Subscribe
Share
Share
Embed
This episode dives into the fallout from new restrictions on Anthropic’s cybersecurity-focused AI models, Mythos and Fable, and the debate over whether government pressure has effectively blocked security researchers from using advanced AI for vulnerability discovery and code analysis. The panel discusses AI “jailbreaking” claims, export-control comparisons, the impact on penetration testing and bug hunting, and how AI is accelerating vulnerability research. Other topics include responsible disclosure challenges, the growing volume of AI-assisted security findings, and what these developments mean for researchers, vendors, and the future of offensive security.
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity
Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat
Chapters
Links
06:30 - Story #1 - Statement on the US government directive to suspend access to Fable 5 and Mythos 5
21:16 - Story #2 - ServiceNow discloses security incident exposing customer data
41:46 - Story #3 - Introducing Claude Corps
52:12 - Story #4 - SHINYHUNTERS HITS 100+ UNIVERSITIES WITH ORACLE ZERO-DAY
52:40 - Story #5 - Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack
59:00 - Story # - This Company Will Add Phone, AirPod, and Smartwatch Trackers to License Plate Readers
Click here to watch this episode on YouTube.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity
Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat
Chapters
- (00:00) - PreShow Banter™ — A Banned Phrase
- (04:56) - U.S. Government Effectively Bans Fable 5 and Mythos 5 - 2026-06-15
- (06:29) - Story #1 - Statement on the US government directive to suspend access to Fable 5 and Mythos 5
- (21:15) - Story #2 - ServiceNow discloses security incident exposing customer data
- (41:45) - Story #3 - Introducing Claude Corps
- (52:11) - Story #4 - SHINYHUNTERS HITS 100+ UNIVERSITIES WITH ORACLE ZERO-DAY
- (52:39) - Story #5 - Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack
- (59:00) - Story # - This Company Will Add Phone, AirPod, and Smartwatch Trackers to License Plate Readers
Links
06:30 - Story #1 - Statement on the US government directive to suspend access to Fable 5 and Mythos 5
21:16 - Story #2 - ServiceNow discloses security incident exposing customer data
41:46 - Story #3 - Introducing Claude Corps
52:12 - Story #4 - SHINYHUNTERS HITS 100+ UNIVERSITIES WITH ORACLE ZERO-DAY
52:40 - Story #5 - Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack
59:00 - Story # - This Company Will Add Phone, AirPod, and Smartwatch Trackers to License Plate Readers
Click here to watch this episode on YouTube.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
Brought to you by:
Black Hills Information Security
Antisyphon Training
Active Countermeasures
Wild West Hackin Fest
Creators and Guests
Host
Bronwen Aker
Bronwen Aker is a BHIS Technical Editor who joined full-time in 2022 after years of contract work, bringing decades of web development and technical training experience to her roles in editing pentest reports, enhancing QA/QC processes, and improving public websites, and who enjoys sci-fi/fantasy, Animal Crossing, and dogs outside of work.
Host
Corey Ham
Corey Ham has been with Black Hills Information Security (BHIS) since 2021 delivering red teaming and OSINT services. Currently, Corey leads the ANTISOC team at BHIS, providing subscription-based continuous red teaming to BHIS clients. Outside of his time at BHIS, you can find him out in the woods or up on a mountain somewhere.
Host
John Strand
John Strand has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry-shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks.
Host
Ralph May
Ralph is a U.S. Army veteran and former DoD contractor who supported the United States Special Operations Command (USSOCOM) with information security challenges and threat actor simulations. Over the past decade, he has provided offensive security services at Optiv Security and Black Hills Information Security (BHIS) across various industries. His expertise spans network, physical, and wireless penetration testing, social engineering, and advanced adversarial emulation through red and purple team assessments. Ralph has developed several tools, including Bitor (set to release in January 2025) and Warhorse, which enhance efficiency in penetration testing infrastructure and operations. He has spoken at numerous conferences, including DEF CON, Black Hat, Hack Miami, B-Sides Tampa, and Hack Space Con.
Host
Wade Wells
Wade Wells has been working in cybersecurity for a decade, focusing on detection engineering, threat intelligence, and defensive operations. Wade currently works as a Lead Detection Engineer at 1Password, where he helps build and mature scalable detection programs. Outside of his day-to-day work, Wade is deeply involved in the security community through teaching, mentoring, podcasting, and running local events
Guest
Alex Minster "Belouve"
Alex Minster is a cybersecurity professional with a passion for Open-Source Intelligence (OSINT) , and a desire to use his technical skills to make a meaningful impact on society. With nearly twenty years of experience in cybersecurity, and a current role in Threat Intelligence for a global financial corporation, Alex remains very active in numerous cybersecurity groups including DC608 and Black Hills Information Security. Beyond his professional accomplishments, Alex is an avid oldschool gamer who enjoys arcades, retro gaming, and tabletop games. He brings his passion for adventure and his commitment to helping others to everything he does, both in and out of his professional career.
Guest
Jason Haddix
Jason has had a distinguished 20-year career in cybersecurity, previously serving as CISO of Buddobot, CISO of Ubisoft, Head of Trust/Security/Operations at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason is a hacker, bug hunter, and is currently ranked 57th all-time on Bugcrowd's bug bounty leaderboards. Currently, he specializes in recon, web application analysis, and emerging technologies. Jason has also authored many talks for world-renowned conferences like DEF CON, Bsides, Black Hat, RSA, OWASP, Nullcon, SANS, IANS, BruCon, ToorCon, and many more.
Producer
Ryan Poirier
Ryan Poirier began his time at Black Hills Information Security (BHIS) as the Video Producer and Editor in August 2020. Ryan polishes and perfects every webcast, podcast, and workshop on the BHIS, ACM, and WWHF YouTube Channels. Prior to Ryan’s time at BHIS, he worked for one of the largest public schools in the United States, conducting their video production and live broadcasting. He joined the BHIS team because he felt like it would be a great group of people to work with, and he couldn’t pass up the perfect next step in his career. Outside of his time with BHIS, Ryan does freelance photography, attends Cars & Coffee events, and expands his knowledge of audio and videos.
What is Talkin' Bout [Infosec] News?
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
Join us live on YouTube, Monday's at 4:30PM ET
On my account, I couldn't get a single query through Fable. Like, I I I literally went in there and I typed, like, Apple, and it was like, this has been moved to Opus because you're
Wade Wells:No.
Corey Ham:The second, like, it recalls a memory of me being a pentester. It's like, never mind. Nope.
Jason Haddix:Yep. Yep. I
John Strand:don't like you.
Jason Haddix:Yeah. That's what we had for most of the week, and then we we managed to figure something out and but you know?
Corey Ham:Yeah. I don't know.
Jason Haddix:It's crazy.
Corey Ham:Yeah. I mean, we'll probably talk about it on the show, but that, like, basically, you know, fix find vulnerabilities in this code or fix this code that's now considered a cyber weapon. Yeah. Yep. He can't say fix this code.
Corey Ham:That's a banned phrase. That's
Jason Haddix:Yeah.
Corey Ham:That's like using export grade ciphers in North Korea.
John Strand:Well, kinda What Jason, you'd remember. You remember way back in the day, they put, like, the algorithm of AES on a T shirt at Black Hat.
Alex Minster:Yeah. Remember. I still I I have those I have those files for being able to print that again.
John Strand:Awesome. I
Corey Ham:had a Well, no. There's a new version now. Yeah. There's a new version now. Did you see Katie's Katie's website?
Corey Ham:It just says fix this code. And then on the back, says this is a cyber weapon. Yeah.
Jason Haddix:Yep. Yeah. I saw it. Yeah. Yeah.
Jason Haddix:We we have a we have a t shirt design this year that's it's basically the front and back is the contents of the rock you password list. And so, like, it's a real deep it's a real deep cut if you're, like, you know, anyone who's ever brute force stuff, but you'll it if you see it. So yeah.
Corey Ham:Nice. Well, we have RockQ twenty twenty four now. Okay.
Jason Haddix:That's that's true.
Corey Ham:For a t shirt. It's too big for Yeah.
John Strand:Jeez. Yeah.
Corey Ham:Yeah. The new version of that shirt is so much more boring. It just says one prompt that says fix this code. Yeah.
Jason Haddix:Oh, god. We actually our main t shirt design this year is, instead of hack the planet, it's it's says hack the planet, you know, from hackers. And then it's over a globe, but then it has agent and graffiti across there. So for, like, AI hacking stuff. So it's a it's a dope design.
Jason Haddix:Yeah.
Corey Ham:Hack the hack the planet. Make no mistakes. Yeah. Produce a mark down. Yeah.
Corey Ham:Produce a markdown and Jameson report. No mistakes. Continue until completion. No prompts. Me and Ian.
Corey Ham:That reads
Bronwen Aker:500 to 750 characters insert typo.
Corey Ham:That's great. I avoidance. Yeah.
John Strand:I like it. I still you know, I I still think it's funny. I mean, we're getting started here. I have a couple minutes. I was listening to some podcasts on AI stuff this weekend while I was working.
John Strand:And there's this one that it's actually a pretty good podcast, but they bring on AI naysayers. And this one guy knew a lot about AI, but he's just like, AI is not actually good at anything. You know, it makes it makes you think it's good, but it's not good at anything. And I'm like, this guy really doesn't know what he's talking about at all. So it was Yeah.
Corey Ham:Well, it's that is true if you've only used, like, crappy models. Like, I I have a I have a Spark with Hermes agent running on it, and it doesn't know how to do anything. It's like
Wade Wells:it's like, oh, let me fix
Corey Ham:this Python code. Somebody turns Crappy
Wade Wells:models, bro.
Bronwen Aker:Crappy prompts. Yeah.
Wade Wells:That's it. That's it. Right?
Corey Ham:Well, you need one or the other. You either need a really fancy model or a really fancy prompt.
Bronwen Aker:I was You know what? You can give the finest tools to a monkey, and it's still gonna generate junk. I'm sorry. Million monkey thing doesn't. But you give Leonardo da Vinci dirt, sticks, and egg whites, and you are going to get masterpieces.
Corey Ham:Okay. I don't know, though, because I went to his little museum in France, and there's all kind of stuff we're not using. No one's using an Archimedes screw to pump water. Come on. We got we got septic systems now.
Corey Ham:K? We're pooping inside. Man. We're pooping inside. K.
Corey Ham:Da Vinci wouldn't even understand it. He wouldn't get it. He'd be like, what? What's going on?
Wade Wells:And inside.
John Strand:Number five is a live references, and the Discord server are always my favorite. Short circuit for the win.
Bronwen Aker:Need more input.
Jason Haddix:He's he's actually we do tie we do, like, separator slides in all of our classes. So we we chose all over the robots for the new AI acting class, and Johnny five is one of our our separator slides. No disassemble is the is the tagline.
John Strand:Nice. I kinda feel like Rocky when I was watching Hail Mary was kind of based on on number five.
Jason Haddix:It did feel a lot like that. Yeah. Yeah.
John Strand:Little bit.
Corey Ham:Alright. Let's roll the finger. Let's get this show on the road. We got so much to discuss. I'm excited.
Jason Haddix:That's
Wade Wells:all. I'm a
Corey Ham:take a
Alex Minster:take look
John Strand:this one.
Alex Minster:I'm a
Jason Haddix:long side.
Corey Ham:Cool. Hello, and welcome to Black Hills Information Security's Talkin' Bout News. It's 06/15/2026, and you can't have Mythos. You can't have Fable that you can't say fix this code to an AI or else you will be banned from Claude permanently.
Bronwen Aker:Bam.
Corey Ham:How's it going, everyone?
Jason Haddix:How are
Corey Ham:you feeling? Good.
Alex Minster:Good. Good.
Wade Wells:Less productive.
Corey Ham:Less productive?
Wade Wells:Less productive. Because I don't have access to Fable anymore.
Corey Ham:Oh, I see.
Wade Wells:I know you're subpoena. Are so spoiled.
Bronwen Aker:I've been using haiku.
Corey Ham:Quick Bronwen's like, I'm doing one handed push ups over here. Yeah. So quick round of introductions. We got Wade, wading two logs, who's here. A lot of the presenters today are gonna be presenting or talking or teaching at the upcoming threat hunting summit this Wednesday.
Corey Ham:So check that out if you're interested. We have John Strand. He's legally required to be here, so he doesn't get fined. We have Bronwen, who is here to help us not use AI like an idiot. And we have Jason, who's keynoting the threat hunting summit.
Corey Ham:Hello. Exciting. And then we have Alex Belouve. Belouve. Frenchman.
Corey Ham:Just kidding. Alright. We gotta get into the first I mean, we gotta start it off. Like, it's it's mythos. It's fable.
Corey Ham:Like, it's government drama. It's billionaires calling billionaires calling government people calling who knows what. We're back to export grade ciphers. I mean so okay. For those that have been living under a rock, here's what happened.
Corey Ham:Anthropic has been touting this fancy new AI model called Mythos that's really good at cybersecurity stuff. And last week, they published what they're calling Fable five, which is a basically, from their perspective, Mythos with more guardrails that are designed to prevent abuse. They thought it was ready to go live, and so they published it on June 9. And then on Friday, June 12, right, I think it was at the very end of the business day for me, so, like, 5PM. Yeah.
Corey Ham:They revoked Fable access. And the blog post where they revoke it is very much reads just like a hastily scrawled, like, we're upset about this. There's some really funny, like, little disses in there that I like, you know, like, it says, the US government believes this. It's like that believes is carrying a lot of weight in that sentence. Basically, it's kind of a he said, she said scenario where the government is panicking about people having jailbreaks for Mythos or for Fable that are potentially abusable to do evil things.
Corey Ham:Lots of security researchers, including Krebs and Katie, I can't pronounce her last name, Mousciras. Mousciras. Mousciras. Basically came out and said, these jailbreak bypasses are not, like, really avoidable. Like, this isn't a real reason to take the model down.
Corey Ham:And that's kinda where we're at is basically the debate between the US government, you know, some people from Amazon who wrote a blog post about it, the analysis of that blog post. It's a it's a whole lot of, like, people and parties wrapped up in it. Who has takes on this?
Wade Wells:Has it has has it
John Strand:been confirmed that Amazon was kinda the precipitating event in contact Yes.
Corey Ham:Yes. CEO some executive called the government, I guess. Like, I don't even know.
Bronwen Aker:I think one of the articles I read said it was was one of the heavy hitters in the
Corey Ham:Yeah. And, yeah, the CEO, I think, basically called Yeah. Someone at the government was like, they'd be jailbreaking with those. I'm scared.
Jason Haddix:Well, let's let's be let's be very clear here. A jailbreak is putting in a prompt that is meant to subvert the system, right, and make it do things it's not supposed to do. The the way they jail, where they'll get in air quotes, right, was they said, here they, like, first, they asked it to do bad things, and it was like, no. The classifier shut them down pretty hard. And then they put bad code in real code and said, find these bugs.
Jason Haddix:And then, of course, it found the exploits, and it found the vulnerabilities. And then they were like, look, we jailbroke it, which is not jailbreaking. I am part of a, like, a world renowned jailbreaking team. That's not actually what we do. So the word jailbreaking is being, like, you know, very much thrown around here.
Jason Haddix:Yeah.
Corey Ham:Yes. And it's also the government who has has probably a thin understanding. Yeah.
John Strand:Has the So, let me get this straight. What you're saying is one doesn't have to be a world renowned jailbreaker to be able to comment on this, but luckily, you are. Uh-huh. You have some expertise in this.
Jason Haddix:The whole thing is I mean, so, like, I was I was saying before the show, I mean, like, there was a jailbreak for Fable going around since, like, Tuesday, and, it involved, like, a whole bunch of things that we normally do in attacking AI systems, which is changing text into different forms of text and using, like, anti refusal language, all this crazy stuff. But the thing is is you would start using it, and then two responses into the turn of talking to AI, the classifier, which was completely separated from the model, would shut you down. Like, you would only get two responses in. And that was the furthest anybody I saw got using it. So I didn't think that it was that dangerous.
Jason Haddix:Like, you know, you could barely get anything going with the model. Woah. Hold on. So of the bad stuff. It's crazy.
Corey Ham:I worked for the government, and I asked it if it was dangerous, and it said it was dangerous. So I I had to ban it. Sorry.
Jason Haddix:Yeah. Yeah. Yeah. I think I said hello, and because my my memory file has that I'm a pentester and, like, hacker. Like, I mean, it was like, not talking to you.
Jason Haddix:They didn't hear. I'm just like, it's like, nope. I don't wanna speak to you.
Wade Wells:But the stuff Yeah.
John Strand:About but the stuff that you're talking about is almost completely impossible to completely reduce that risk to zero. Right?
Corey Ham:Oh, you're right. For sure. Yeah. Yeah. That's basically the point every yeah.
Corey Ham:Yeah. This is yeah. This is all we were joking about it before the show, but this is a 100% we're back to export grade ciphers. It's the same thing. It's like, we're basically banning.
Corey Ham:And and by the way, we forgot to even mention this, but the US government is claiming, oh, well, it's abused by foreign nationals because they got wind that, like, someone who has ties to the, you know, People's Republic Of China had access to it or whatever. Yeah. So they're like, okay. You have two choices, Anthropic. One, make sure everyone that uses it has, like, a passport, I guess.
Corey Ham:Like, I don't know. Or two, just disable access to it. And, obviously, you know, it's kinda like the porn sites. It's like, you can't verify they're over 18. You have to just block them, and there's no way to verify citizenship for every Claude users.
Corey Ham:They're just gonna block it.
Alex Minster:Yeah.
Corey Ham:But, yeah, it's back to the export grade. And every other model is vulnerable to the same, quote unquote jailbreak. If you ask a model to fix vulnerabilities or fix this code, and there's vulnerabilities in the code, it's gonna do it. That's not a guardrail. I don't know.
Corey Ham:It's
Wade Wells:But you know what? I was surprised they knocked it off for corporate customers though too. Right? Because like, I guess that's still you could have citizens. Right?
Wade Wells:But at least the corporate customers you can ratify as like, they're they are technically they are citizens. Right? The companies Yeah. Corporations.
Bronwen Aker:How many how many insider threat issues have we had lately, and and how many times How many more people Yeah. Being pointed at as as being whatever. So no. I I get it. I get it.
Bronwen Aker:I do think that there's a lot of tempest in a teacup going on here. I think there's a lot of big cranky babies pointing fingers at each other. I don't think that the the whole fable rollback is a reasonable action because I don't think reasonable people made those decisions. But hey.
Corey Ham:Bronwen Aker. It's fine. It's fine.
John Strand:We know what they say. They say the best time for government to start getting involved, helping regulate this would have been five years ago. The worst time is, like, last week at the end.
Wade Wells:Five. Yeah. Would it be one thing if they had
Bronwen Aker:any clue what this technology is about?
John Strand:No. There's the key. Right? And and I almost you know, you you talk about the tempest in the teacup. We're kind of tap dancing around it.
John Strand:How much of this do you guys think, honestly, is just the politics of the situation?
Corey Ham:A 100%. 98%. Like 90. Yeah. 9512%.
John Strand:So, mean, Topic is a company that refused to play ball. Right? They well,
Corey Ham:kind of. Kind of.
Bronwen Aker:Yeah. Meditations on the
John Strand:call they were willing to
Corey Ham:They did not catch that guy. I don't I don't know if this hit everyone's radar, but last week, the CEO of Anthropic published this long blog post about how the government needs to regulate AI. Like, I was like, a whole, like, you I I read it. I I I read it, and I I didn't realize I didn't know the CEO of Anthropic's name off the top of my head when I read it. And I was like, what person had, like, a venti coffee and just banged us out to Starbucks?
Corey Ham:Like, this is like not it's kind of a little bit incoherent. But, yeah, coming from the CEO of Anthropic, it's basically like, you know, AI is scary. We need to regulate it. But, like, you know, so it's not like, at least on a high level, the Anthropic has been making the noises of, like, trying to play ball, but it just comes out to personal conflict. Yeah.
Corey Ham:Yeah.
Alex Minster:Yeah. There's posturing on two on two ends. So what John and others said was, you know, the government kind of coming in with that you didn't bend the knee. This all hitting kind of at market close, make of that what you will. But I do also think, because I'm an Anthropic user, that Anthropic is seizing on this opportunity as well.
Alex Minster:Because like every time I log in for Anthropic, it's like, Oh, by the way, Fable five isn't available. I'm like, Yeah, I know. It's like, and then you do another thing, Hey, did you hear that Fable five isn't available? Yes, Anthropic. I know.
Alex Minster:And it's like, Anthropic isn't available. I agree. Fable five is not. Well, can't,
Corey Ham:yeah, you
Alex Minster:can't suppress Once they can release it, everybody's going to rush to take a look at, you know, okay, when they release something new, everybody's going to rush and take a look. AI companies need to be profitable. I have like this, you know, wonderful website of like, is aiprofitable.com, which is fantastic. But they they I mean, they this is a strategy of, like, you know, not letting a crisis go to waste. They're gonna go, we're gonna tell everybody that they're coming down on us.
Alex Minster:They're going to tell everybody that, hey. We we red teamed us. We're gonna tell everybody that the other models also have the same thing and hope that when there is a rollback that they can make the make money off of it.
John Strand:I I think it's a lot like the Monty Python face the peril thing right now. It's like, we're not gonna let you face the peril, but I but I wanna face the peril. And they're like, no. No. No.
John Strand:It's too perilous. You cannot face the peril, but I'd really, really like to face the peril. They're literally doing that type of marketing where telling people, oh, this is too dangerous. This is too dangerous. This is dangerous.
John Strand:Because it's all I mean, we're talking about it right now.
Alex Minster:Yep.
John Strand:Right? So I I think it's amazing marketing, and I wanna go back to something we talked about briefly. For those of you that were in it, I know, Wade, you got it ripped away from you far sooner than you would have liked. Not, like, probably, but by the people you work with. But, Jason, you were in there.
John Strand:There were people playing around with it. I don't see anybody online that was just like, oh my god. It was everything. The peril was fantastic.
Jason Haddix:Yeah. That wasn't that wasn't when
Corey Ham:Yeah.
Jason Haddix:That wasn't when we were using it. Like, at like, I mean, it was it it obviously benchmarks really, really high on source assisted, stuff, which is great. Right? But not everything I do is source assisted. So a lot of our stuff is black box pen testing, black box AI red teaming, web application testing, internal stuff like that.
Jason Haddix:And, you know, it did not benchmark as good on those things. And we were using it for web testing for those couple days. And, I think I I evaled it over, a VDP program, a vulnerability disclosure disclosure program that I knew had vulnerabilities from a previous run using Opus 4.6. And that's our workhorse here, is is Opus 4.6, Codex 5.5, and then a couple of other, self hosted models. And we we run them in a fleet, we call it.
Jason Haddix:And, and so when we ran Mythos over that same scope, it missed, like, two criticals but found one additional. So it didn't blow me away. And I was like I was like, okay. It's cool that it found something new and it chained to what we call breadcrumbs together to find that thing. So that was cool.
Jason Haddix:But it didn't find everything that the other ones found and they're supposed to be inferior models. So, but I didn't I didn't benchmark it in the source code, like, kind of bake off. That would have been cool. I just didn't have time yet.
Wade Wells:So
Corey Ham:I sort of agree with everything you just said. It winds up with everyone I've talked to in our own personal usage of AI. Like yeah. Anyway
Bronwen Aker:Well, there are reasons why I'm using Haiku as my default. And it's it's not just trying to be safe and secure and reduce the amount of water that's being wasted on on all of these data centers. And and I'm not gonna say that isn't part of it because it is. The the cost, the ability to manage tokens effectively is a big reason. But the bigger reason is that even the so called lower or lesser grade models do amazing work for 80 to 90% of the normal tasks that I do in a daily basis.
Bronwen Aker:Then when I need to go deeper, when I need those computes, that's when I switch to the higher end model because that's efficient.
Corey Ham:Yeah. Yep. Yeah. Mean, it's probably worth mentioning oh, go ahead, John. Sorry.
John Strand:I was gonna say that gets into, like, that, like, that. Bronwen, there needs to be a workshop and a class on this. But that gets sent to everybody that's moving forward in the future. They've got it and we're kind of stepping away from the Mythos thing here just right now, but we more companies need to be looking at how can they be more cost efficient with the models that are available to them. Right?
John Strand:And not always using the most high end model. Thankfully, I've only had a couple of people come to me, and they're like, everything I do, I require the absolute bleeding edge model. And we've we've had some conversations, we've talked to them back to Moliage. But I agree I agree a 100% with you. You don't need the most cutting edge model all the time.
Corey Ham:Well, also, just I know we're stepping onto another article, and there's so much more to talk about. But it's worth noting that Fable five was only gonna be included in the plans for,
Alex Minster:like, another couple weeks.
Corey Ham:Yeah. Like like,
Bronwen Aker:it seems like two weeks or something.
Corey Ham:It's it's like Then you were on usage.
Bronwen Aker:Gonna be available?
Corey Ham:Yeah. Then you're on usage, basically API only billing, which I don't know
Jason Haddix:a little hit, you know, a little hit upfront. And then they're like, you've come back later. Correct.
Bronwen Aker:First taste is free, man.
Wade Wells:That bottle are definitely not worth going to the credits, honestly. Like, playing around with it, like, as everyone has said, is not worth that credit usage. Like, I
Ralph May:wouldn't wanna pay. I would
Wade Wells:just do four our $4.08 right now. Like, anyways.
Corey Ham:Dude, okay. But I don't know. Like, you know, obviously, this is super specific, but, like, we don't know what level of Corey,
John Strand:I say hate to interrupt you, but Cheddar just had a great quote. He said, we pivoted from token maxing to export controls in less than two weeks.
Wade Wells:Yeah. Yeah. Great. Cool.
Jason Haddix:Sorry. Go ahead.
Corey Ham:No. I was just gonna say, like, basically, if you are a Cloud user and you look at your usage, how much it would cost you on the API, you will figure out really quickly that you can't afford to use just the API, which means you probably can't afford Mythos. And if you are using the API, you have to build in multimodal. Like, you can't just only use Opus for everything or else you're just gonna go bankrupt. You can burn
Jason Haddix:Yeah. Through you could have, you know, six Cloudmax subscriptions and then, you know
Corey Ham:Exactly. Yeah. Yeah. The point is, like, the subscriptions are everything.
Bronwen Aker:Tools, people. Come on.
Corey Ham:No. This is everything.
Bronwen Aker:Use ball meter when all you need to do is is, you know, hammer in a tiny brad that big.
John Strand:Yeah. But it feels really cool to do that with a hammer.
Ralph May:I know you gotta use Yeah.
Corey Ham:It does. You know what, Bronwen? You're absolutely right. Let me refactor this Python code for you. Alright.
Corey Ham:Alright. Anyway, let's move on because there's a lot of other articles to talk about. So what else happened last week? There was a pretty significant vulnerability in ServiceNow. That was kind of a I mean, we can kinda just quick hit through it.
Corey Ham:I think this is one where if you're if you're into the vulnerability responsible disclosure process, this is one of the most confusing ones I've ever seen. Essentially, like, ServiceNow messed up and created this hilariously bad API security bypass that just literally is like, oops. Some of the code we created doesn't require authentication. There's a parameter you just you know, that's there now that basically bypasses authentication.
Jason Haddix:Requires authentication equals true or false. Right.
Corey Ham:Which is like which is yeah. Correct. Which is like literally, by the way, if we're talking about APIs that are built specifically to be exploited by an AI, requires authentication true or false. Any AI model is gonna be like, maybe I should set that to false. But anyway
Ralph May:It
Wade Wells:works
Ralph May:if you set it to false.
Corey Ham:So essentially, this was a regression. They introduced this feature back in April. Then, they silently fixed it in early June. Then, people started talking about it on hacker one or on bug bounty programs, and then also on Reddit. Then, they claiming that it wasn't threat actors that picked it up.
Corey Ham:It was security researchers that picked it up and started exploiting it. And then someone published a blog about like, here's the threat actors that are exploiting it. But then ServiceNow was like, no. It wasn't threat actors. It was security researchers.
Corey Ham:So basically, this is one of those where like, they totally dropped the ball on the PR and the vulnerability disclosure thing, because I think they went from people being like, oh, that kinda sucks. Like, I'm glad you guys handled it to, like, we don't trust you anymore in, five minutes.
Wade Wells:Yeah. It it for for no reason.
John Strand:I know the conversations that happen in the background. It's like, we gotta keep this quiet, guys. Seriously, if we don't if we don't talk about it, the entire hacking community will not be able to figure this shit out. And, you know, what is the quote? Anytime you start thinking that way, it's time to lay down on the floor and reflect on your life choices.
John Strand:Right? I I I know I know you honestly truly don't know what's going on in the background. It it it kind of feels like maybe some lawyers got involved that didn't understand this space, and they were taking bad advice. I I'm not sure. But we see this every every, what, like, three months or so?
John Strand:We see something very similar.
Corey Ham:Oh, dude. It's every week now.
Wade Wells:It's been a theme. Yeah. Like, the past couple of security researchers. Right? The Microsoft guy who what was Correct.
Wade Wells:It's when we got a month until the Microsoft guy releases something that's gonna be world
Corey Ham:Earth shattering. World of Earth shattering. This I I think this is just the current vibe of things is like, number one, security researchers, previously unknown security researchers especially, are finding stuff that is hugely impactful and needs to be fixed. Also, they're finding a whole lot of garbage that doesn't need to be fixed. And all of it's being reported through the same channels, and every company is struggling to cope with that.
Corey Ham:This is not the first time we've talked about it on this show of security researchers that publish, basically, bug reports to the companies that are affected in addition to the actual responsible disclosure program that they're doing with the vendor. So then, like, basically, on June 3 or whatever, a bunch of security researchers submitted a bunch of vulnerability reports to a bunch of ServiceNow clients, and we're like, hey. You're vulnerable. And then that leads to this telephone game that just repeats back and forth.
John Strand:The other thing that's gonna happen with this, and I wanna get Jason's take on this because he's been in the game as long as I have. And anytime something like this happens and you see a vulnerability like this, it lights the fires. Like, they're they're going to get absolutely crawled by every every researcher that's out there, every attacker that's out there. And I, you know, I I think that a lot of companies that if their if their vulnerability disclosure program is this shitty right now, they better figure it out real quick because I I think the amount, the quality, and the number of vulnerabilities across the board have already we've already seen a significant uptick, and I think it's about to get really bad. But, Jason, I wanted to get your take on that too.
Jason Haddix:Yeah. I don't really wanna fault the the researcher. Right? Like, I I very much live in the world of, you know, don't hate the player, hate the game when it comes to vulnerability research and trying to make money from your hard earned bugs. Right?
Jason Haddix:Like, there's there's definitely been times where I've been on the back end of, you know, when I worked at BugCrowd where, you know, a Internet breaking bug comes out, and the researcher tries to work directly with the company, and they put them in a nine month cycle of remediation. They can't talk about their research. You know, they're also getting under, like, vastly underpaid for that bug. T shirts not Yeah. Good T shirts not good enough.
Jason Haddix:You know, maybe some pizza or something, you know.
John Strand:So thousand $347.
Jason Haddix:Yeah. And so and so and it's not every company. Right? There are better companies out there who do it right. And then so the researchers only hope is to submit it to all the programs they know use that technology and try to what we call farm it farm it out.
Jason Haddix:Right? And then the value add for those companies is like, oh, I get this vulnerability data before the before the vendor even, you know, gave it to me, and now maybe I can make it just in, you know, just in time patch or something like that or put something in the Cloud WAF or, you know, to block this LFI or whatever. And, you know, they get bleeding edge vulnerability data, but then they yell at their vendor. And they're like, you know, you've been working with this guy for six months, and we haven't heard of this vulnerability, and it's being actively exploited by people in the bug bounty community. Like, so it's it's all kinda broken, but I don't hate the I don't hate the vulnerability researcher for that.
Jason Haddix:Right? They're just trying to make some money. I mean, some of them do it pretty irresponsibly every once in a while. You know, like, full blast, full disclosure, would they haven't given the vendor, you know, even, like, a week or something? Like, I'm not behind that.
Jason Haddix:Right? But, like, if if you're being pulled around by multi billion dollar corporation and they're like, yeah, we're not, you know, like, like, the way Microsoft handled things. I know a lot of people work at Microsoft and they're my friends, but, you know, the way they handle vulnerability disclosure in the last, like, you know, year has been so long tailed and they've NA'd, like, not applicable, like, a ton of really good bugs I've seen from really good researchers. People either give up on their program or go full disclosure, and that's that's kinda how it is right now. And it's just gonna get worse, like John said.
Jason Haddix:Right? Like, with the advent of AI, the one thing that, you know, like, us using it here, and I'm sure you guys using it there, what I'm finding is that we thought we were assessing a good part of the Internet and, like, no, we were not. Like, there, we are finding such basic bugs just because the scale that AI gets us to is it can look at every line of code, every line of JavaScript, every API call, where my monkey brain will, like, miss a piece or, you know, something like that. And and so, yeah. I mean, this year is this year into next year is gonna be crazy.
Wade Wells:Oh, no. No. It's fine. We fixed it.
Corey Ham:There there's no Mythos anymore. We fixed it. It's fine. Yeah.
Jason Haddix:You don't need a Mythos for this stuff. You don't need a Mythos. I don't know.
John Strand:No. Just a scale game. So, Jason, I wanna pull on that thread.
Wade Wells:Yeah. So I
John Strand:was at a conference in England two week last week, two weeks ago, whenever. And we were talking there was a guy I was talking to in the hallway, and he was from a vendor. Right? And we were talking about bug bounty programs and how there's a lot of chaos right now in the bug bounty world because of AI. And his take was kind of interesting.
John Strand:He said this is effectively going to kill all of these different vulnerability researchers that are using these bug bounty programs for a living. And his quote was, it couldn't happen to a better group of guys. Like, he clearly hated the vulnerability research community, and I know that they can be honest. But here's you know, the things that we've been talking about today, I and I want you to kind of, like like, pull on this a little bit more because you kind of addressed it. If you're looking at all of these people that are out there with amazing deep skills at finding vulnerabilities, and you think that just because Mythos or whatever out there is finding more vulnerabilities, that they're now going to just, like, go, well, screw it.
John Strand:I guess all the skills I've developed over the past x number of years no longer. I I'm gonna I'm now going to start digging holes and promptly put myself in them. I think you're I think you're underestimating the vulnerability community.
Jason Haddix:And Oh, yeah.
John Strand:That's kind of me interpreting what you said correctly because you
Jason Haddix:That is that is a separate line. Yeah. I do I do this for I mean, I used to do
Wade Wells:it for a living.
John Strand:You're not like AI's rendering me rendering me useless. You
Jason Haddix:now No. No. No.
John Strand:Call it a farm or a fleet of AI agents that are basically replicating what you do? Can you talk more about that as well?
Jason Haddix:Yeah. Sure. So, I mean, the words I've been using is is that the rich are gonna get richer. Right? So, every top rated bug bounty hunter I know right now or vulnerability researcher is just getting more and more gains because their methodology that they've been using that's been in their head and they probably haven't released anywhere except to directly to these companies, and hopefully that doesn't end up in a training data somewhere, that's that's not on the Internet.
Jason Haddix:It's not on the training data. Right? And it's really hard to reason through sometimes. It takes deep knowledge of some of the software in combining different types of bugs together. And, and so I just see all of my Bug Bounty friends who have integrated AI into their methodologies privately just winning more and more.
Jason Haddix:It does hurt the intro bug bounty hunter, because it seems like at the lower end, and the easier bugs, the more the less complex bugs, you know, are are more often to be duplicates just right now because AI can find those pretty easily. And so, you know, I don't have a solution to that honestly, but, all of our methodologies, you know, we've we've talked in classes, but they're you know, and then some on YouTube and stuff like that. But some of our deep, deep cut, you know, tricks and tips and stuff like that that are prompted into our fleet, we've never released anywhere. And so we still find, you know, really, really good stuff. And this is not like a single ODE in a single type of software.
Jason Haddix:This is a methodology of, you know, combining three JavaScript gadgets together to pop, like, a very complex s x x s s or ways to exploit. We were talking about GraphQL on the preshow. Right? And we have a bunch of really good GraphQL primitives that we use to do. It's not SQL injection, but it's SQL commanding and, and when we find certain functions from certain platforms.
Jason Haddix:And so, yeah. It's a you know, like I said, the rich are gonna get richer. I don't think they're gonna go anywhere. I think you're already seeing a lot of those bug bounty hunters try to productize their knowledge. Like several like, there was a I didn't see it in the show notes, there was a great blog on a guy who made $500,000 off of Google's vulnerability research program using AI and his personal methodology, and basically was exposing these API these corporate API keys to uncover all these internal Google admin services.
Jason Haddix:And he used AI to scale that knowledge and made, you know, $500,000. And then sub subsequently, like, over that time, also built a bot, you know, a set of, you know, AI agents that can do it automatically and is now a company. I forget what he calls his company. And so, really, I see a lot more of these. I mean, we're we're doing that right now.
Jason Haddix:We're taking all of our methodologies and putting them into autonomous prompts and our autonomous agents that use, like, prompt engineering, context engineering, harness engineering, and then, finding we are finding some amazing stuff, like, just just crazy. Well, we had a pre auth SSRF and an API that had been dormant for, like, six years, had been tested by every tier one pen testing vendor, web pen denting vendor. We found it last week, and, it feels good. Feels good to find that stuff and root it out for the customer. And,
Ralph May:yeah, we're talking to a a bunch of other pen testing consultancies, and a lot of them are are now just sitting on ODAs, so they have a lot of other, you know, undisclosed one of those. People are finding them like crazy. They you know, before, it used to be I could find one maybe once every three months, and now we're we I've got, like, 10 of them. Right? But the thing that we were we were talking about is that, like, you giving the to these vendors, like, they're they're handling the in the onslaught.
Ralph May:Right? Like, if you're like, I got 50 vulnerabilities all in your product. It's all garbage. And most of the time, these vulnerabilities are not like you weren't getting paid to go find them from the organization. Right?
Ralph May:You're if you're bug, you know, bug hunting, right, or looking for this outside, then, you know, the company's like, alright. Well, we'll get to it when we get to it. Right? So I think it you know, the other side of this is that, you know, we're finding so many vulnerabilities so fast. How do organizations actually handle that influx and actually do something about it?
Ralph May:Because before, they weren't doing something great per se, not every organization. And now if they 10 x what they got before, how do how do they deal with it? Right? So then how do you actually make what you they did and turn it into an actual securing of the product?
Corey Ham:And yeah. And I wanna hop in. I have two, know, things I wanna say. First of all, on that exact point, that's why people are pushing back on the Fable five ban more so than, oh, sad bug bounty hunters won't be able to bounty as hard. It's more because defenders Give
Jason Haddix:it to the defenders.
Corey Ham:Yeah. The defenders need these powerful models just as badly as anyone else, maybe even more. Because if you are the developer of software, like, let's say you code a password manager for a living, you want a really good model to dig into that. You you don't wanna just be like, Haiku, go fix this bug in our production, you know, used by hundreds of millions of users. Right?
Bronwen Aker:Like Why not? If it can do the job
Wade Wells:I will say idea. I will comment on, like, one thing I thought Jason was talking about, like, more of the black box pen testing with with agents. Like, you give them, like, you give them prompts and stuff like that. But what I'm finding with defenders, right, it's very much, like, the the rich are getting richer. The people who have all the documentation are just getting way better.
Wade Wells:Right? If you have the all the documentation on your network, all your log sources, all your detections, and your AI is just ramping up through that. Like, I I like I I I I hesitate to say this. It's like a cheat code. Right?
Wade Wells:Like, these video this video game has like, the game of blue teaming has become a video game. I'm putting in these cheat codes. I'm getting kinda bored sometimes because the cheat codes are so good. And I'm like, what am I doing now? Like, I have to go find another passion.
Wade Wells:It's like getting unlimited ammo, and I'm just able to, oh, I don't need to tune that detection anymore and, like, have to make the PR. I can just push the agent too because of this tuning agent that I have knows exactly my environment and where where do you go. And that gets a guess.
Bronwen Aker:I'll pull the o g card here for a because this is not the first disruptive technology ride I've been through. First one was, believe it or not, desktop publishing. And the second one oh my god. My lens is blurry. Sorry about that.
Bronwen Aker:The second one was web development when the web first came out. And in both instances, I because I knew how to do page layout manually. Before desktop publishing came out, I actually worked for a textbook publication house, and we took the raw manuscript, and we turned it into four color separated film that went out to the publisher. But, again, this is this is back in the days before desktop publishing and all that. Because I know the rules of page layout, when desktop publishing came along, I was able to use it better than someone just starting off from scratch.
Bronwen Aker:And that information translated over when I got into web development. So what Wade was describing about how skilled professionals are taking these AIs and taking them to the next level. And what Jason was saying, this is not a surprise. If you already have domain knowledge, if you already have demonstrable skills in these areas, you're far better off to leverage this new tool to get those outstanding results than any vibe coder will ever be.
Wade Wells:I'm I'm really scared for next generational stuff where the like, I feel like it's so easy nowadays that people are just gonna lean on it too heavy, right? And like we said, it's a lot harder to get entry level jobs right now via because of all this. And a lot of people think that you're gonna be able to automate them. And I I am a clear believer thinking like we can, but there's a lot of corporate overlords who don't believe that we need to bring this next level up. But that next level also needs to actually learn not to trust the AI and not just to provide me slop all the time when I'm asking for Yeah, which is another learning curve.
Wade Wells:Way I
John Strand:think that we're headed with this, you know, we talk about this a lot on a number of different webcasts and things, is I think that p I I think that the entire security community is becoming more professional. And what I mean by that is if you're gonna be an engineer, right, you can't just jump right out of high school and become an engineer. I'm sure that people had the technical ability. They had the skills. They could absolutely do that.
John Strand:There's now a defined pathway where you're going to go to college. You're gonna get a degree. You're gonna pass an exam to get an EIT, and then you're gonna work underneath an engineer, and then you're gonna take another test to get your principal engineer or PE to be able to do it. And that is the pathway that you see people go from college to being able to engineer a bridge that if they screw up, someone dies. And my I don't know if it's a fear.
John Strand:You can take it however you want. Right? But what I think is going to happen to the industry is more that model where you're going to have companies that are gonna make a very conscious decision about who they're hiring, who they're gonna bring in as a mentee, and who they're going to put money, time, resources, and training into to get them to the point where they're an advanced enough security engineer that they can trust it with their AI models, that they can trust it if that's in their organization. And once again, I don't know if that's a good thing or a bad thing, but I do know we have some interns that we get that are absolutely light years ahead of any of the other interns that we look at. And I think that those are the people that are gonna get snatched up and pulled into the industry.
John Strand:Now where this gets problematic, I think, is in the security community. For years, we had people that maybe didn't have a traditional path. Like, they didn't go to college. Some of them don't even have high school degrees, and they had amazing technical skills. And a lot of those technical skills, the entire backs of the entire industry is built on some of the things that those people put into it.
John Strand:So I think that we are going to lose something, but I agree. Just this thing of just hiring thousands and thousands and thousands of people, sending them through training, and then hoping for the best that all of a sudden we're gonna get some good security engineers, I do think those days are over.
Jason Haddix:I think I actually view it pretty oppositely, honestly, at least for at least for our plans. Right? We we plan to grow our consultancy through juniors who get trained by the agents, actually. So so our thing internally is called Armada.
John Strand:But, Jason, we've always been very selective about the juniors you bring in. Right?
Jason Haddix:That's true. Yeah.
Alex Minster:Yeah.
John Strand:Yeah. You're not bringing in just anybody that, you know, got, like, a 3.8 in a computer science, like, program.
Wade Wells:What? You're talking about me?
John Strand:What? And they're like, I I will try real hard, and I'm a quick learner. Like, I I I know you. I know the people that grab
Corey Ham:I know Microsoft Word too, dude. Don't forget that. It's a yeah. I need it.
Jason Haddix:Yeah. It's always been with me less about less about technical skills. The technical skills can be taught most of the time. It's work ethic. For me, it's work ethic.
Jason Haddix:And so Yeah. That's what I'm looking for for those interns. Right? And, you know, like, I am hoping to go the white hat model, which I don't know how many of you have been around have been around in, like, the white hat days. A white hat basically had the Threat Research Center, which was a bunch of kids they took out of college who were interns and who ran their scanner and validated scanner results as their first tiptoe into cybersecurity and learned one domain at a time.
Jason Haddix:So, like, cross site scripting, they were a website company. So cross site scripting, SQL injection, LFI, all these things. Right? And they learned it from the ground up by using the scanner validating real world loans that the scanner found, trying to figure out if it worked or not, and working with some seniors and doing some training. And then you would rotate those juniors, those interns who had a tremendous work ethic onto another vulnerability class until they had been through all 17 vulnerability classes, and they were a senior at that point.
Jason Haddix:And, and so now, I think that there's a world where we can use agents to help train as well as seniors to help train and still bring in juniors who have tremendous work ethic to do, really hardcore security work.
Corey Ham:Oh, I totally agree.
Bronwen Aker:We're talking. Minor minor segue here. One of the things that I found out about yesterday as well is Anthropic is opening up a project specifically for people who are brand new to the workforce. And, I've shared the link. It's the the Claude Core.
Bronwen Aker:The idea is they're they're looking for interns that they want to teach advanced AI skills to and place them with nonprofit organizations. So
Corey Ham:That's a cool program. That's actually really interesting. Yeah. So, yeah, I mean, I I I have a couple, you know, responses. First of all, on Jason's kind of, like, strategy and, honestly, in general, for thinking about, like, hiring.
Corey Ham:My personal opinion is right now, bug bounty hunters are positioned with more leverage than they've ever had in the past. Bug bounty hunters are the people like, you know, it's like the goes back to the old Bill Gates, you know, adage of, like, give a lazy engineer the job, and it'll get done twice as fast for half as much money or whatever. I think that's kind of where we're at, where bug bounty hunters fell into AI because it's super efficient and helps save them time and money. But, also, now they're the experts when it comes to harness engineering, prompt engineering. They're the ones, like, now if you're a company looking to beef up your security program and you wanna hire someone who's really good at using AI, it's probably a bug bounty hunter.
Corey Ham:Right? Because not to say that, like, the corporate security people got left in the dust, but a lot of corporations drag their feet on getting models adopted, getting approvals, getting GRC, and all that stuff. Bug bounty hunters have been living this stuff since it came out and probably have some of the more mature workflows and methodologies that are also super efficient. Because if you're paying your own bills, it's gonna be more efficient. And I think, like, if you're a bug bounty hunter listening to this and you know how to do this stuff and you know how to use AI, you should go try to leverage that into a job where some company is trying to fix its vulnerabilities and discover them with AI because you know how to do it.
Corey Ham:That's my hot take because I like, at least me on the pentesting side, I've always viewed it as kind of a separate skill set. Like, bug there's bug bounty and there's pentest. But right now, those two skillsets are getting those two skill sets are getting smashed together, like, a 100%. Like, I'm a bug bounty hunter now. I don't really know what I'm doing, but I'm finding bugs all over the place, and every other pen tester is having the same experience because you can.
Corey Ham:Because you can. Like, what used to be, oh, I don't know how to decompile dot net and find a vulnerability to c sharp app. Now that's like five minutes in a a dream with Claude. So that's what we've done it three times in the last two weeks of like, a client has source code disclosure of some type. We turn that into a vulnerability in an app that we've never analyzed before because AI can read the source code.
Corey Ham:So I think that's, like, if you are a bug bounty hunter, use this opportunity. Maybe that changes over time. Like, maybe, you know, over time, pen testers and security folks are gonna get better with the AI. But right now, I think the probably the number one experts out there are gonna be the bug bounty hunters. I could be wrong.
John Strand:But I do but I do also think the entire bug bounty system needs to modernize and be able to keep up with the amount of vulnerabilities that are coming in. I think it was
Jason Haddix:already gotta figure something out.
Corey Ham:Oh, yeah. For sure. But the point is if can go if you can go get a corporate job and leave the, you know, HackerOne's, you know, single submission type workflow behind, I feel like you should. But I don't know. Anyway
Jason Haddix:Lot of the top ones are already at places where they're they're doing both. Right? They don't wanna give either up. So they're they're working at, like, a Tesla or, you know, you know, whatever, and they're they're already making their $500,000 a year bag plus bounties on the side, and they build it into their, you know, their contracts saying that they can still moonlight and still debug bounties and stuff like that. That that's still something like that.
Jason Haddix:But I I think you I think John is right also, you know, like, we kinda moved away from this topic. It's like, what is the solution for companies that are just getting destroyed with submissions? Even if they're a good company, they want to reward people. They wanna reward them fast, but they just don't have enough people, and it's gotta be fight fire with fire and use automated AI triage tools, backed by human operators. Right?
Jason Haddix:And you're either gonna subscribe to those human operators through the platform you use for your bug bounty, or you're going to start to have to build, you know, another group of operators internally at the organization who, you know, sifts through all of that. And, you're gonna need somebody to build that system too. So, there's like different jobs that are gonna pop up inside of vulnerability management, which both Bug Bounty and, you know, vulnerability disclosure is part of, and there'll be, like, AI engineering jobs. And so I I tell everyone I know, no matter what part of security they're in, learn this stuff. Learn how to do some AI engineering.
Jason Haddix:Learn what a harness is. Learn how it works. Like, learn what agents are. Learn how to prompt agents. Learn how to make skills.
Jason Haddix:And, like, you know, if you can do some of that, you might be that person at that organization who's invaluable in building, you know, the vulnerability management workflow, you know, that auto triage is bug bounty stuff and forwards the emails to the right people and connects them to assets and ServiceNow and, like, all this stuff. That person is so never out of a job. No matter what AI does, there's gonna be the integrators who put all this stuff together, and, that's the person you wanna be, honestly. So
Corey Ham:That's alright. Let's do some oh, go ahead, Wade. Do have a take?
Wade Wells:I was gonna say that's what I found, like, as a detection engineer. Right? I kinda, like, had this epiphany where it almost felt like my job's going away, where it's like I'm becoming a knowledge shepherd or, like, a data shepherd where how do I best connect the AI to things in the most secure way and give it provided the knowledge it does to become a detection engineer, which
Corey Ham:Yeah.
Wade Wells:Little say. Well, that's
Corey Ham:that's called harness engineering, I guess. Yeah. Exactly. But yeah. I mean, that's what you know, companies are asking, like, how do we what do we do?
Corey Ham:And I'm just like, get use AI safely and in in a way that matches your goals. Like, that's basically all you can do. You there's no silver bullet. Just like there never has been. There's no like, oh, we just have to buy this tool, and it does it for you.
Corey Ham:Like, no. That's not a thing.
Jason Haddix:I mean, I'm sure you guys you guys do this too. But one of our assessments is basically we onboard from the client, and we we walk through what they do day to day. And we're like, cool. You could use AI for this. Cool.
Jason Haddix:You could use AI for this too. Cool. You could use AI. And then here's the one guy who knows AI enough on your team to run all this, and then the other people need to be trained up, and here's how you train them up. And then they're, like, you know, 20% more effective on their, you know, SOC or detection engineering or or whatever.
Jason Haddix:And I'm not saying that it, like, replaces everybody, but, like, you know, corporations are, like, super far behind, at least in in our experience. Like, you walk in there, and they're barely getting access to Copilot, which is, like, you know, it's not a bad model, but it's also not a good model. And, you know, its agentic capabilities are, you know, they're kind of on the lower tier. And and so, you know, everyone's still catching up. Like, everyone on this call who's talking about AI, now that I've listened to, everyone's kinda, like, where they are.
Jason Haddix:Like, you don't remember it when you're talking about this stuff, but you're at the you're, like, in the top eight percentile of, like, engineers working with this tech right now. The rest of
Wade Wells:the world
Corey Ham:is still catching up.
Jason Haddix:Like, you know, you ask anybody out on the street about, like, what Claude code is, and they're like, I don't know.
Corey Ham:Yeah. No, I agree with that. Double down. I
Ralph May:saw someone else speak about that. And they were just like, you know how slow businesses operate?
Jason Haddix:Yeah.
Ralph May:Like, you do you
Corey Ham:think that they're just,
Wade Wells:like, rolling this out tomorrow?
Ralph May:I mean, sure. There are some.
Jason Haddix:There are some, but
Corey Ham:not not fast.
Ralph May:That that's just to your point. I agree.
John Strand:And and that gets into something we've talked about on the show before. Like, it's we're moving the bottlenecks. Right? The one that I keep hearing and I keep I I like rephrasing is, like, literally, if a company could develop code a thousand times faster, it doesn't mean that they're gonna be developing a thousand times faster the code on the on the ass end. You still have to go through QC, QA.
John Strand:You got a requirements driver the security stuff. You got a lot that you have to do. And all of that work still has to be there. Right? And it's not like it's all, like, end to end AI, and everything just pops out super quick.
John Strand:You're always gonna have that bottleneck that's gonna get moved to someplace.
Corey Ham:And if you don't, you're gonna have just impending disaster. So
John Strand:Okay. So that's that's a whole another part of it for sure.
Corey Ham:Yeah. Let's run through some quick hits real quick. We talked about the ServiceNow thing. There was Oracle zero day.
Jason Haddix:On the ServiceNow thing? One thing before we go from the ServiceNow thing. If any of you pen testers out, because I know a lot of your, you know, your audience pen testers. So from our methodology, I'll just give it up. Service ServiceNow widgets have individually scoped authorization.
Jason Haddix:So when you get a pen test, it's on the ServiceNow platform, and it's a self hosted version, either the government version or somebody else is self hosting it. Even some of the cloud versions that don't get up very quick now, look at the service widgets. And if they have the same access control as the regular API, we have been able to wreck some of these ServiceNow implementations. They're using their service widgets, where they had no auth applied to them, and we were able to pull out customer data from the service widgets. So that's just a quick tip for the pen testers out there.
Corey Ham:Nice. And like John said, the fires have been lit.
John Strand:The fires
Corey Ham:The the writing is on the wall. The smoke is in the air. You know that this regression probably wasn't the only mistake this development team made in the last six months.
John Strand:I'm gonna call it the Adobe effect. Like, you know, I I go back to the first company I realized this was Adobe, and people found all those vulnerabilities and all the different compression algorithms and things that it was using. And it was like every security researcher. I remember I was at DEFCON, and somebody was like, oh, I got a zero date for Adobe. And the other guy that I was with was a black badge person.
John Strand:And he was like, who doesn't? Yeah.
Wade Wells:Like
Jason Haddix:Yeah. I saw I saw Ralph with the Atreus shirt on. And I met I remember Val Smith and Chris Gates did the it was like an LFI in the login page of cold fusion at one point. And like, there was an LFI that you could just, like, pre auth, like, break the whole thing. It was amazing.
Jason Haddix:Like, those are the days.
Corey Ham:Yeah. I mean, it's like we went from what's a principal or to, like, 18,000 principal or vulnerabilities. Like,
Wade Wells:month.
Corey Ham:It was like, principal or what's that? Ah, here's ten zero days. Oops.
Ralph May:I can't believe they didn't fix it fast enough.
Wade Wells:Yeah. Yeah. Alright.
Corey Ham:Yeah. So some other quick hits. There was the shiny hunters hit a 100 plus universities with an Oracle zero day. This is basically the same story we just talked about with ServiceNow. It's just Oracle instead of ServiceNow.
John Strand:Yeah. But we have a lot less sympathy for Oracle than we do at ServiceNow.
Corey Ham:So That's correct. Yeah. Yeah. That's true. Yeah.
Corey Ham:There's a CVSS
Bronwen Aker:We have Sorry. CVSS now?
Corey Ham:There's a CVSS nine point eight, sixty eight percent of victims, unauthenticated RCE classic. There's supply chain stuff. There's some pretty brutal stuff happening in the arch Arch if you're an Arch Linux person. Oh, the Arch thing. Yeah.
Corey Ham:I I mean, it's like, again, if you're if you're using Arch Linux, it is its own supply chain risk. It it breaks itself on like, no security stuff. It just breaks itself for functionality reasons. But
Alex Minster:It's how you learn.
Corey Ham:It's how you learn. Yeah. Basically, this is kind of a unique one. But essentially, in Arch, there's these Arch user maintained repositories, and they essentially, unfortunately, have a setting or a configuration that they if they're unused, they can be taken over by someone. And this week or last week, someone decided to start taking them over and putting rust info stealers in them.
Wade Wells:This
Corey Ham:I'm guessing the the total We taste.
Wade Wells:This I was about to say they must be a fan of the podcast if they're using Rust.
John Strand:Before the before the AI wave, I think that this would have been, like, one of the leading stories. I I the idea of what is it?
Corey Ham:I don't know. I mean, dude, at the end of the day, how many users does this affect? Three people with Chromebooks that cost $40 each? What? Chromebooks?
John Strand:Funny free packages, guys.
Jason Haddix:That's crazy.
Corey Ham:But yeah. But the package is like Ted's weather machine or something, and it's like a curses a curses interface for some API that doesn't exist. I mean, I don't know. Wasn't this like a third party package management? Correct.
Corey Ham:It's a it's a third party user maintained package
Wade Wells:Yeah.
Corey Ham:For Arch. So it's like Bloom, that was lowest risk product. Yeah. It was it's not like
Ralph May:you're you're like, what is what is Arch's update? A u r.
Wade Wells:Yeah. AUR. Yeah. It's not like you're typing AUR, and, you know, automatically, you're you're getting,
Ralph May:you know, pwned. Right? So
Corey Ham:Correct. That's right. Yeah. I mean, don't get me wrong. It's a very unique attack.
Corey Ham:It's also a if you're a if you're a maintainer of an open source project of any kind, you need to make sure that that project's protected in some way, shape, or form. The email can't be registered. The domain can't be registered. Or in this case, that you don't just have random permissions that allow takeovers.
Ralph May:Now if you did this for Brew, we'd all be screwed.
Jason Haddix:Yeah. That's
Corey Ham:But we we can look
John Strand:at this. Once again, this is a harbinger. Right? We're seeing NPM package vulnerabilities that are the exploits coming in supply chain. This is just another click in the wheel.
John Strand:Once again, think if you look at this just exclusively through the lens of Arch, it's kinda funny. But if you start looking at this in the grander scheme of things, so these larger open source ecosystems like you said with multiple contributors, this actually is starting to get a little bit scary. And there's a bunch of companies that are starting to ask questions. Like, they're starting to seriously think about, before we roll out patches, do we wanna let this sit for a couple of months to make sure that there's not vulnerabilities that are hitting production mainline code. And we're going right back to 2005 again, where people are like, let's take all of our patches, sit on them for three months, make sure nothing bad happened, and then roll them in.
John Strand:And that is a bad call. So like I said, if it's just art, yes. It's not that interesting. But if you look at this again like Mythos and everything else, this is the universe we're moving into. And I don't think most companies are ready for it
Ralph May:at all.
Corey Ham:Well, the supply chain risk, if we're talk like, you know, if we're talking actionable supply chain stuff you can do now that most companies aren't covering, supply chain risk is through AI installing MCPs, packages, or other things that the user didn't necessarily know about or consent to. Yeah. You're talking about our problem. Risk.
Wade Wells:Yeah. What
Ralph May:so what do you guys what do you
Wade Wells:guys just take? Right? Always turn on auto update because AI vulnerabilities are creating vulnerabilities really fast or always turn it off because supply chain and they're gonna get me in that new update. Right? Oh, well,
Corey Ham:I'm gonna hit you. I'm gonna hit you with here's here's what you should actually do. It's the same thing as do I use dangerously skip permissions or YOLO mode, or do I manually approve every prompt? The answer is you should use a classification system where, for example, with patches, you can have a system that runs a patch, runs a regression, does whatever you wanna do, and make sure that it doesn't have supply chain concerns before you apply it. So basically, the answer is AI.
Wade Wells:What the hell? But that's another word, Zach.
Ralph May:I'm interested. If I'm with AI, you're gonna solve it with AI. Got it.
Jason Haddix:I'm interested for first party packages and, like, imports and stuff like that. Like, we recently refactored our, soon reach to add the more core style attack where you take over, like, a regular developer's account and they have access to Cloud Code with an MCP. What can they exfiltrate from that? And then from the external perspective on our red teams, we include now dependency hijacking. And so we'll go through all the JavaScript of every site on the Internet that that customer owns to find first party stuff that we can dependence that we can use with dependency, confusion.
Jason Haddix:And in the last two red teams, we have found first party packages that were the customers that were never referenced, and then we asked them to go audit internally. You know, if we register this on NPM, will you you know, are your is your setup set up to, like, download and import from local or from external? And it was set up to basically pull from external. So we could have backdoor, you know, an MTM package of theirs, their first party code. Are you guys, you know, seeing that in Red Team stuff?
Jason Haddix:Are you guys going going there at all?
Corey Ham:We I would say it's very early phases for us. We are not it's not I don't think we're as mature as you guys. But, definitely, what we are doing is making sure our clients have like, basically, don't allow all MCPs. Like, that's honestly the biggest checkbox is like an MCP is a c two server. Like It is.
Corey Ham:Functional. Yeah. For for all intents and purposes. If you if you allow your users to access Claude coworker code and you allow unrestricted MCP installs, I can get code execution on your workstations. I guarantee you.
Wade Wells:The thing is it's it's not hard to host one on your own server or host one on, like, the local MCPs. Like, I have seen enough bypasses in order to Yeah. Well, living off the AI stuff is, like, starting to freak me out, to tell you
Corey Ham:the truth. Living off AI. Yes. As far as emulating supply chain attacks, I mean, that's an awesome like, I'm I'm literally taking notes. I'm gonna go do that right after this.
Corey Ham:Yeah. But no. But I I would say, it should a little too.
Jason Haddix:We find we find the most in in, like, deeply embedded JavaScript files and chunks that we we never thought we would find them in, and they're referenced somewhere in there. Yeah. For sure.
Corey Ham:That's awesome. So on a more depressing note, Glock is gonna add apparently Bluetooth tracking to their license plate reader cameras that they have, which is god. Just a huge Bluetooth. It's a huge bummer because I was looking
Jason Haddix:Like, how
John Strand:can we piss people off more?
Alex Minster:Yeah. And I I I've been doing a I've been doing a a certain amount of work in looking at the the flock devices, you know, really what can be done about this. I took a I I took a a half moment to be like, Well, can't we just do like the Bluetooth spam and fill up their registers? And no, that's not going to work. But it was one of the things that I thought about with my Bluetooth usage and an angle that I think would have some teeth is going to be Bluetooth devices such as this, like hearing aids.
Alex Minster:But now you go from surveillance is bad to going to, now you have an organization that is forcibly disclosing medical conditions of disabled Americans without consent and without warrant. Like, you have ADA violations, you have Fourth Amendment violations. Like, I still believe in, like, that you can, and you have these medical manufacturer companies that they have money. They can sit there and say, You will not use our devices for government surveillance in order to track where people are going, what they're doing, and you're forcibly disclosing these things. There's all sorts of violations around this.
Alex Minster:All sorts of individuals out there with medical devices, are those being used to correlate to an individual? Yeah. And I think that's something that, if anybody that's, you know, a fan of the EFF or EFF is listening in, that's something that would have traction and have some teeth because that can be documentable harm.
Corey Ham:Yeah. I mean, this is real bad. Like, obviously, the flock stuff, if you have if you don't aren't familiar, it's essentially mass surveillance and very thin security. The kind of additional feature that they're talking about here in this four zero four media article is basically the ability to track and cluster Bluetooth devices, which if you're thinking, oh, well, my iPhone randomizes its Bluetooth address. Unfortunately, your air your AirPods don't.
Corey Ham:Your watch doesn't. Your hearing aids don't. Your like, all the other devices you have don't randomize their Bluetooth addresses, and so you can be also, your car has Bluetooth, by the way. Essentially, Bluetooth is very ripe for this kind of surveillance, unfortunately.
Bronwen Aker:It it's not even just Bluetooth devices. They're also tagging RFID tags for key cards and pet microchips, and they're also tracking
Alex Minster:pressure monitors.
Bronwen Aker:Wi Fi sources. So Yep. Now with all of the smart cars, they bleed both Bluetooth and Wi Fi.
Corey Ham:Yep.
Bronwen Aker:So the it's it's so much more than just the Bluetooth. And the the potential for detailed profiling, detailed tracking, the invasion of privacy is insane.
Alex Minster:Well and and the and all the, you know, basically, misuse. Like, I'm keeping track of, just in just in my state, like, the number of instances to where it's, yet another case where, you know, somebody's been get arrested
Corey Ham:for looking up their ex. Yeah.
Alex Minster:Looking up their ex, this is just still going to, become a problem. I think it grows out of kind of that sidestep. I saw this with some of the OSINT work that I did before, that, well, law enforcement can't do these types of lookups, but they can ask an OSINT organization to put these things together and then get it from that organization as kind of an end around. Think same type of thing here. You can't directly surveil people, but this is law enforcement's like dream to have this type of information.
Alex Minster:But they go, well, we're not collecting it. We have a private company that's collecting it, and we just have this contract partnership with them.
Corey Ham:So we're adding we're basically advocating right now for adding Bluetooth to all medical devices. Well,
Bronwen Aker:you know, this is again, it's that same catch 22. I love the shinies, but I hate it. My grandmother had a a defibrillator pacemaker, and the settings were adjusted using Bluetooth. And I cringe when I think about the possibility that because medical organizations suck so badly at basic security features, what if somebody hacked her pacer? I mean, she could she could be murdered by somebody hacking her pacer in front of me, and I would be powerless to do anything other than provide CPR.
Corey Ham:So basically, the medical companies have now become the the villains have become our best advocate for why this shouldn't be a thing, essentially.
Wade Wells:On a lighter note, I didn't realize that it was pacemaker until I was, like, well into my twenties, and I thought it was pacemaker, and that it was making something to put into you.
Corey Ham:You're like, just making paste
Bronwen Aker:that's in your heart.
Wade Wells:Don't know.
Bronwen Aker:Sorry, Will. Go find your own source for white glue paste.
Wade Wells:Yeah.
Jason Haddix:It's it's so funny. One of one of my first, pen test, jobs was a was a company, and one of their clients was a, a life alert type vendor. And so we were doing web testing, and I didn't really I didn't really had experience yet with how bad kind of the security spend in in, like, the medical industry was, like, how they just don't get any security support. Sometimes there's not even security teams associated with these companies. But I found, like, this API, and I was like, cool.
Jason Haddix:Well, you know, my job is to figure out, like, how this API works. So I'm, like, fuzzing this API, and I get a call from this custom from the customer, and they're like they're like, hey. This isn't supposed to happen, but basically, every pager in the greater Los Angeles area for elderly people said that they all fell down at one time. Is it you? And I was like, well, let's figure it out because I found this really cool API that shouldn't be on the Internet with no authorization.
John Strand:Jason, what's the name of the API? Fall
Corey Ham:I don't. Wires. It didn't have, like, it
Jason Haddix:didn't have anything that I would have recognized as, like, you know, like, set off all of the, you know, alert alert pendants, you know,
Corey Ham:why is
Wade Wells:that a function?
Corey Ham:I see this. I don't
John Strand:know. For Devin, let's find
Alex Minster:out.
Jason Haddix:Yeah, exactly. Yeah. I mean, that's what happens sometimes.
Wade Wells:Right, buddy. Thank you so much
John Strand:for coming, everyone. Jason, you you're keynoting the summit coming up this Wednesday.
Jason Haddix:Yes. Correct.
John Strand:And, Wade, you're presenting too, aren't you?
Wade Wells:I'm teaching. I'm teaching next week. This is gonna be the first time I'm teaching the CTI course two days online, so that'll be really fun.
John Strand:Fantastic. And, Jason, take a couple of minutes and talk about your company and your training as well.
Jason Haddix:Yeah. Absolutely. So, my company is Arcanum Information Security. We do kind of the same things. We do pen testing.
Jason Haddix:We do offensive security services. But right now, we're very deep into the AI world and testing AI applications. So, your company, you know, plops in AI features or a chatbot onto, you know, your application. We have built a methodology to test that, and we do a lot of that right now. So what my talk is, at the Threat Hunting Summit, there, is, is basically the inverse of my attacking AI course.
Jason Haddix:And so, I go through all of the things that basically make me angry when customers do them right on all of our AI pentests, we call them. So it's things like guardrails, you know, open source guardrails, open source classifiers, model based routing, threat hunting through, threat hunting through inference logs rather than regular logs. And so we're gonna talk a little bit about, all those things and a whole bunch of musings and, and case studies where we've gotten stymied and, stuff like that. And I think it'll be helpful for defenders to know what options they have available for them, with all these new AI things that they're having to turn on because there's, you know, their CEO says turn on AI or whatever. So yeah.
Corey Ham:That's awesome. It basically addresses what we were talking about half the episode.
Jason Haddix:We'll see. Yeah. I mean, we're we're gonna do our best. So
Wade Wells:Fuck on.
John Strand:Alright. Thanks, everybody. We'll see you next week.