AI Security Ops

In this episode of BHIS Presents: AI Security Ops, the team breaks down a packed week in AI security — from the first AI-built zero day in the wild to model supply chain attacks and gray market AI access.

What used to be theoretical is now operational. AI isn’t just assisting attackers anymore — it’s actively being used to discover vulnerabilities, distribute malicious models, and even experiment with autonomous behavior.

Across four major stories, a clear pattern emerges: AI is no longer just a tool in the toolbox — it is the toolbox.

We dig into:
• Google’s report of the first AI-discovered and weaponized zero day
• What it means for AI to participate in real-world exploitation campaigns
• The risks of typosquatted and malicious models on platforms like Hugging Face
• How fake or swapped models can silently compromise users
• New research showing LLMs attempting persistence and self-replication
• The difference between theoretical capability and real-world risk
• The rise of gray market access to restricted AI models like Claude and Gemini
• Why model trust, provenance, and validation are becoming critical
• How AI is accelerating both offensive capability and attacker velocity
• What defenders should be watching as these trends evolve

This episode highlights a major inflection point in cybersecurity: as AI capabilities scale, so does the attack surface — and the speed at which it can be exploited.

⸻

📚 Key Concepts & Topics

AI-Driven Exploitation
• AI-assisted vulnerability discovery
• First reported AI-built zero day in the wild
• Automation of exploit development

Model Supply Chain Risk
• Typosquatted and malicious models
• Hugging Face trust and verification challenges
• Silent model swapping and integrity concerns

AI Behavior & Autonomy
• Research into LLM persistence and replication
• Limits of current model capabilities

AI Access & Shadow Ecosystems
• Gray market distribution of restricted models
• Claude, Gemini, and access control bypasses
• Trust boundaries in global AI usage

Defensive Implications
• Model provenance and validation
• Monitoring AI-assisted attack patterns
• Preparing for increased attacker velocity

#AISecurity #CyberSecurity #ArtificialIntelligence #LLMSecurity #InfoSec #BHIS #AIAgents #SupplyChainSecurity #AIThreats

----------------------------------------------------------------------------------------------
About Joff Thyer - https://www.blackhillsinfosec.com/team/joff-thyer/
About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/
About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/
About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/
About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/
About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/

(00:00) - Intro: AI Security News & Big Week Overview

(00:47) - Sponsors & Show Setup

(01:34) - AI-Built Zero Day: Google’s Disclosure

(02:39) - Skepticism, Validation & “Trust Me Bro” Problem

(07:41) - Chinese Gray Market & Model Access Risks

(14:11) - Hugging Face Typosquatting & Fake Models

(18:05) - LLM Self-Replication Research & Realistic Threats

(24:16) - Final Takeaways: AI as the New Attack Surface

Click here to watch this episode on YouTube.

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com

Creators and Guests

Host

Brian Fehrman

Brian Fehrman is a long-time BHIS Security Researcher and Consultant with extensive academic credentials and industry certifications who specializes in AI, hardware hacking, and red teaming, and outside of work is an avid Brazilian Jiu-Jitsu practitioner, big-game hunter, and home-improvement enthusiast.

Host

Bronwen Aker

Bronwen Aker is a BHIS Technical Editor who joined full-time in 2022 after years of contract work, bringing decades of web development and technical training experience to her roles in editing pentest reports, enhancing QA/QC processes, and improving public websites, and who enjoys sci-fi/fantasy, Animal Crossing, and dogs outside of work.

Host

Derek Banks

Derek is a BHIS Security Consultant, Penetration Tester, and Red Teamer with advanced degrees, industry certifications, and broad experience across forensics, incident response, monitoring, and offensive security, who enjoys learning from colleagues, helping clients improve their security, and spending his free time with family, fitness, and playing bass guitar.

Guest

Ethan Robish

Ethan Robish has worked with Black Hills Information Security (BHIS) since 2008 — first as an intern and then as a full-time Security Consultant starting in 2012. In his current role as a Threat Hunter, Ethan is involved with customer engagement, research, working with Active Countermeasures’ AC-Hunter, as well as improving BHIS HTOC and SOC offerings. Previously, he implemented defensive security solutions for the Exchange Online security team as a Microsoft intern. While in college, he competed in the International Collegiate Programming Competition (ICPC) World Finals. In his time off, he enjoys cooking, playing the piano, and reading fantasy novels.

What is AI Security Ops?

Join in on weekly podcasts that aim to illuminate how AI transforms cybersecurity—exploring emerging threats, tools, and trends—while equipping viewers with knowledge they can use practically (e.g., for secure coding or business risk mitigation).

Bronwen Aker: 00:00

Welcome back to AI Security Ops big week. Google just disclosed the first AI built zero day used in a real mass exploitation campaign. A typo squatted OpenAI model hit the number one trending on Hugging Face. A new paper is showing that LLMs can hack a box and copy themselves into it, and researchers caught a Chinese gray market selling Claude and Gemini and quietly swapping the models out. Four stories, one through line.

Bronwen Aker: 00:39

AI is no longer the toy in the toolbox. It is the toolbox. Let's get into it. All of this stuff is, of course, brought to you by Black Hills Information Security, where we do penetration testing, SOC as a service, continuous penetration testing, so many things, and AI penetration testing. And, of course, there's anti siphon training where you can get practical, real world centric training that you can turn around and leverage immediately in your day to day lives.

Bronwen Aker: 01:18

For more information, go to blackhillsinformationsec.com. Excuse me. Blackhillsinfosec.com or antisiphontraining.com. Now let's get into it.

Brian Fehrman: 01:35

Alright. So first article we got is that the, Google Threat Intelligence Group is reporting what they are saying is the first AI built zero day in the wild and the first real world case of attackers using AI to discover and weaponize a zero day in a planned mass exploitation campaign. And they claim, they don't give a lot of information on this, that it was a two f a bypass in a popular open source web based admin tool. They didn't name the vendor, but they said that it was patched before mass exploit. Trust me, bro.

Brian Fehrman: 02:11

Yeah. Exactly. Trust me. It seems like some slight of hand there, because watch this, guys. I found two zero days this morning, but I already patched them.

Brian Fehrman: 02:19

So don't worry about it. Magic.

Ethan Robish: 02:23

Well, what what vendor did what vendor did you find them in?

Brian Fehrman: 02:26

Well, it's unnamed. So Oh.

Derek Banks: 02:28

That's right. Okay. They were really quick on the uptake and patched it real quick like no. So I'm sure that they found something, but I I I I at this point, I I'm very skeptical. It is the first, AI created or AI discover like, the first discovered zero day from from an AI model because I mean, I don't know.

Derek Banks: 02:49

Y'all correct me if I'm wrong, but mythos ain't the only model that can find the zero days. In fact, from all of my work over the last, like, two months or so, the harness is actually really important. Like, probably more important than the model. And then the the the person who is, you know, basically guiding the the the coding agent to go down the complicated path of making the harness and and and the platform to do it. At least that's been my experience.

Derek Banks: 03:17

But, I guess they decided that it was AI because there are a whole bunch of what they call educational doc strings everywhere, including a hallucinated CVSS score. I mean, that does that is a little bit of a smoking gun. Right? Like, hey. This is all for educational purposes.

Derek Banks: 03:39

I mean, I don't know about you all, but most of my prompts these days start with, I'm on an authorized pen test.

Brian Fehrman: 03:45

Yeah. Or, hey, I'm doing a CTF.

Derek Banks: 03:51

Specifically said Oh, sorry. Go ahead, Ethan.

Ethan Robish: 03:53

The text it had a textbook format of like the structure of the actual program. So it's kind of like when us as humans look at, you know, a document or something, we can sometimes kind of tell just by intuition, like this this seems AI generated. Now it's there's not a for sure way to tell, like, you can have something AI generated, if they put enough effort into making it not sound AI generated, it wouldn't be able to tell. Likewise, yeah. It is interesting that that is one of the tells that they claim is just the structure.

Ethan Robish: 04:41

Like, hey, it's too textbook.

Brian Fehrman: 04:45

Yeah. I I saw an article, not long ago where or post on LinkedIn or something where someone ran, a book from a famous author through a checker to see if it was AI or not, and it sped out. It was like, oh, yeah. It was definitely AI even though it was, like, created long before AI AI was around.

Ethan Robish: 05:04

Yeah.

Derek Banks: 05:04

I've done some work trying to, use AI to determine if something is a deep fake or not, And I got to about 60% accuracy. Now it was a while back ago. I'm sure things might be different. Maybe my approach was wrong, but it's been my experience that the AI is pretty bad at determining if it's the AI. I mean, they all come from, the same, like, pedigree.

Derek Banks: 05:28

Right? Here, let me match patterns with this pattern matching tool that was also matching patterns on the same data that we were matching patterns from.

Bronwen Aker: 05:38

Wow. That really made my head.

Derek Banks: 05:41

It is. But when you think about, like, if we're gonna train a deepfake, you know, there's only so many pictures of faces. Right? Like, there's I guess there's data sets out that everybody would use to train. Right?

Derek Banks: 05:52

And so, I guess what I'm saying is a lot of these things like, if if you're you're deep fake creator, if, like, you know, it was trained probably with something that at one point used that book. Right? And so I I don't know. I think the AI is not real good at figuring out the AI.

Ethan Robish: 06:11

So we're we're kinda making light of the some of the claims here. But to be clear, I I don't think any of us doubt that AI is being used to develop exploits, develop mass exploitation campaigns to to execute them even. So all the claims here might be, you know

Derek Banks: 06:31

They're super vague?

Ethan Robish: 06:33

They're proof, but they're all very plausible. Mhmm.

Derek Banks: 06:37

Oh, I totally think they found something and I totally think that the people who are doing the thing were using AI to do the thing. I mean, it'd be silly not to. You know, I I bet if you went and looked at everything that I've done here recently, and I'm using AI to try and find vulnerabilities. And I think it's neat that they say they are able to tell it's not Gemini and not Anthropics Mythos. So does that mean that you're fingerprinting models and what they do?

Derek Banks: 07:04

Because that's what I would do if I was doing CTI now. Tracking AI threat actors? Yeah.

Ethan Robish: 07:11

Yeah. That is that is interesting. Yeah.

Derek Banks: 07:15

But, yeah, I agree with you, Ethan. 100%, they found something and they were like, this smells like AI. And then they wrote a blog that was very vague that it's fun to poke fun at. But, yeah, I'm I'm with you. I definitely if you're doing vulnerability research and and hacking and you're either a good guy or a bad guy and you're not using AI at this point, I think you're doing it

Brian Fehrman: 07:36

wrong. Yep. Oh, yeah. Com completely agree. Well, move on to the next next story here.

Brian Fehrman: 07:45

What do we got up next?

Bronwen Aker: 07:48

Shadow APIs.

Derek Banks: 07:50

Shadow API. Now this is actually pretty fun story where the gray market for frontier models. So, this one is, you know, that Claude and Gemini aren't officially available in in China. And it's probably not a secret to anybody who's watching this podcast that The US and the Chinese are in a race to AGI who can have the better AI. And, you know, China, you know, doesn't get access to the same kind of tools that we do on purpose.

Derek Banks: 08:23

Even complete with, like, GPU and chip, you know, regulations that they can't have the same GPUs that we can get. And so, they've started building essentially what, I guess, they said in the article transfer stations, which would be proxy services hosted offshore. So a transfer station's a proxy server, to be able to, get to these models. But if you're the man in the middle, well, then you're the man in the middle. Right?

Derek Banks: 08:53

You can see some things. And so that I guess that's the problem. Right? Is that, you know, there's a a little bit of a data issue, a data exfiltration kind of problem there, I think.

Bronwen Aker: 09:07

Well, it it's interesting too. Oxford's I know I'm gonna butcher this. Zilan Kian found resellers were offering Claude at ten about 10% off of the official pricing. Heck. I'm half tempted to use one of these transfer stations myself just to get the discount.

Derek Banks: 09:27

Do you imagine being part of the team for either OpenAI or Anthropic that is doing analysis on, like, the API users and the data that's coming in? Because China's been, you know, registering millions of accounts and distilling our models for a while. And so I imagine the things they see, like, we don't even know about. Right? And so, yeah, I mean, they're they're able to offer this 10% discount is because they're abusing free credits and and splitting things across different accounts.

Derek Banks: 09:58

And, you know, that's, it's pretty fascinating. Right?

Brian Fehrman: 10:03

Yeah. Yeah. I agree. Well, because we've I mean, we've seen there's, you know, gray gray model gray markets in the software world, computer world have been around for quite a while. I mean, you can go on eBay and you can search for different licenses and, like, oh, a $250 VMware license is $3.

Derek Banks: 10:22

A lifetime subscription to, Versus Code. Am I right, Brian?

Brian Fehrman: 10:27

Yep. Yeah. Things that, you know, you see that, you know, it's, sure. You can you can buy them from what looks like a legitimate source, but, like, you know that, obviously there's something going on and that's that's no different, what we're seeing here.

Derek Banks: 10:43

As a fun side note, I used to consider Brian the, king of finding the shady stuff on the Internet to buy.

Brian Fehrman: 10:51

Can get the goods.

Derek Banks: 10:52

Yeah. And can can find the things and stuff. But I think interesting, if you're if you're one of these brokers, you can I can, you know, claim that I'm selling you access to Opis, but instead on the back end, you're really getting Sonnet or Haiku or maybe even GLM five one? Would you really be able to tell the difference?

Ethan Robish: 11:11

Maybe, Google Threat Intelligence with their fingerprints can tell

Brian Fehrman: 11:14

the difference.

Derek Banks: 11:14

Yeah. They might be able to. I'm not sure that just by the output that I would be able to. I don't know.

Bronwen Aker: 11:23

Yeah. That would be that would be interesting to tell. Gotta admit though. A bait and switch. Come on.

Bronwen Aker: 11:30

Say you're giving you're giving out Claude Opis and not you're only giving out Haiku? Yeah.

Derek Banks: 11:36

Yeah. Right

Bronwen Aker: 11:37

now, sometimes they're more concerned

Ethan Robish: 11:39

over the the privacy. Like, you're you're sending your data through some middle land. Yeah. Knows what they're doing? I mean, I'm sure they're farming it.

Ethan Robish: 11:47

Right?

Derek Banks: 11:47

Yeah. I think the one of the, you know, the impacts for, you know, companies here in The US especially is is that if, you know, especially if you're not giving the the the tools to your folks, know, folks that want to use these kind of things. And if you work in an organization where they're not really adopting quick enough, well, that's how Shadow IT and now Shadow AI is born. So would you be able to tell if, your folks are actually using a service like this? I I I I would want you to try and tell.

Ethan Robish: 12:22

This this is very interesting. I'm reading the the abstract, and they so there's a paper on other papers. So it's kind of a meta meta analysis, but they found that 17 different APIs were used in 01/1987 academic papers. To your point, would you know if your employees or your company was using it? People are using it in actual research, whether knowingly or just

Derek Banks: 12:54

The most cited one has

Ethan Robish: 12:56

to have access

Derek Banks: 12:57

thousands of citations, Ethan. That's a lot of citations.

Bronwen Aker: 13:01

Citations in a single paper?

Derek Banks: 13:04

And and 58,000 no. No. Not in a single paper. Like, the most cited questionable age Other

Ethan Robish: 13:11

other papers are papers are citing this one.

Derek Banks: 13:13

Yeah. And it has 58,000 GitHub stars.

Ethan Robish: 13:18

Yeah. I mean, the whole research area is landscape has changed, right? Like since AI has become like anyone can put out a research paper because it's you can just say single prompts to an LLM like write me a research paper on this topic. You'll get something, and it takes a lot of work to to decide, like, is this junk or not? And then you're putting that burden on other people who are probably also using LLMs to to grade it.

Brian Fehrman: 13:51

Yeah. Yeah. Mean, it's the same problem we talked about on another recent episode about the bug bounties, some of the bug bounties pausing their submissions because it's the exact same problem. Like, generating content is that's the easy part. Right?

Brian Fehrman: 14:03

I mean, getting getting AI to generate up the stuff, but actually validating it, that's that's that's a whole another, issue.

Derek Banks: 14:12

Yeah. And so so I think that this kind of actually leads into the next story too. We're talking about people using shady API services. Well, supply chain, like, that that that's one of the things I think we're gonna hear more and more and more and more. It's gonna be a story that never goes away for, like, the next while, year two, three.

Derek Banks: 14:33

And that's the, a repo on Hugging Face that was a fake OpenAI privacy filter. So I guess the idea is, you know, there is a legit OpenAI privacy filter that OpenAI put out. It was like a PII redaction tool kind of thing, which I would never trust such a thing. That's like back in the days of you remember antivirus, and if you caught, like, malware, you're like, we'll go let the AV clean it off. Well, I've personally had my my my malware stay on a clean machine.

Derek Banks: 15:03

Right? So I I don't ever trust that you know, that redaction. So but but either way, some surprisingly, shortly after a malicious actor stood up open dash OSS privacy dash filter, which is kind of a

Ethan Robish: 15:20

We'll put the link in the show notes. Put the put the link in the show notes.

Derek Banks: 15:26

And No. Don't. So it's a typo squatted name, like and the model card was basically type, you know, copied verbatim and had, 244,000 downloads before it was, I guess, discovered.

Bronwen Aker: 15:43

Ouch. In 18

Ethan Robish: 15:45

Hugging face. Yeah. I I mean, I guess it's technically typo squatting, but this is just, I mean, it's not even a typo, it's just like someone registering the same project name under a different organization or different namespace. This happens all the time in, like you said, supply chain attacks, like Python packages. Someone registers a PIP package that's the same name, but just someone else is publishing it and people search for this name, they hear, OpenAI released a privacy filter, and they go search on Hugging Face and they find this backdoored one.

Ethan Robish: 16:25

I think it actually, what, it deploy a Rust based infostealer?

Derek Banks: 16:29

It looks like it's Python, same deal, right? No. It was a loader dash PY disguised AI Was there rust after that? It doesn't really matter.

Ethan Robish: 16:40

Yeah. Python Python loader, invisible PowerShell drops a rust based

Derek Banks: 16:45

Oh, based input stealer

Ethan Robish: 16:46

on Windows. Just all all of it. We want to hit all the buzzwords. AI, Python, PowerShell, Rust.

Derek Banks: 16:55

There's no Golang in there. I'm kind

Ethan Robish: 16:57

of Infostealer. Right? Yeah. That'll be the next iteration.

Bronwen Aker: 17:00

They didn't hit Golang.

Derek Banks: 17:04

Oh, yeah. That's v two. That's the next iteration. Alright. Yeah.

Derek Banks: 17:10

And so I don't think this stuff is going away. I mean, it's it's always been a problem. Right? Like, the PyPy. Like, when I when I was doing that project in grad school, we were, like, basically measuring the impact of Python projects using PyPy data and, you know, statistics.

Derek Banks: 17:26

We made a big graph network, and we were stumbling across malware. Like, it wasn't it was everywhere. And now I think now you just have an agent that most people are running locally on their computer, and it just goes off. Like, I actually saw my, I was I was writing some code the other day, and that call up wanted to go install Lite LLM. And I said, woah, hold on a sec.

Derek Banks: 17:52

Let's make sure we do this correctly here. I was also in a Docker container, but but still, like, I think that, people have to be careful for sure.

Ethan Robish: 18:02

Yeah. I mean, it's The The the supply whole supply chain attack, like, how do you how do you prevent against it? I mean, if you pin your versions, your commit hashes, I mean, that's one way. But the historical advice of patch all your software, like apply updates as soon as possible, there's a risk to that as well because I think I've seen some package managers where you can tell it, you can configure it like, Hey, keep me up to date, but only after a package has been published for a configurable amount of time.

Derek Banks: 18:41

Yeah, an age game. Only

Ethan Robish: 18:45

update when other people have tried to install it and other people have looked at it.

Derek Banks: 18:51

I've been meaning to release it on GitHub, but I I've been using a Docker container that I call AgentForge, and it has an age gate for all Python and NPM packages.

Ethan Robish: 19:00

It has to

Derek Banks: 19:00

be older than seven days before it gets installed. Yeah. And so, I haven't ran into where it hasn't wanted to install something. It hasn't told me, oh, it hit the age gate, but at least makes me feel better that the, the intent is there. Right?

Derek Banks: 19:13

So Yeah.

Ethan Robish: 19:14

And honestly, not even just from a security spec perspective, but a usability perspective. Like, With the release cadence of all these harnesses, Cloud Code, Open Code, new updates coming out all the time because they're AI driven, stuff breaks. If you're updating every day, mean, it's essentially living on the bleeding edge. Like, you're subscribing to a bleeding edge repository. So putting an age gate in there might not be a bad idea for stability too.

Ethan Robish: 19:43

Yeah.

Bronwen Aker: 19:44

Gee, it seems like this is classic patch management stuff.

Derek Banks: 19:49

Yeah. I mean, it can be I I don't know. I know that I was doing vulnerability management way back in a previous life. We never really worried about the age of the package. The message was get it out as soon as it's, you know, available kind of thing.

Derek Banks: 20:03

And, you know, ironically, it was, you know, in the SolarWinds attack, it were the folks who were not legit patching and, you know, those are the ones that didn't get hacked. Right? It was all the people who were keeping their self up to date and actually paying for updates. Those are the ones who got who got popped, which, I mean, it's the opposite message we wanna tell people. Right?

Derek Banks: 20:25

Ethan Robish: 20:25

It was a there was a vulnerability. I can't remember what it was in. SSH or bash or something. And it came out and it was scary. So I went to all the servers we had access to and I was like, this vulnerable?

Ethan Robish: 20:40

There was a good portion of them that weren't vulnerable because they were running OS versions like too old. Whoopsie doodles. I was like, Yes.

Bronwen Aker: 20:49

No. It's almost like instead of security through obscurity, it's now security through legacy.

Derek Banks: 20:57

I was gonna say security through laziness. Right? Like I

Ethan Robish: 21:00

mean yeah. That yeah. That's if you if you lock it in a box and it's, like, not accessible anywhere, I mean

Derek Banks: 21:06

Bronwen.

Ethan Robish: 21:07

It's like a it's like a kiosk in in Walmart or whatever running Windows ME or something.

Derek Banks: 21:12

There was a time in during Black Hills where you're looking at the three people who basically ran external facing, you know, bare metal collie servers hanging out on the Internet. You remember those?

Brian Fehrman: 21:23

Yep. Yep.

Derek Banks: 21:25

Remember we had one we wouldn't let other people on because we're afraid they'd screw it up because they'd always screw it up.

Ethan Robish: 21:31

Yep.

Derek Banks: 21:32

So, man, we came a long way. Alright. Well, the we'll we'll end on the Skynet story because if, you know, you have trouble sleeping at night, this won't help. Oh, no. Now what?

Derek Banks: 21:47

Autonomous hacking and self replication. So basically, the deal is is that, some researchers wrote a paper on, an l m an LLM agent, that finds a web Vault, exploits it, extracts creds, stands up an inference server with a copy of its own harness on the compromised host, and replicates itself across the network. And if anybody is thinking, man, that sounds like a Daniel Suarez story called Damon, you're right. Because that is essentially what the premise of that book was probably ten years ago or so at this point. Wow.

Derek Banks: 22:21

Which so, yeah, self replicating. I'm I'm pretty sure this is how movies start.

Ethan Robish: 22:27

That's crazy. I mean, you hear I mean, you've worked on, like, automated hacking and the whole mythos, like, hype. I mean, this is taking a step further. Like, obviously, it's not replicating mythos, but Well open source agents seemed open weight agents seem to be Wanna go pretty dang countable these days.

Derek Banks: 22:47

I really actually, I wanna go read this paper. I haven't read the paper, but the numbers that matter, Quin three six had a thirty three percent success rate. That is not a very big model, a 27,000,000,000 parameter model. No. It's not big at It fits on one consumer grade.

Derek Banks: 23:01

So you basically need one, like, a 100. Actually, you probably need less than a 100 for especially if it's quantized. But they were saying that frontier models were hitting 81% accuracy being able to find and do this. I mean yeah. Yeah.

Derek Banks: 23:18

I think this is totally plausible. Right? I mean, if you have the ability to go, gain access and write code, then you can certainly stand up a harness that will use inference somewhere else. As long as you have inference, you're probably pretty good. So oh, I can't wait for AGI.

Derek Banks: 23:36

Two

Ethan Robish: 23:38

two things to note here.

Bronwen Aker: 23:40

What? AGI is gonna make this better? Really? So

Ethan Robish: 23:48

they point out that the success rates of the prior generation like OPUS four or GPT-five was zero single digits. Just the jump to 33%, 81%, like, in a single generation is pretty amazing. And then the other thing to hedge this is this was done in lab conditions. True. Not in the wild yet.

Bronwen Aker: 24:14

Thank goodness.

Derek Banks: 24:14

Yeah. True. But, I mean, I actually I I I remember I I was AI ing pretty hard when this jump occurred, and that was pretty much the fall of twenty twenty five. Right? When, you know, the those latest rounds of models came out, I mean, they were leaps and bounds better.

Derek Banks: 24:34

And and now, you know, I'm I'm I'm really excited and kind of scared to see what comes out, you know, later this year. I know we haven't got to use Mythos yet, but I I I still think that, you know, the current generation of models still amaze me day in and day out for sure.

Bronwen Aker: 24:52

Yeah. It it reminds me so much of the days when the web was just going mainstream, and I it felt like we were downloading new browsers two or three times a day. It was it was just insane. And this this has very much that same vibe and the delta from one version to the next. And and I know I've seen it.

Bronwen Aker: 25:14

Well, cripes, last year when I was doing the webcast about Copilot and and vulnerabilities that enterprises have. From January to May, the delta was extreme, and this is that same thing. It's John keeps saying, this is the worst that AI is gonna be. It's only going to get more powerful, more difficult to contain, and more capable as we go forward. And and, yeah, it is amazing how quickly it's evolving.

Derek Banks: 25:48

You know, we're already at the point where they, know, you the big frontier model companies are using AI to make AI. And so, you know, it's going to get pretty wild.

Bronwen Aker: 26:00

Already is

Ethan Robish: 26:01

I think about the people getting into using AI or, like, developing the progression of, Hey, I'm going from a chat web interface to agentic coding or vibe coding, whatever. Every person who gets into it later thinks, Oh, this isn't so hard. Why are all these people saying, This isn't as hard as you were making it out to be? But it's just improving so much that every jump makes it more accessible to more people and makes it better for the existing people. Like

Bronwen Aker: 26:37

And the ways that people are using it continues to amaze me. So last weekend excuse me. I was at a conference, and one of the women sitting next to me in in one of the talks had difficulty hearing. She actually has hearing loss from, service, in the military. And what she did was she took out her phone and she opened up an AI and she had the AI listen to the presenter and not only take stuff down but summarize it.

Bronwen Aker: 27:13

And I never would have thought of doing that personally. But I have good hearing. But to see that in the wild, we have no idea how these are

Derek Banks: 27:23

gonna be.

Ethan Robish: 27:23

Live closed captioning. I

Bronwen Aker: 27:24

was yeah. Ativan.

Derek Banks: 27:25

I was recently, in the, Czech Republic, and when we went to a grocery store, and I was using a local model on my phone, a quantized version of, of, Gemma four to essentially take, you know, pictures of, you know, things in in in Czech and translate it like just on my phone. Just because, you know, we went to a Lydall and I couldn't or Lidall and I couldn't read anything. It's like, is this butter? I'm not sure if this is butter. I want it to be butter.

Derek Banks: 27:54

And so I don't wanna rely on, you know, basically getting, you know, cell service. Right? And so,

Ethan Robish: 28:02

that's Fascinating. Yeah. Because I I did the same thing several years ago in Japan, but I I had to rely on cell service. I was using Google trans like, live translate and I needed WiFi or cell service. And now you can just have a local model.

Ethan Robish: 28:19

I'm learning on my the hardware and the advanced enough.

Derek Banks: 28:22

An iPhone 16 with an M series chip in it. Right? And so, I mean, I'm not saying it was blazingly fast. I mean, it was usable for sure. Right?

Derek Banks: 28:31

But, yeah, I had no problem translating stuff. It was great. Just like from the picture. Like, we were going to, like, you know, museums and stuff. We're like, translate this for me, please.

Derek Banks: 28:40

Ethan Robish: 28:42

Universal translator. Exactly. Bronwen, I saw the Douglas Adams in in your background. Oh. Is it the babble fish?

Ethan Robish: 28:48

It's the

Derek Banks: 28:48

babble fish. Exactly. It's just not in my ear yet. Yeah. Oh, yeah.

Derek Banks: 28:55

Alright. Well, let's wrap this up. So, you know, I I think that the the moral of the story is is things are getting, wild out there, and they're gonna continue to get wilder. But the best thing you can do is learn as much about this technology as you can and dive in feet first and start using it. And, you know, don't worry.

Derek Banks: 29:14

Be happy. Keep on prompting. That's what we say. Keep on prompting.

More episodes

Chapters

Creators and Guests

What is AI Security Ops?