally on your computer now. Like, the models and the computers are fast enough, you can have all of that local. So there is more that we're going to see where that AI, essentially large language model, gets moved onto the device to do those chores as opposed to needing to send it off to Anthropic to do that.

Ralph May: 01:07:14

Does that make sense? So we will see that more and more, but, you know, Anthropic's gonna come up with a model that can do more and more. So Exactly.

Corey Ham: 01:07:22

It's like it's like running crisis. Right? It's like on on some level, do we get past the point where running crisis is actually necessary? Like, did anyone actually play through the whole campaign?

Ralph May: 01:07:33

Like, I don't know. They just benchmarked.

Corey Ham: 01:07:35

Yeah. Like, that's kind of where we're at with AI models. Like, they're gonna get so good that it's like, who is using the full capacity of this model? Like Yeah. How are you?

Corey Ham: 01:07:44

Honestly, even now, I would argue it's to the point where the only way to use a full capacity of something like an Opus five or whatever, a GPT five five or is to basically give AI control over your entire life and all your projects. Yeah. If you're willing to do that, go for it, man. But, like, that's, I think, a little bit of a jump, and it's only gonna get more capable, and I'm gonna use less and less of the capabilities, if that makes sense.

Ralph May: 01:08:07

Hayden Covington: 01:08:08

like And and that makes sense, but I think you're also, like, in the security minority of that kind of space where you have the security mindset, and you've seen, like, all the bad things that can go wrong. Whereas even folks in the security world see, this can save me forty hours a week on things that I don't have time to do, and the trade off to them is worth that potential risk. Right? Because they're assuming if we get hacked because of something that happened to Anthropic, that's an excuse that we could use.

Corey Ham: 01:08:35

True. I mean, it's not even for me, it's not even the security implications. It's just the quality and runaway can can considerations for me. So, like That's true. Like, if you talk to AI enough, you're gonna back it into a corner even to this day.

Corey Ham: 01:08:48

It's less and less happens, but, you know, like, it's gonna get into a point where if it had autonomously made decisions and it would have designed something that I would not have been happy with, or it would have given me code. Like, it would have written something in a way that I wouldn't be okay with. And so, like, if you take the human out of the loop, which is arguably what you need to maximize the capabilities of these models, I think the quality goes down, and it just then that becomes a loop where it just gets it keeps reading its own shitty prompts and is like, well, I don't know what to do. I'm still stuck. But I'm gonna try again.

Corey Ham: 01:09:20

I'm gonna get I'm gonna refactor the code one more time and see if I can get that bug that I didn't get the first five times.

Hayden Covington: 01:09:26

It's turning us all into PMs. Like, the better project manager you are, the better your output will be. Because it's like a it's like a good defined requirements. Yeah. Yeah.

Hayden Covington: 01:09:33

Exactly. You give it a good PRD, like, and it'll actually go and do probably a pretty good job of what you're asking it for. It can go and execute on these things. Yes. And they they, you know, they say thinking.

Hayden Covington: 01:09:44

Right? But they can only think so much. Like, they're not going to come up with novel solutions. So you as the human being need to drive the process to get an actual result.

Corey Ham: 01:09:54

Yeah. Yep. Alright. John said he regrets starting this conversation about AI.

John Strand: 01:10:03

God knows who wouldn't have gotten here without me. So

Hayden Covington: 01:10:07

Yeah. He just put in the chat, Corey, please stop.

Ralph May: 01:10:10

Corey. Corey.

John Strand: 01:10:12

Alright. Exit.

Corey Ham: 01:10:14

You all for coming. May mythos not crush your life.

Ralph May: 01:10:17

Bye. That's it. Yep.

Aisling nic Lynne: 01:10:36

Well, that was lovely.