Talkin' Bout [Infosec] News | Breach Disclosure Lag is Worse Than Ever

This episode covers the rising costs and restrictions surrounding AI agents, including token consumption, model access policies, and the growing dependence on AI tools for security work. The hosts discuss Troy Hunt’s retrospective on Have I Been Pwned reaching its 1,000th tracked breach, examining why breach disclosures appear to be slowing and how GDPR and CCPA requirements affect notification practices. Additional topics include password and email hygiene, the value of breach-notification services, AI infrastructure and data center costs, and new research mapping AI-enabled cyber threats to the MITRE ATT&CK framework.

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

(00:00) - PreShow Banter™ — Token Love
(05:11) - Breach Disclosure is Lag Worse Than Ever – 2026-06-08
(11:25) - Story #1 - Anthropic ‘plants’ engineers at NSA despite facing ban by Pentagon
(20:59) - Story #2 - A new service branch could be joining the U.S. Armed Forces family
(25:47) - Story #3 - Websites have a new way to spy on visitors: Analyzing their SSD activity
(31:11) - Story #4 - The Quiet Numbers Station: Decoding Nineteen Years of GPS Cryptography
(37:21) - Story #5 - 1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever
(43:23) - Story #6 - Mapping AI-enabled cyber threats: Insights from the LLM ATT&CK Navigator
(48:00) - Story #7 - Anthropic confidentially files IPO prospectus with SEC, prepping Wall Street for landmark AI deal
(01:02:26) - Story #8 - Microsoft Wants to 'Make People Addicted' to its New AI Assistant, Internal Documents Reveal
(01:03:29) - Story #9 - Amazon Shuts Down Internal AI Leaderboard After Employees Cheated
(01:04:57) - ANTI-CAST : RF Attacks Every InfoSec Pro Should Know with Paul Clark
(01:05:54) - Workshop: Build Your Own AI Security Agent
(01:06:43) - Training: Agentic AI for Threat Hunting
(01:07:16) - Training: Cyber Threat Intelligence 101 2-Day Version
(01:08:58) - ANTI-CAST: Prompt Engineering 201: The Context Stack w/ Bronwen Aker

Links
Story #1 - Anthropic ‘plants’ engineers at NSA despite facing ban by Pentagon
Story #2 - A new service branch could be joining the U.S. Armed Forces family
Story #3 - Websites have a new way to spy on visitors: Analyzing their SSD activity
Story #4 - The Quiet Numbers Station: Decoding Nineteen Years of GPS Cryptography
Story #5 - Russia Has Been Jamming GPS from Space Since 2019
Story #6 - Mapping AI-enabled cyber threats: Insights from the LLM AT&T&CK Navigator
Story #7 - Anthropic confidentially files IPO prospectus with SEC, prepping Wall Street for landmark AI deal
Story #8 - Microsoft Wants to ‘Make People Addicted’ to its New AI Assistant, Internal Documents Reveal
Story #9 - Amazon Shuts Down Internal AI Leaderboard After Employees Cheated
ANTI-CAST : RF Attacks Every InfoSec Pro Should Know with Paul Clark
Workshop: Build Your Own AI Security Agent
Workshop: Intro to SDR Hacking: Capture, Decode, Take Over
Training: Agentic AI for Threat Hunting
Training: Cyber Threat Intelligence 101 2-Day Version
ANTI-CAST: Prompt Engineering 201: The Context Stack w/ Bronwen Aker

Click here to watch this episode on YouTube.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Creators and Guests

Host

Bronwen Aker

Bronwen Aker is a BHIS Technical Editor who joined full-time in 2022 after years of contract work, bringing decades of web development and technical training experience to her roles in editing pentest reports, enhancing QA/QC processes, and improving public websites, and who enjoys sci-fi/fantasy, Animal Crossing, and dogs outside of work.

Host

Corey Ham

Corey Ham has been with Black Hills Information Security (BHIS) since 2021 delivering red teaming and OSINT services. Currently, Corey leads the ANTISOC team at BHIS, providing subscription-based continuous red teaming to BHIS clients. Outside of his time at BHIS, you can find him out in the woods or up on a mountain somewhere.

Host

John Strand

John Strand has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry-shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks.

Host

Ralph May

Ralph is a U.S. Army veteran and former DoD contractor who supported the United States Special Operations Command (USSOCOM) with information security challenges and threat actor simulations. Over the past decade, he has provided offensive security services at Optiv Security and Black Hills Information Security (BHIS) across various industries. His expertise spans network, physical, and wireless penetration testing, social engineering, and advanced adversarial emulation through red and purple team assessments. Ralph has developed several tools, including Bitor (set to release in January 2025) and Warhorse, which enhance efficiency in penetration testing infrastructure and operations. He has spoken at numerous conferences, including DEF CON, Black Hat, Hack Miami, B-Sides Tampa, and Hack Space Con.

Host

Wade Wells

Wade Wells has been working in cybersecurity for a decade, focusing on detection engineering, threat intelligence, and defensive operations. Wade currently works as a Lead Detection Engineer at 1Password, where he helps build and mature scalable detection programs. Outside of his day-to-day work, Wade is deeply involved in the security community through teaching, mentoring, podcasting, and running local events

Guest

Faan Rossouw

I’m a security researcher focused on the intersection of threat hunting and agentic AI. I do research at Active Countermeasures and instruct at AntiSyphon, teaching threat hunting and offensive security tooling. I’m also currently building aionsec.ai, an open-source platform to make elite threat hunting accessible to everyone.

Guest

Paul Clark

With nearly a decade of experience as a business owner and software‑defined radio (SDR) consultant and trainer, Paul helps clients and students leverage the power and potential of SDR technology. His company, Factoria Labs, provides consulting services as well as training, particularly in the realm of wireless communications, RF reverse engineering, and GNU Radio. Before founding Factoria Labs, he worked as a software development consultant for Meadow Registry, where he developed and marketed C++ tools for SDR‑based forensics. He has co‑authored three books in a series on getting started with SDR and GNU Radio, sharing his knowledge and passion for the topic. He also has a strong background in product management, embedded software, and mixed‑signal integrated circuit design, having led a cross‑functional team of 20 at Cypress Semiconductor to deliver innovative software solutions for PSoC® microcontrollers. He holds a Master of Science in Electrical and Electronics Engineering from the University of Washington and two patents in the fields of SDR and biometrics.

Producer

Ryan Poirier

Ryan Poirier began his time at Black Hills Information Security (BHIS) as the Video Producer and Editor in August 2020. Ryan polishes and perfects every webcast, podcast, and workshop on the BHIS, ACM, and WWHF YouTube Channels. Prior to Ryan’s time at BHIS, he worked for one of the largest public schools in the United States, conducting their video production and live broadcasting. He joined the BHIS team because he felt like it would be a great group of people to work with, and he couldn’t pass up the perfect next step in his career. Outside of his time with BHIS, Ryan does freelance photography, attends Cars & Coffee events, and expands his knowledge of audio and videos.

What is Talkin' Bout [Infosec] News?

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
Join us live on YouTube, Monday's at 4:30PM ET

Corey Ham: 00:01

Yeah. The agents so Hermes and Open Claw and Nemo Claw and all these all the agents are incredibly inefficient with AI tokens. Like, to the point that it's just laughably hilarious. Like, every tool call, they add, like, 64 k tokens to the context or something like that.

Faan Rossouw: 00:19

Yeah.

Corey Ham: 00:20

And so what that means is if you're gonna pay an API fee, and also that goes in combination with the fact that most of the agents are banned from most of the AI platforms. So Claude, Anthropic bans AI agent usage with Hermes and and OpenClaw. I think AI or OpenAI allows it. So that might be like the one kind of hack for now. But, like, let's read the writing on the wall.

Corey Ham: 00:45

How long is that gonna last? Who knows?

Faan Rossouw: 00:48

They'll definitely go with Claude because they, like, hire Pete Steinberger, the creator.

Corey Ham: 00:54

Well, you mean OpenAI did. Yeah. Yeah. OpenAI hired him. Yeah.

Corey Ham: 00:58

I mean, I don't know. Who knows how long that'll be supportive? But basically, where we are now, the writings on the wall that tokens cost money, and AI agents are super inefficient with tokens. So if you're gonna use a Hermes or an OpenClaw Yeah. And you're not gonna use OpenAI, you basically have to have an AI rig locally.

John Strand: 01:15

I I I still come back to it's just a matter of time. Like, I think two things are gonna happen on the horizon. Like, the first thing that's gonna happen is the price of all of this shit's gonna start going through the roof because

Faan Rossouw: 01:26

Oh, yeah.

John Strand: 01:27

Like, we've talked about it. They have to raise their prices.

Corey Ham: 01:29

They're about to IPO. We'll talk about this this week.

John Strand: 01:32

Yeah. We'll talk about it. But that that's the first thing. And the second thing, like, we're looking at Microsoft. We're looking at the GitHub.

John Strand: 01:38

We're looking at, you know, what they're stopping AI from doing from offensive cyber stuff. Like, I am I am absolutely terrified of entire operations at BHIS being completely shut down.

Corey Ham: 01:50

Dude, if Claude's down I ran out of Claude tokens on Friday at, like, 3PM. I just left. What am gonna do? Done.

John Strand: 01:55

What do I do?

Corey Ham: 01:56

What am I supposed to do? Right. I can't do anything without cloud.

Wade Wells: 01:59

We we've been I've been like issuing that. It went before you ask cloud to do something, ask it if it can make a script to just automate it. And we've been we've been like strictly trying to like, if a Python script can do this, do not spend your tokens on it. Have it create a Python script to do it. We set

Corey Ham: 02:16

that aside. There there's a lot of ways you can optimize your tokens. The other one that really worked for me is I specifically was like, anytime you spawn sub agents, spawn them with Sonnet. Don't freaking spawn Opus sub agents.

Wade Wells: 02:28

Oh, that's pretty good. I like that.

Corey Ham: 02:29

Because two times last week, I had it spawn Opus sub agents, like, 150 Opus sub agents and run through my entire usage in twenty seconds, basically. Yeah. Like, that is another little hack. There's a lot of ways. Yeah.

Paul Clark: 02:43

You're right. Like QMD?

Corey Ham: 02:46

I don't know what that is. Is that caveman

Paul Clark: 02:47

talking It's for indexing like tool that it's actually helped out. I I've got a ton of docs that I'm using to develop some RF software right now, and the docs are, like, looking at docs and docs and the, I I my tech account's gone down significantly since I put the QMD plug in in there and indexed everything.

Corey Ham: 03:05

You're like, basically, the idea is you have a more efficient querying for your docs so it doesn't load them into context and cost you yeah. That makes sense.

Paul Clark: 03:12

Right.

John Strand: 03:13

That's cool. So one of our teams that'll go unnamed, even though it's not the offensive team, let's just say they might be defensive adjacent, They're using AI heavily. Right? And we were we I started asking just the question, like, how much are we spending on AI, like, here at PHIS?

Corey Ham: 03:32

They're like, you don't wanna know.

John Strand: 03:33

And, honestly, it was it was so they have a mix of, like, local things that they've built and things that they're using in Anthropic and all these different things. Right? And they got really defensive to start with. They're like, you can't take AI away from us, man. You just can't touch it.

John Strand: 03:49

We need it. We need it. I'm like, that's not what I ask. I just wanna know what the spend is. And it came out to, like, $3,800 a month.

John Strand: 03:56

And that's because they're doing what we were talking about. Like, they're trying to run local models. They're spinning things off in different places. They're being very good about the context that they give things, and they're training all the people to be very specific in what they ask. And I actually came back.

John Strand: 04:11

I'm like, I think you should be spending a little more than that. That seems light to me. Yeah. Considering Derek Banks himself outspends the entire team in a week. We we probably

Corey Ham: 04:22

I did think pen testing is token hungry for sure.

John Strand: 04:25

My god. It loves the tokens. But it's like but the thing that I think is funny is, like, people are using it like, were just talking about, like, write a Python script or do something. Instead of it just kind of going off on its own, if you can feed it a port scan, it actually saves you a significant amount of money just having it start there, you know, a service identification. So I don't know.

Corey Ham: 04:45

It's gonna get You're better off just starting from completely starting from scratch every time and saying, do an entire pen test. No mistakes. Yeah. Use as many tokens as you want.

John Strand: 04:54

There's nothing. The sky's the limit. And then I get that bill for half $1,000,000,000 in a month.

Corey Ham: 05:01

Yeah. We have an article about that. I know. Let's roll the finger, Ryan. Let's get started on this show.

Corey Ham: 05:06

Alright. So it's past time.

John Strand: 05:08

Those are rookie numbers.

Corey Ham: 05:26

Hello. Todd, we're gonna do one we're gonna do every word, every other word. Okay? So hello, and welcome to Black

John Strand: 05:37

Hills information security.

Corey Ham: 05:41

Wait. Well, yeah, we could do it as a group, guys.

Wade Wells: 05:44

Oh, talking about?

John Strand: 05:46

News. So there we go.

Corey Ham: 05:48

It's 06/08/2026.

John Strand: 05:51

Oh my gosh. Yeah. And and Western civilization still exist much to the surprise of everybody, I think.

Corey Ham: 06:02

Yeah. So first introductions, we've got a few friendly faces, some new faces. We've got Faan Faan? Fan? Yeah.

Corey Ham: 06:11

Is it Faan or Fan?

Faan Rossouw: 06:14

Faan. They got it right.

John Strand: 06:15

Faan. It's Faan.

Corey Ham: 06:17

Who has an upcoming webcast about doing evil things? No. Not about

John Strand: 06:22

No. No. No. No. No.

John Strand: 06:23

I'm screw it. I'm gonna I'm gonna introduce Faan. Faan is was the primary mastermind of malware of the day. He has more experience with network traffic and malicious traffic samples than anybody walking the planet. I feel fairly comfortable saying that.

John Strand: 06:36

He is also the lead author and instructor of a new class that we have coming up that's using agentic AI for network threat hunting. That that I think that that's a good intro, Faan. Your thoughts? Is that what

Corey Ham: 06:49

you awesome.

Faan Rossouw: 06:50

Yeah. I I will I expand a little bit. I I wouldn't say it's purely network threat hunting. It's kinda like applied harness engineering, but network is definitely Oh, yeah. Four components of it.

Faan Rossouw: 07:03

Yeah.

Corey Ham: 07:03

Yeah. This is amazing.

John Strand: 07:05

Sorry. That's the workshop. The class that he's teaching for the Threat Hunting Summit is currently the number one selling class at the Network Threat Hunting Summit by a wide margin, and that's the agentic AI for threat hunting. So I think, Faan, they should take your workshop first and then take the class to get the most out of it. Right?

Corey Ham: 07:23

I am so excited for this. I am excited because we've talked so much about the show about how all everyone's super excited about using Mythos to code up zero days. No one's talking about how to use Mythos to do the opposite.

Wade Wells: 07:38

I I Yeah. I'm not gonna say anything.

John Strand: 07:41

That's odd.

Corey Ham: 07:46

That's awesome. Us. Yeah. Yeah. We also have Paul.

Corey Ham: 07:49

Yeah. I'm gonna introduce Paul. Have an awesome intro for Paul too because that was pretty good.

John Strand: 07:53

Paul Clark is a brother to a brother of mine. I know that that seems weird. From the transitive perspective, he is a brother of mine as well. I've known Paul for a long time. He is a Black Hat instructor, one of the highest rated classes at Black Hat back when Ping was still running things.

John Strand: 08:10

She shared that information with me. Also, an amazing reverse engineer for software defined radio. If you want anything, you should go check out the book that he coauthored, Field Expedience Software Defined Radio. He has a copy of it at his desk. Now it's practical.

John Strand: 08:24

We got an upgrade practical SDR. And I really think if you're looking at, like, what the future of computer security is going to be, I think there's two areas. I still think web apps and custom web apps, and there's gonna be a lot of web app pen testing. But I think that SDR is one of those areas that's being tragically ignored right now, unless you're in the military. But but I I have no problem saying that Paul is probably one of the top five experts in software defined radio hacking and security.

John Strand: 08:55

And that's just because I know his brother's in there, maybe a couple of other people that we know. But got an amazing webcast coming up. He is one of the main people that I've learned SDR from through his books and through his classes as well. So please check out his webcast and his training. Paul If you're

Corey Ham: 09:12

listening to this, we know that you bought an SDR and you haven't used it yet. And you have okay. Now we know we

John Strand: 09:20

know it's sitting in a box.

Corey Ham: 09:21

We know that.

John Strand: 09:22

Dust that

Corey Ham: 09:22

And you're gonna you're what you're gonna do is you're gonna go find it. You're gonna take it out of the box. You're gonna go to this webcast, and you're gonna actually use it.

Wade Wells: 09:29

I just don't have the time. Yeah.

Paul Clark: 09:32

You do now. Let let Claude stare. It'll be fine.

Corey Ham: 09:36

Alright. Okay. You won't violate any FCC rules. It's fine.

Wade Wells: 09:40

I'm not in the flight path. Nothing will happen. You know?

Faan Rossouw: 09:42

Oh. It's a fun Speaking

John Strand: 09:43

of flight paths, another fun fact about Paul. His wife is one of the only people on the planet that can actually navigate using a sextant while flying. True.

Corey Ham: 09:54

While flying. Yeah. The the pirates that invented them definitely weren't thinking about flying. They were thinking, no. You'll be flying over the Arctic with no GPS satellites available.

Corey Ham: 10:03

Imagine if this ship were a thousand feet of see Anyway, the show. Yeah. Let me wait for no introduction.

Wade Wells: 10:12

No. It's fine. It's I can't I'm not even going

Corey Ham: 10:16

to that. Make John do Hold on. Everyone got a sick intro. Yeah. Let's make John do sick sick intros.

Corey Ham: 10:26

Intros. Do one for Wade.

John Strand: 10:27

Wade has an amazing mustache.

Wade Wells: 10:30

That's all. That's that's it. That's all we did.

Corey Ham: 10:32

He keynoted Wild West Hackin' Bout.

John Strand: 10:34

He did. He did that too.

Corey Ham: 10:35

That's for so

Wade Wells: 10:36

long ago. Don't do that people. Don't keynote. If you keynote, don't don't do the ending the closing keynote, you'll just dread the entire week. Like Yeah.

Corey Ham: 10:45

That was still one of the best keynotes I've ever been to, though. So Fantastic. My perspective, I disagree with that.

John Strand: 10:51

Alright. So but now we've got some news stories because that's what we do here, Corey. Do you wanna pick one out? Because Yeah. Let's I'm excited.

John Strand: 10:57

This is like new story roulette for me because I've been traveling nonstop for the past two weeks. I have no freaking idea what's going on in the world of computer security other than what I've seen at conferences, which apparently is AI pen testing for everything, everywhere, all

Wade Wells: 11:11

the time.

John Strand: 11:12

All I've seen.

Corey Ham: 11:13

So, okay. Basically, John, here here's the choice. This is choose your own adventure. Do you wanna talk about AI first, or do you wanna talk about AI second?

John Strand: 11:20

Let's talk about AI second. Let's ease

Corey Ham: 11:21

into Alright. So, basically, there's some government stuff. There's apparently a a handful of articles about Anthropic. I guess this is, like, a kind of AI. Everything's AI, John.

Corey Ham: 11:38

I'm sorry. That was a that was a

Faan Rossouw: 11:40

strange question. Shit. Trick question.

Corey Ham: 11:44

Anthropic has been planting engineers at the NSA is basically the article according to multiple sources who are in the know, aka definitely don't work in the NSA. So I guess, like okay. Supposedly, mythos is coming. Supposedly, like, this is really Wait. Wait.

John Strand: 12:02

When you say coming, you mean for all of us. It's not just

Corey Ham: 12:06

Yeah.

John Strand: 12:06

Special clothes.

Corey Ham: 12:07

But we should assume the government already should have Right? Yeah. Has had it? Should have it? Is that I mean, there's a lot of speculation here, John.

Corey Ham: 12:15

I don't wanna, like, force you to comment. But, like, can I force you to comment? Go for it. So if anthropics banned at the government or potentially facing a ban, why are they also placing engineers or staff members at the NSA? Why?

John Strand: 12:31

So so I think that this gets into a compromise. Right? Like, I I what I think is going on in the background is you have the people at Anthropic that are saying, look. We don't want our code being used for kill decisions. Right?

John Strand: 12:44

We don't want it

Corey Ham: 12:45

to be used for Plus, it's software that's getting killed.

John Strand: 12:48

Yeah. But there's a whole universe. I I like, look. If hypothetically, if I was the CEO of Anthropic, I would sit down and say, we don't wanna do that killing stuff, the kinetic where we actually take out humans. However, we are perfectly cool doing intelligence.

John Strand: 13:05

We are perfectly cool doing exploitation development. We are perfectly cool doing all of those cyber offensive things that are normally done, and we can just hand it off to somebody else for that last mile. I think that's number one. Number two, I also believe that there's pressure even though you have certain people like Pete Hegseth that is like, okay. We're gonna ban them, and we don't like them.

John Strand: 13:24

I think that there is pressure that is basically saying, look, You you shouldn't throw the baby out with the bathwater. We definitely have a place for this tool and their capabilities that do not involve, you know, being in used in automated drone kill decisions and things like that. So that's what I think is going on is I think that there's now rational conversations around

Corey Ham: 13:44

not

John Strand: 13:45

that anything's rational with AI right now. I think that there's rational conversations going down at the moment about, you know, it's not all or nothing. We can definitely work within gradients of scale for these things as well.

Corey Ham: 13:56

So Open the eyes like, we have five five cyber, guys. We're we're just as cool. Yeah.

John Strand: 14:01

So but if if you look at it, you have you have, like, Palantir that can do intelligence and do target selection and do all kinds of different things that's data aggregation for potential terrorist threats and different targets, of course, of interest. Then you have Anthropic that can actually do the cyber exploitation automation. And then you have other organizations like Grok that probably has no problems whatsoever being involved in automating

Corey Ham: 14:27

They're trying to build killbots right now. They're just look like dumpsters.

John Strand: 14:30

I know. Oh, jeez. God. A cyber truck thing? That's that's nice.

John Strand: 14:35

That's a way to work that in. But that's my thoughts associated with it, but I would like to get other people's thoughts too.

Corey Ham: 14:43

My only other, like, thought is what what does it look like showing up to the NSA to deploy Mythos? Do you just bring, like, a backpack full of h one hundreds? Like, you know, five mil worth of GPUs? Like, how what does that look like just physically?

John Strand: 14:56

I I can just buy that. You know? Usually, how that works is it's multiple vendors all working together. So you're gonna have Cisco. You're gonna have the network vendor

Faan Rossouw: 15:04

of work.

Corey Ham: 15:04

Cisco's there. They're like, guys, we got switches. I don't know.

John Strand: 15:08

We got switches and routers. Switches and routers. Navy beans. Navy beans. And then you're going to have you're going to have the actual hardware, like whoever they get that hardware from, whether it's Dell or raw Nvidia, they're buying all of that stuff.

John Strand: 15:22

Anthropics literally just showing up with after the specs and after things built and installing the software. That's that's usually how that looks.

Faan Rossouw: 15:31

Anyone else have any updates? It's on prem when they deploy the model. John?

John Strand: 15:35

Yeah. There's no way there's no effing way that the NSA is going to allow the public mythos to be used for what they're doing. Zero chance. None Yeah. Whatsoever.

Corey Ham: 15:46

At the end of the day,

Faan Rossouw: 15:47

it's just a Is the NSA part of the department of work? Because I feel like the whole squabble as I originally read it was between Emil Michael, who's kinda like, I think just below, Pete Hetzek and Dario. Remember that weekend when stuff went out? So the NSA is under the Department of War?

John Strand: 16:06

It would be. Technically, if you're looking at the NSA, it's under the Department of Navy.

Corey Ham: 16:10

Oh,

John Strand: 16:10

wow. And so it would be underneath that. Then you have other intelligence apparatus. Now it's kind of like saying the marines are technically under the Navy, but Mhmm. Technically.

John Strand: 16:21

But whenever you're looking at how it breaks down, they're the the different castles and the different inns actually treat each other as security risks. So the NSA doesn't like sharing stuff with the CIA. CIA doesn't like sharing stuff with the NSA or NRO or any of those other organizations. So it's very, very siloed. So you gotta look at the mission of what the NSA is trying to do.

John Strand: 16:41

Right? The NSA is not necessarily there to support the warfighter. The NSA is there to collect intelligence. Right? You have the NROs grabbing a bunch of signals intelligence from satellites.

John Strand: 16:53

You have the NSA is grabbing all kinds of intelligence breaking into computer systems, and that's where you get to an equation group and groups like that. Then you have the CIA that's taking a lot of human intelligence and trying to pull that all together. Now we ran into problems before September 11 of getting all of these different ints, like human, osent, signt, to basically correlate and fuse together. And there's been a number of attempts to try to get that set up, but there's still entrenched political barriers that exist as far as the transfer of that information and who effectively can tell whom to do what. Now that all breaks down if you actually get into something like if you actually have a colonel or a general that's on base and there's an ongoing kinetic operation that's going on, those guys and gals, they can actually cut through the red tape, and they can say, NSA, you're going to give us your data right now.

John Strand: 17:43

Because a lot of times, NSA doesn't want to use the data that they've collected for actual kinetic operations because there's a chance that'll burn their source. And they're very, very, very concerned if they say that they're deep in the Kremlin. And if you wanna take action on something that you're getting for data outside of the Kremlin, it's possible that you will lose that source by acting on it. So there's a lot of considerations that go into this stuff. It's very, very complicated, and there's a lot of dance steps that go with it.

John Strand: 18:10

Also, the NSA generally generally doesn't actually do, like, like, operator on the ground, like, kill operations generally. So or renditions or any of those different things. So once again, it can give that space for Anthropic to exist and thrive that still stays within their moral framework.

Faan Rossouw: 18:32

Yeah. Interesting.

Corey Ham: 18:34

Any other tips on this one before we move on?

Faan Rossouw: 18:37

Well, I think maybe one thing I would add is I you know, it's hard always to kind of untangle what is, you know, kind of, quote, unquote, the truth and the posturing. Right? Because I think I as I understood, they didn't really officially ban Anthropic. They basically said within six months, we're gonna ban them. But at the same time, then kind of all of this news about mythos comes out.

Faan Rossouw: 19:00

It's very, very hard for me to imagine that, you know, the US government will forego potentially a massive advantage in a frontier model as a weapon just because Pete Heckseith kind of, you know, had a little hissy fit at the same time.

Corey Ham: 19:15

So that dark

Wade Wells: 19:17

yeah. Say that goes directly into the president Trump signing the executive order requiring AI firms to provide early model access to the government. Yep. Which I thought We want I feel like that's Yeah.

Wade Wells: 19:28

Yeah. So you got something good new. You're gonna give it to us first, which this kind of flew under the radar for me. I didn't hear about this at all.

John Strand: 19:35

Okay. So that's not new. Okay. That's okay. Since we're talking about the NSA, f it.

John Strand: 19:41

Let's go. You should go see, like, how many patents the NSA actually has. There is a bunch of situations historically where something interesting happens, and whether it's the CIA, the NSA, not the FBI so much, but the intelligence agencies in The United States will actually suppress that technology, and they will use it specifically for United States military purposes. That is something that's been happening for an incredibly long time. So basically saying that AI, they have to give their early access models.

John Strand: 20:15

The United States always kind of had that capability. I mean, it gets down if you wanna look at, I don't think it's the oldest example, but one of the older examples was the RSA algorithm. Right? Technically, due to export controls, the algorithm for RSA was not allowed or the AES that was not allowed to leave The United States. And there were shirts way back in the early two thousands where people would have the algorithm and say that this is, you know, this is a banned shirt from leaving The United States.

John Strand: 20:42

So there's been multiple examples of that through history. This is just another example of it.

Corey Ham: 20:49

Mhmm. Meanwhile, DeepSeek is number one on OpenRouter. But, anyway Yeah. Yeah. So I think, you know, while we're on the US DOD type stuff, the cyber force is kind of an interesting thing that we talked about a little bit last week.

Corey Ham: 21:03

It's basically, like, this new cyber force, you know, a new branch of the armed services under the army that's designed to be, like, somehow a new cyber force that's additional to, you know, space force and the navy and the air force who all do cyber stuff. And there's an article about it that we have. I'll I'll paste the link. But, basically, it seems like that the goal of this cyber force is to let us do, like, to wage cyber war, but not stealth away. It's like, that that's basically like my interpretation of that.

Corey Ham: 21:36

I John, like, I don't know if you like, they're basically taking t they're basically taking TAO and saying, okay. Never mind. We just have a normal chain of command, and I can just command you to go pop a firewall in Iran or whatever, and you have to do it. Like, I don't know if that's true necessarily, but it seems like that's kind of the goal from my like, reading between the lines. That's the reason I got is like And

John Strand: 21:57

so that that's similar to what I was just talking about. Like, the NSA is probably the most advanced cyber offensive operations in the United States government, which really shouldn't surprise anybody. Right? If you're talking equation group, Taylor Access Operations, and those groups that have been around and been very well documented. But once again, the NSA's primary goal and objective is to maintain access to get data.

John Strand: 22:18

Right? They want intelligence. They are not necessarily there to support the warfighter warfighter with forward operations, even though they do get drawn into that quite often. So this actually makes sense. This actually makes a lot sense because this cuts through the bureaucratic red tape, whether you're in the army, whether you're in the navy, whether you're in the air force, you need specific cyber capabilities to support your specific domain.

John Strand: 22:43

Right? If you're doing, you know, ocean stuff. Right? You're gonna have a whole different types of war cyber warfare needs that are separate and distinct from the army. And the army has a very different set of needs associated with the compared to the Air Force.

John Strand: 22:59

So this is something I I think should have been done a long time ago. There's been a lot of conversations about how there should just be a dedicated cyberspace force that just does that. And I think that that may be needed, but I do not believe that it should be the only entity. And that's the internal politicking that you see in in the intelligence and the DOD is the Air Force for a long time was probably the most advanced. You know, some of the teams down at San Antonio out there, so shout out to those guys.

John Strand: 23:28

But then you also had, you know, the the navy was doing a lot of really, really cool things because they're part of the NSA and things like that. But when you're looking at the army or you're looking at the marines, the specific mission objectives and goals of what they do is fundamentally different. So giving you an example. If you're doing night operations in a zone downrange, like you're in a war zone. Right?

John Strand: 23:52

Your needs would be, like, very much field expedient forensics where if you gain access to a building and you gain access to computers in that building, how can you very quickly and efficiently pull down the forensics that you need in that specific environment that can possibly open up additional targets that you need to move to and you need to move very quickly without sending everything to a lab outside of Washington DC? So this makes sense, and I think that every branch should have dedicated cyber offensive capabilities that support their specific domain.

Corey Ham: 24:25

So a cyber force is like, we have Mythos. We're coming to party, basically. That's like that's like their f 22 or whatever.

John Strand: 24:33

I think you're gonna I think you're gonna see every branch of the government have their own mythos. There's not gonna be, like, DOD mythos. You're gonna have army, and they're gonna be multiple mythos for different mission objectives.

Paul Clark: 24:46

Well, how much of the expense budget's gonna be dedicated to data center construction over the next ten years?

Corey Ham: 24:50

Oh my god.

John Strand: 24:52

We're gonna get into data center stuff.

Faan Rossouw: 24:54

I mean

John Strand: 24:55

I'm guessing a lot, Paul. I mean,

Paul Clark: 24:57

a lot. Geopolitically, that's, like, where everything's at, energy production and data center, construction. And and this country has really struggled building things in recent years, so it's gonna be interesting how, how that plays forward.

Corey Ham: 25:09

And Paul, I wanna get the number one investor in renewable energy.

John Strand: 25:14

Yeah. Well, Paul, the other thing that you know is gonna happen, right, because, you know, you've ran in these circles too, you know what's gonna happen where the army's gonna have a data center, and the air force is gonna be like, we've gotta make our data center bigger. Like, there's gonna be data center and the between the branches

Faan Rossouw: 25:30

Oh, yeah.

John Strand: 25:31

And it's gonna it's gonna turn into this colossal disaster. And you're literally gonna have unused, like like Mhmm. GPUs. I guarantee it at some point. Or inefficiently allocated ones.

Paul Clark: 25:42

Yeah. Well, that's possible. I mean yeah.

Corey Ham: 25:45

Yeah. Let's let's talk about some stunt hacking. Did anyone see that so there's an r arse arse arse arse? I don't know. Arse.

Corey Ham: 25:57

Definitely arse. Technica article about a speculative side channel attack that basically uses JavaScript to tell how busy your disk is when it's doing stuff, and then tries to infer what you might be doing with your SSD. Really cool attack. This is like the modern version of Tempest, right, I guess, or something like

John Strand: 26:20

that. Tempest hard drives. Yeah.

Corey Ham: 26:23

It's pretty cool. It's a research paper. This is all in a lab. This is stunt hacking. You know?

Corey Ham: 26:30

Obviously, they're never gonna be able to figure out how many browser tabs I have open because I don't even know how how many browser tabs I have open. But I think it's a cool concept. I guess, has anyone deep dived into this from a technical level yet? I haven't had a chance, but it's the concept would be to, you know, leak data, I guess.

John Strand: 26:52

I I I think it's interesting, and this gets back into the stuff that we were just talking about. I can guarantee you that there is a multiple multimillion dollar contracts that are being launched about this right now.

Corey Ham: 27:04

But because it's browser based. It is browser website Mhmm. And then it starts running and trying to harvest data off your machine immediately.

John Strand: 27:13

Yep. And and that's the part of it that I think is really cool and the applicability. So, yeah, I I I don't think it's ever gonna see the light of day as an actual, quote, unquote, attack that we are going to have to deal with as far as offensive and defensive cyber. At least, I hope not. But I guarantee you there's definitely a bunch of companies in DC right now submitting proposals to weaponize this.

Wade Wells: 27:39

The first thing that comes to my mind with at least a website that just can spy on you instantly is tracking North Korean IT workers applying for jobs. Like, if you guys don't like, that has been at least for blue teamers, like, how do you even get before they even get connected? And in one of the ways, it's easy to track when they actually apply. And there's a lot of HR tools out there now that are actually looking at the browser, looking at the time that the browser is actually configured with, then looking at the resume and comparing all of that. That for some reason, that's the first thing that comes to mind was this is how do you track people actually going to your website that are possibly malicious, then fingerprinting them, and then possibly blocking them in some way.

Corey Ham: 28:21

Well, yeah. Well, I mean, dude, that would be insane. That's like

Wade Wells: 28:24

It would be that that's that's taken into, like, a

Corey Ham: 28:26

minority report. Like, we predicted that you were gonna hack us, so we blocked you.

John Strand: 28:31

Yep. Well, in this who knows? Maybe some lightweight version of this will be utilized for, you know, brow for bot detection. Right? No.

John Strand: 28:39

To basically say, okay. This is a computer that is a human being. It's a phone. It's a laptop. It's a desktop computer.

John Strand: 28:47

It's not some virtualized environment or the bot that's being set up or even AI. Right?

Wade Wells: 28:52

No.

John Strand: 28:52

It's not. So so, no, I agree that some variation of this will be used. And maybe this will be good research for that too.

Corey Ham: 29:00

There are some really fun little tidbits in this article that are fun jokes that I wanna call out. First of all, it says, one of the best ways to prevent frost attacks is to close tabs. So that's, you know, not obviously. The other funny thing it says is the o OPFS file must be extremely large, likely a gigabyte or more. That's just a website now, dude.

Corey Ham: 29:20

If I go and buy something online, I'm downloading a gigabyte of JavaScript. You can't stop me. So I mean

Faan Rossouw: 29:27

stop me.

Corey Ham: 29:28

I I I don't know. I just it's really cool, and I think John's right that this is probably gonna get attempted to be weaponized, you know, throughout the

John Strand: 29:37

I I just got that last sentence, Corey. The researchers did not test Windows.

Paul Clark: 29:43

Yeah. Noticed that.

John Strand: 29:43

I've I've got a question about that. That, like, an oversight? Like, when they were like, oh, crap. We forgot. The operating system is, like like, almost 90% of all the computers on the planet, we completely overlooked that.

John Strand: 30:00

Like, what did they not test it because oopsies? Did they not test it because they actually did test it and it didn't turn out that well? I'm I'm very curious about that sentence. That that there's there's a lot to unpack there.

Corey Ham: 30:14

Pure laziness. Or honestly, probably what they had laying around. I don't know.

Faan Rossouw: 30:19

I mean But I was gonna comment that this is the the one article that actually seems like it didn't involve AI, but now I see that it harvests IO interactions and then feeds it into a CNN, which is kinda like what the image models are based on. Yep. But what they can the information they can get is they can deduce app and websites open on the device. Yes. So I don't know if they can leak, like, crudes or anything like that.

Faan Rossouw: 30:45

Yeah. And then I guess yeah. What you can infer but that's wild, though, that there's patterns that the CNN, the the probability the matrix multiplication will come up with IO rights to, hey, Photoshop is running on this system.

Corey Ham: 31:02

It's insanely cool. It's probably not that useful, but it's still insanely cool.

Faan Rossouw: 31:08

Yeah. For sure.

Corey Ham: 31:11

Alright. I think we're we're almost at the halfway mark, so let's just turn into an AI podcast real quick. No. Actually, before we turn into an AI podcast Wait.

Wade Wells: 31:20

I wanted to ask, Paul, what how much GPS do you know?

Paul Clark: 31:27

I used to know more. What?

Wade Wells: 31:30

No. So the reason I asked

Corey Ham: 31:33

is just He knows everything for those

Wade Wells: 31:35

He knows every so there's been a I I I watched half of the YouTube video. I haven't been able to watch all of it, but there's a really good YouTube video that just based off a paper right now, where it's Russians jamming GPS over Europe.

Paul Clark: 31:48

Yeah. That's so that's been there have been reports of that going on. The Black Sea was a hotbed for that kind of thing as well. But yeah. What what where'd you find the article on?

Wade Wells: 32:00

I just threw it in the chat right now. So the Okay. The original YouTube is on Vertassium, but there's a bunch of news articles all over the place right now. There's an actual white there's an actual paper about it. And the interesting part is, at least I saw, is, like, someone just pretty much said, hey, go look at all the GPS data at this particular time.

Wade Wells: 32:20

And then they slowly started investigating and trying to figure out what it is. I was hoping somebody else read it because I only got to watch half the YouTube video and didn't get to finish it. But So

Paul Clark: 32:31

so I'm subscribed, and I saw that video come up. I hadn't had a chance to watch it yet, but that's that's really interesting. I the

Faan Rossouw: 32:41

the kind of

Paul Clark: 32:41

the mass jamming is one thing. The what was more concerning, especially with some of the Black Sea stuff, was spoofing and trying to, you know, essentially mislead GPS receiver as as to where they were in a more controlled way. Which is some

John Strand: 32:56

really fine tuning of timing to make that work. Like, that's that's pretty impressive. I will tell you, I wasn't in the news much, but whenever I I flew into, Tamlin, Estonia, there were a number of conversations about, cities around Europe where the GPS was failing airplanes, and they had to land the airplanes manually, like the whole approach and everything. And I can't remember all the cities, but I wanna say I I'm gonna be wrong about this. I wanna say, like, Frankfurt or Munich was one of them, But there have been cases that have been reported in Europe where they've been jamming GPS and then inter like, interrupting commercial flight operations, especially close to the Russian border as you get

Paul Clark: 33:42

The article mentioned whether it's GPS only or also included GLONASS, Baidu, and those others?

Wade Wells: 33:47

Let me throw in another article that's not gated. So the the paper identifies 75 events over a seven year period in which the Chester Testorial Reference Stations operated by the GNSS, Greenland, and Canada recorded simultaneously significant drops in their carrier noise ratio. The the story of the jammer hunts, they hunt in space. First, they began they're they're trying to figure out what it was. And originally, I remember they actually centered around one of the Russian ports that has a lot of nuclear sub.

Wade Wells: 34:24

Man, now I wish I watched this full video. The most recent article I gave has a little bit more roundup. I have I wanted to read the full white paper of it, but have not been able to yet. And it's not too long.

Corey Ham: 34:35

So okay. Is Space Force gonna nuke the satellite? Like, this is a Netflix plot waiting to happen.

John Strand: 34:40

I I think that I think that if we think about it, I think we can all agree that that would be the solution.

Corey Ham: 34:44

Right? Come on. What else are you gonna do?

John Strand: 34:46

Just like Start knocking it out. Because it well, that doesn't happen because once again, it gets into that arms race thing.

Corey Ham: 34:52

Okay. Find lasers, John. Find lasers. They're gonna lasers.

Wade Wells: 34:56

They're gonna send up some miners up there, land an oil rig on it, and then start the lead no.

Corey Ham: 35:03

But why not? There's a whale that's covered up. Why not

John Strand: 35:06

why not

Paul Clark: 35:07

Dated reference at this point.

Corey Ham: 35:08

Why not?

John Strand: 35:08

Why not? Not? Couldn't astronauts learn how to run a mining rig?

Wade Wells: 35:13

Don't don't ruin them.

John Strand: 35:14

Don't ruin them. John. Alright? Gosh. God. If you get a

John Strand: 35:17

chance, it's Armageddon. Is that the name of the movie?

Corey Ham: 35:20

Yeah. Yeah.

John Strand: 35:20

Is. Don't watch don't watch the director or the comments with Ben Affleck where he talks about it. There's a whole thing where he's talking to the director. He's like, why does it have to be minors? And I think the director just said, f you.

Paul Clark: 35:31

Yeah. But it's It's Michael Bay movie. Right? Yep. Yep.

Paul Clark: 35:34

It's amazing. Don't ask questions.

John Strand: 35:36

Don't ask questions. So this is I think this is wicked cool. Like I said, I I know my wife and I, we were worried about it when we were flying out of Hamburg a couple of days ago, you know, hearing about it constantly. And there was a couple of times, I don't know if it's just serendipitous, but there was a couple of times that, like, the flight tracking information for the airplane was like, it would go, like, insufficient. It was, like, so

Corey Ham: 36:00

It was like you are in space.

John Strand: 36:02

Yeah. It's like, I'm not there. I don't know. And our flight map had this weird zigzag where it did a correction. I don't know if that's I've never ever ever ever seen that before on an airplane, but it was something that happened, and it could just be a serendipitous kind of weird glitch that happened.

John Strand: 36:19

But I know a number of people at the at the SICON conference for NATO were very, very concerned about this and other things. Now it was mainly for them personally. They were like, I hope it doesn't crash my airplane. I'm a

Corey Ham: 36:30

chip learn how to read maps. That sucks.

John Strand: 36:32

Yeah. It sucks. You know, what do you know what we need? Sextants.

Corey Ham: 36:36

We need to be able to

John Strand: 36:38

navigate these sextants.

Corey Ham: 36:39

The I would get lost so much if it wasn't for GPS.

Paul Clark: 36:43

A little byline in there, the little, sub concept there that mentioned something about the need for a a redundant system or something. I forget what it read.

John Strand: 36:51

How many systems do we need?

Paul Clark: 36:53

It's like, I I'm it's an interesting sort of throwaway line probably that I shouldn't over interpret. But, yeah, I'm not sure I'm not sure what the ramp would be to, start building redundancy into a satellite constellation.

John Strand: 37:09

You know what? The The redundancy is Thomas Guides. It's gonna be Elon Musk, and he's gonna come out with his own GPS from Starlink. And he's gonna be like, yeah, that's broken. Just use this instead.

John Strand: 37:18

Corey Ham: 37:20

good. Yeah. Alright.

Wade Wells: 37:22

Alright. Now go full blown AI. We can do it.

Corey Ham: 37:24

Oh, gotcha. Well, okay. So yeah, I mean, honestly, at this point, there's so many AI articles. We can we can we can skip them. Let's keep skipping them.

Corey Ham: 37:32

No. No.

Wade Wells: 37:32

No. There's an interesting

John Strand: 37:34

We gotta go with big stories. We gotta get the kids what they want, man.

Corey Ham: 37:37

There's a fun Troy Hunt, who we're is a War fan Awesome. Has published kind of a retrospective article on so he to this or last week, he published his one thousandth data breach in Have I Been Pwned and kind of wrote this retrospective article that's pretty interesting. The kind of the the headline of the article is basically companies aren't telling people about breaches anymore as quickly or in some cases at all. And, basically, I mean, I have two perspectives written in article. One is, duh.

Corey Ham: 38:12

Of course not. Because comp the the breaches were never about protecting the customers. It's always been about protecting the companies and doing what's in their best interest. Right? But, also, the other part of it that's really interesting is that there is a regulatory side that allows this, and that's kind of an I that was new to me.

Corey Ham: 38:30

Basically, if you scroll to the bottom of the article, Ryan, there's a chunk that kind of explains what compliance and regulatory frameworks allow not posting it. Keep scrolling up a little bit. So there you go right there. GDPR and if you keep going up just a teeny bit more, CCPA, which is California's, and GDPR both have basically some legal loopholes, I guess, I would say. They basically say, like, if it's super high risk, you don't have to tell people about it or, you know, in in more words than one, which I found interesting.

Corey Ham: 39:04

But it's it's an interesting know, you I I never expected to be informed about data breaches. There's a ton of examples in the article about, you know, him finding out about data breaches on his own and not from the vendor or not from the company that was breached. And there's some, you know, I guess I would call it, like, wall of shame a little bit of some of these companies that did notify at all.

John Strand: 39:27

But is it a wall of shame? Does anybody even care anymore? I mean, this is one of those things I wish Bronwen was on today because she has some really good takes on this. But, you know, what for all the years that I was teaching computer security, I was always like, oh, bad data breach can bring your company down. And we're like, well, or not, I guess.

John Strand: 39:45

There's very

Ralph May: 39:46

these companies been breached over and over again, and then they still, like like, TransUnion or or one of the other what do call it?

Corey Ham: 39:54

Invisible Voice, Ralph. Where are you? Speaking. You're yourself.

Paul Clark: 39:58

Yeah. Ralph's. There you go.

John Strand: 39:59

It's a wild Ralph's

Corey Ham: 40:02

sighting.

Ralph May: 40:02

I know. I I was I was just gonna say, like, how many companies have been breached? I I wanted to say TransUnion. It was one of the other credit monitoring.

Corey Ham: 40:09

T Mobile gets breached every two years.

Wade Wells: 40:11

Every year. Every year on the clock.

Corey Ham: 40:12

Oh, yeah. So do all the ISPs. Charter Communications every

Ralph May: 40:16

two years. I have T Mobile. And every time they get breached, I'm not like, oh, shoot. I'm switching to Verizon. Like, it doesn't it.

Ralph May: 40:23

Doesn't change it. I don't know. That's just me.

Corey Ham: 40:25

I I think every other consumer is on the same page. One's switching because of breaches.

Ralph May: 40:31

Yeah. And, like, the only thing people give a

John Strand: 40:33

shit about, let's be honest, is their browser history.

Corey Ham: 40:36

That's it.

John Strand: 40:37

That's that that's that's that's it. That's where that's the line. You know? I don't

Corey Ham: 40:42

yeah.

Wade Wells: 40:42

As someone who's pulled a lot of browser history from people's computers, you should be.

Corey Ham: 40:46

That is important. No. I've gone through enough info stealers to tell you that, yeah, you should you should delete your browser history a lot.

Ralph May: 40:54

Yeah. Just every time you close, really.

Corey Ham: 40:57

I think, you know, I basically, what I would

John Strand: 40:59

say

Corey Ham: 40:59

is it does actually highlight the need for services like have I been pwned? Like, it's kind of something we all maybe take for granted, but the truth is this is probably the only way you're gonna find out you were breached. It's it's not gonna come from the company Well got breached.

Wade Wells: 41:14

It's not gonna the about by the time he's got it, though, isn't it, like, too late? Like, what are you really gonna do?

John Strand: 41:19

You're screwed at that point.

Corey Ham: 41:20

Yeah. Right? It's an occasion. It's not. There's a lot of

John Strand: 41:23

time teaching, and I bring up have I been poned and people go there, and you hear swearing in the room. They're like, goddamn it. And they're like, well, now I gotta change my password. Right? I yeah.

John Strand: 41:36

I I don't I don't know. I I think there is value in people signing up and getting notification, but I I no one cares. It's like we would kill the million people in The United States.

Corey Ham: 41:46

Millions. I would what I would say from a personal, like, from a personal risk perspective, your data being in a data breach is the same thing as, like, a vulnerability being published. Right? It's like it doesn't necessarily immediately impact you, but it does give you a chance to potentially remediate that vulnerability before it gets used by a threat actor. Right?

Corey Ham: 42:05

Like, it's the same thing as, like, it it's an end day now. Like, it's up to you to beat the hacker to that password or to that email or to that phishing topic.

Ralph May: 42:14

So I've got two hygiene tips, right, that you can do for this. And they vary on how much they mess with your life. Right? But one is you can use kind of unique email addresses per

Corey Ham: 42:26

Oh, yeah. That's a must nowadays.

Ralph May: 42:29

And so and there just like a simple version is like Google allows you, I think, to put, like, a name.

Corey Ham: 42:33

Apple does. Google does. Simple log in. There's a bunch of services. Duck will do it for free even.

Ralph May: 42:39

Sure. So so using that is really smart idea and it separates it out. And then you also know if like, you know, you gave out an email and now it's gotten spammed out its wazoo.

Corey Ham: 42:47

Dude, I have caught multiple companies selling my email for sure. Yeah. A 100%.

Ralph May: 42:52

And and then the last one obviously is tying that into just a simple password manager. Right? So like that Yes.

Wade Wells: 42:57

A blank.

Corey Ham: 42:58

Those are the two best bang for the buck. Like, definitely not one password though.

Wade Wells: 43:02

Whatever you do whatever you do, do not let your password manager get compromised. I will say that as a

Corey Ham: 43:08

Oh, yeah. You you you're taking all the eggs and putting them in one basket. You gotta protect

John Strand: 43:12

that. Saying if your if your password manager has a password or password, it doesn't help you.

Wade Wells: 43:16

You're definitely a little screwed. Just a little bit.

Corey Ham: 43:19

A little. A little bit. Alright.

John Strand: 43:21

That'd be a fun audit.

Wade Wells: 43:23

Alright. I got I got a good one. Did you read the mapping AI enabled cyber threats one to MITRE ATT CK? No. No.

Wade Wells: 43:31

Let me put the link in

Corey Ham: 43:32

there. But I'm about to. Oh, the attack navigator thing.

Wade Wells: 43:35

Yeah. The attack navigator one. So pretty

Corey Ham: 43:37

much The anthropic red blog posts are popping off. They are fire.

Faan Rossouw: 43:42

They're so good.

Wade Wells: 43:43

I'm glad I'm glad I'm not the only one thinking that.

Corey Ham: 43:45

No. It's it's it's kind of a bummer they care so much about cybersecurity because they're not leaving any freaking real estate for the rest of us.

Wade Wells: 43:51

Hey, god, dude. I was thinking the same thing. So the Anthropic Red Team analyzed a bunch of accounts that were banned from Claude for malicious cyber activity over, like, the past year and then mapped it to the MITRE attack framework to figure out, like, what's going on in the past six months. Valid accounts.

Corey Ham: 44:07

Cloud accounts. Number one, guaranteed.

Wade Wells: 44:09

It's always gonna be valid accounts. Right? I feel like the cool part about this is that I really like is being able to see which which accounts are are which tactics are

Corey Ham: 44:18

being used

Wade Wells: 44:18

a lot. Tech oh, tactics and techniques. Okay. My thought is because nowadays, the defenders are finally really starting to digest the conversation logging. Right?

Wade Wells: 44:28

And to really understand the attack frame the, at least, attack if someone were to get onto your box and start using an AI there, and you if you have the logging from it, that was one of my insights to this. Or at least, I my first thoughts as a blue teamer. The other thought is just seeing how cool the attacks are escalating from now for the past six months and what they're using to not just attack you, but to the

Corey Ham: 44:51

jobs, dude.

Wade Wells: 44:52

Dude, they're not in, like, defensive agent being the key one. Right?

John Strand: 44:55

So, Wade, I got a question for you. I've I've always wondered, and I don't know. I'm lazy. I guess I just haven't looked at it. Can you think of anything where it's like a heat map like this, where it takes, like, let's say, the information from Mandiant, the information from Verizon, and looking at the techniques that are actually utilized and then putting that on a heat map?

John Strand: 45:14

And the reason why I think that that's important is because if you're doing detection engineering, you'd or even deception, you would wanna make sure that you're putting deception and doing the most detection engineering for the techniques that are the most heavily utilized techniques. So this is the first time I've seen that in the form of a heat map. That's like, no. These are the techniques that we're seeing, but it's in a different angle coming at it differently.

Wade Wells: 45:38

Yeah. There there's a so, like, the main tool I used in order to create those heat maps was called detect, which is still out there and still widely used. And that one, if you give it a bunch of JSON files, it'll actually create the heat map for you. So you have to create the JSONs with it.

John Strand: 45:50

Yeah. That's but there's no one that's collecting it. I know at BH and Aker, we started keeping a running record of the findings that we have in our reports.

Corey Ham: 45:59

And Yeah.

John Strand: 46:00

I'm thinking about releasing that as a heat map against MITRE.

Wade Wells: 46:04

You should just do a full report. Like like so the year end threat reports, right, that always come out, like, the one I always preach is Red Canaries because they actually have, like, a music track to go along with it, which is really fun.

John Strand: 46:16

We can do

Corey Ham: 46:16

the Spotify rap, but forget it.

Wade Wells: 46:18

Yeah. Exactly. Yeah. Like, Opa Tett was in it one year. But reading those reports is super insightful just to see what's going on across, But you do have to read it across a bunch of different vendors and to understand what's the exact exact tactics that are being used or techniques.

Wade Wells: 46:33

And like Corey said, valid accounts is almost always the primary one.

Corey Ham: 46:36

Although it's interesting actually looking at it. The the for those curious who haven't looked at the report, the number one technique is develop capabilities malware, which tracks. Right? Like, I need a c two. No mistakes.

Corey Ham: 46:47

It has to be written in Rust. Go. Rust. Obfuscated files. Right?

Corey Ham: 46:51

Like, obviously, building JavaScript or other obfuscated tools is super high, easy to use for AI. Local system is interesting. Like, using AI agents as a post x tool, that's we're doing that right now. We basically take our c two agents, and we give them MCPs to AI. Then we say, oh, I lost all my password files.

Corey Ham: 47:12

Can you help me find them? And AI is like, absolutely, buddy. I'll help you find those password files. It has to be helpful. Yeah.

Corey Ham: 47:19

Let's be helpful.

Wade Wells: 47:20

What's kind of funny is the number one the defense evasion is the number one tactic used in at least by what that they're using LMs for. Mitre attack actually just split defense evasion up into two separate tactics. I believe it's stealth and defense impairment. Right? Which

John Strand: 47:38

Oh, that

Wade Wells: 47:39

makes doesn't it doesn't necessarily like leave make this moot, but it's like, oh, like the timing was just poor.

Corey Ham: 47:47

Totally. Fifty four percent tried to impair defenses with AI. And now we gave them a 100% thing, which is just to say it's PHI, and it won't be touched.

Faan Rossouw: 47:59

Yep.

Corey Ham: 48:01

Alright. Let's keep going on AI.

Ralph May: 48:05

Are we open the floodgates?

Corey Ham: 48:06

We've opened the floodgates. I mean, the other there's like well, we could do some, like, quick hits because we don't have that much time left. I mean, first of all, anthropic supposedly an IPO. Like, that's potentially on the radar. I mean, like, if you've been lying on radar yet,

Bronwen Aker: 48:19

that's what it's saying.

Corey Ham: 48:20

I will say, a couple things about it. It's smaller than the SpaceX IPO, but it's still a

Ralph May: 48:25

chill doesn't make any sense.

Corey Ham: 48:27

Which, yeah. By the way. But whatever. It's I mean, basically, I think for those listening to this, the probably the only thing you really care about is is how is this going to impact the price or the, like, availability of these products? And, I mean, safe to assume I I will say before this and even now, like, if you're looking at AI, we've talked a lot about on this podcast about, like, the AI marketplace in general.

Corey Ham: 48:53

You know, we talked about who's gonna survive between all the different people that are running a horse in this race. Anthropic is actually the closest to being profitable according to them. They're they've claimed they're gonna be profitable as of 2027. OpenAI's current prediction is 2030.

John Strand: 49:07

I thought it was

Corey Ham: 49:08

2030. Yep. Well, so Anthropic is 2027. OpenAI is like, maybe someday. I don't know.

Corey Ham: 49:13

Probably not. Google is Google, so whatever. They're already profitable. They're they don't uniquely, I guess, what I the the the question I don't know and what I'm curious about is, why? If they if there's already gonna be profitable, they already have the funding they need, they already like, arguably, they're the most sustainable frontier model company that isn't They're not sustainable.

John Strand: 49:36

That's a

Corey Ham: 49:36

lot. Okay.

John Strand: 49:37

There we go.

Corey Ham: 49:38

Yeah. But they will be next year. They're gonna be profitable. So No. They're not.

Corey Ham: 49:41

Yeah. Well, that's what they said.

Bronwen Aker: 49:42

They're not. So The only way that they have so much profit is because so many investors and organizations are pouring money in good after bad. But the way that they're operating is not sustainable. Now some of the things that I'm seeing in the various, publications that I that I follow and track is that the models are shifting over. Yeah.

Bronwen Aker: 50:09

We've already got the subscription model, and we've already seen the price points, and we're already seeing the that companies are blowing through their entire annual budgets on this and the other thing just by burning through tokens. This is not gonna go away. And the problem is more and more companies are seeing that what they are doing is not sustainable. And that's why they're having to rehire humans back into positions that they let them go from. That's why they're having to do all of this stuff.

Bronwen Aker: 50:39

There it's it's not gonna happen.

John Strand: 50:41

And the other thing that I would like to add is, you know, we got the Anthropic one, but then we also have the SpaceX one. And the SpaceX one's timing is very interesting because they they have to do it's a it's something called a float readjustment. Right? So it has to do with the percentages and how much you can put out of the stock market. It's complicated.

John Strand: 50:59

To be honest, I don't understand it. But before you have to report, you you have to report quarterly on this before you can do a float adjustment. And one of the things about the timing, and I'm getting some of this wrong, but I don't do stock markets. But the way that specifically the SpaceX IPO is going to go down is the people like Elon Musk and the people that are investing in it, and, you know, they're they're the ones that are gonna just make crazy amounts of cash, will be able to exit before the float readjustments and, like like, have to happen. So what my point is to all this, kind of answer your question in a different way, Corey, is the idea isn't necessarily this is a profitable long term business venture.

John Strand: 51:41

It's a game of musical chairs. And with the game of musical chairs, you have series a funding, You have series b funding, series d. And through a lot of companies, as you're moving through different series, the goal is to try to get somebody else to take the money, responsibility, and risk. You buy out or you get bought out and you get out. IPO is the bad of those ways where they're trying to move this around so the people that are in it heavy that'll make the most money will be able to step out, make a shit ton of money.

John Strand: 52:09

Sell this stuff. And then the people that are going to be holding the bag when it's over are the stock investors. And the rules that just changed because of what's going on with SpaceX, I'm thinking Anthropix looking at the same thing, is basically they're making it to where if you have, like, an investment fund that you're investing in, you have to invest in these companies. And I think that that's the big push. The big push isn't like the traditional, this is profitable.

John Strand: 52:35

It's gonna be a company, and it's gonna have, like, what do they call it? A p and l to, like, Walmart. Right? Like, Walmart's valued at, like, $900,000,000,000, and it actually makes revenue $750,000,000,000. So when you're looking at these companies, they're not making anything near where their evaluation is going to be.

John Strand: 52:56

And I'm telling you all this because this matters because the whole thing is being set up and rigged in the stock market to make sure that people can make as much money as they possibly can as quickly as possible. Get the f out, and then everybody is going to be left with whatever's left over. And everybody that has their four zero one k is going to be screwed because of it.

Corey Ham: 53:19

So every so okay.

Bronwen Aker: 53:20

Basically, they're setting up the next stock market crash.

Corey Ham: 53:24

Well, there

John Strand: 53:25

is It's not all their fault. But yeah. Pretty much.

Corey Ham: 53:28

On a on a positive note, the S and P was like, hell no. We're not including SpaceX. So that was good.

Faan Rossouw: 53:34

Yeah. Yeah. But they're not picking Like,

Corey Ham: 53:36

you know, like push back. I'm not disagreeing with you, but at least we got that And, like, for now, our

Bronwen Aker: 53:41

The SRP is crazy, not stupid.

Faan Rossouw: 53:44

But I I agree largely a lot.

John Strand: 53:47

When you get these companies that are this large, they create their own weather. Right? Like, the fact that Nasdaq is willing to completely change its listing rules just for SpaceX is flipping crazy.

Faan Rossouw: 54:01

Yeah. So something else related to what you said too, John. I don't know if you saw, but, like, I think it was Fidelity. Usually, to you have to have a minimum of half $1,000,000 in your account to get in on the I IPO, but they lowered that to $2,000 for SpaceX, which is just kind of like

Corey Ham: 54:20

Wall Street, that's a venture.

Faan Rossouw: 54:21

That we want all of you to to buy our, you know, somewhat worthless stocks to hold the bag.

John Strand: 54:28

This And I and I think that this matters, you know, in the context of this of this podcast. I think that this matters because whenever there is a stock readjustment that is eventually going to happen. Right? Mhmm. We know as a pen testing company when COVID hit, immediately every company was basically like, holy shit.

John Strand: 54:44

We need to hold off on pen tests for the next, you know, couple of months. Whenever we had the the liberation day with tariffs, we saw something similar. Anytime that there is, like, a a a fairly large stock readjustment, we do see call volumes coming into BHIS that correlate that down. Right? We see this all the time.

John Strand: 55:03

And a lot of these companies, unfortunately, whenever they get hit, especially in the tech sector, because the tech sector is running up the entire stock market right now, all of these companies, whenever something like that happen, they react by saying, you know what we need to do? Layoffs. Right? And that's something that I think directly applies to us in security because we've already been seeing a huge hit in hiring and staffing in the security space because of AI. And like Bronwen said, humans are coming back into the loop.

John Strand: 55:31

It's just a matter of time. I hope. I could be wrong. But Bronwen agrees with me, I think, so I'll take that.

Bronwen Aker: 55:38

Yep. I agree with you. Well, it it's it's happening. It's happening. Easily, half of the companies that were expecting to have mass profits and not hire any junior people, they're going, oh, gee.

Bronwen Aker: 55:51

We're our our people that we have left are spending three times as much time debugging all of the vibe coding that we did. And yeah.

John Strand: 56:00

Well and and I think that that'll happen.

Bronwen Aker: 56:02

Matter of time. In the long run, it will help us.

John Strand: 56:05

Yeah. It's a good have. Correct. Yeah. Bronwen, we talked about it before.

John Strand: 56:10

It's like the .com bubble. Right? All of that shit that was predicted happened. Webvan failed, but we now have Grubhub. Right?

John Strand: 56:18

And I and I I do disagree. I do think Anthropic can be profitable by next year just because their business model has been focused on enterprises, not individual users is kind of what GPT went.

Corey Ham: 56:29

They don't have a free they they don't have their their user base are based on a free product.

John Strand: 56:33

Yep. And then the other thing that they can do, I think that those assumptions of profitability, I think, are based on they know they're gonna have to raise their token prices. They're gonna have to raise their costs. Yeah.

Corey Ham: 56:44

Yeah.

Faan Rossouw: 56:45

Yeah. I mean, the API cost for Methos are already much, much higher. I mean, I'm assuming the inference is also much more expensive. Right?

Bronwen Aker: 56:55

Well, it's other one of the other impacts that we're gonna see is this and and it has to do with power infrastructure. Yeah. The power companies are talking about these virtual, not generators, but but power stacks, and it's it's basically, we're gonna be seeing a lot more battery based of power management and changes in how the power infrastructure is handled overall. And that is, of course, going to have an additional repercussion in the Infosec sphere because utilities are one of the things we look at.

John Strand: 57:36

And, Bronwen, I think that that's a brilliant thing that p I don't know if I don't even know if anybody's really talking about that. Because if you look at the entire grid infrastructure of The United States, right, because of legislative capture and the way that they make their profits is not normal. Right? Mhmm. The infrastructure for and the power grid in The United States is light years behind any country other than The United States, whether we're talking China or Europe or any place.

John Strand: 58:02

Right? And I wonder, based on what you said, what is and we should take note that we should do some research on this, Bronwen. This should be a webcast. But I wonder how much pressure there's gonna be from the IT sector to try to upgrade the infrastructure, the power grid infrastructure in The United States to kind of move towards more smart infrastructure? Or do you think they're gonna just say f it, and they're gonna basically build their own power stations almost on-site?

Corey Ham: 58:26

Oh, dude. You didn't Nope. You're already doing it. Mike, that's what I was say. Microsoft was, like, turning back on 3 Mile Island or whatever.

Corey Ham: 58:32

That was a thing.

Faan Rossouw: 58:34

Yeah. Yeah. We're gonna do modular nuclear.

John Strand: 58:36

Oh.

Faan Rossouw: 58:37

But I think, John, you're right. But I think it's also gonna come from the communities because I don't know if you guys have seen how many of the proposed builds, like, the the the increase in the amount that are being challenged by local communities. Yeah. Right? So then

Corey Ham: 58:51

they Oh, yeah. We talked about it last

Faan Rossouw: 58:53

expensive and takes much longer to build these out. And now the people profiting most from it are also some of the biggest corporations that ever exist, and they have a tremendous amount of influence on the, you know, the the government at the end of the day. So that I do think that's a big selective pressure for you know, they're gonna have to figure something out with the power Because at a certain point when people's energy bills are just gonna be, like, four or five or six times higher, at a certain point, like, the social contract's gonna get fairly brittle because of that. Yeah. You know?

Faan Rossouw: 59:28

John Strand: 59:29

Yeah. They're just gonna give up. They're not gonna use power. It's all gonna be firewood. Yeah.

Corey Ham: 59:36

I mean, we we talked about it last week, but, you know, the the, law enforcement folks are warning about a new brand of, you know, activist terrorist type people who are, like, anti infrastructure or anti

Ralph May: 59:50

life center.

Corey Ham: 59:51

Well, DIS center crime.

Bronwen Aker: 59:53

Yeah.

Corey Ham: 59:53

Yeah. So, I mean, I obviously, that's, you know, alarmist as usual for news. But

Bronwen Aker: 59:59

news A lot of that is coming from the same people that are are targeting other people, but that's another conversation.

Corey Ham: 01:00:06

So what we're saying is get a physical bend test of your data center, I guess.

John Strand: 01:00:09

Well, and but how do you how do you build that into your threat model? Like, when you're building these data centers, and you're like, okay. We're seeing what Iran is doing. We now need to deal with drones. Right?

John Strand: 01:00:20

Like, how do we protect this really expensive infrastructure

Corey Ham: 01:00:24

Yeah.

John Strand: 01:00:24

From just random people doing drones and bringing the entire infrastructure down? I it's a brave new world. Like

Corey Ham: 01:00:30

Oh, these things are John, these data centers are already built absolutely bunker like. The I mean, in general. They're Yeah. Not all, but, like

John Strand: 01:00:38

Actually, no. Have you seen the ones Facebook? They're just tense.

Corey Ham: 01:00:41

Yeah. They're just tense. Okay. But does

Ralph May: 01:00:44

the that SpaceX is built, actually.

Corey Ham: 01:00:46

Hold on. Hold on. Don't forget, lasers. Or Meta is the company that if you just ask for someone else's account, they'll just give it to you or their AI will.

Bronwen Aker: 01:00:55

Well, that's, you know, that's basically using a chatbot to to get the insert Instagram creds. That's all

Corey Ham: 01:01:03

Yeah. Yeah. The other I'm just saying they're not exactly known for their hardening.

Ralph May: 01:01:07

Yeah. The other recent news about just even do on this topic. Right? Data centers, a lack of availability, lack of power is the SpaceX or AI, whatever his name is named it at this point. But essentially, two things, Anthropic and Google are both paying what?

Ralph May: 01:01:24

It was a billion dollars a month or something like that. Yeah.

Faan Rossouw: 01:01:27

Billion dollars a month minimum.

Ralph May: 01:01:28

Yes. To rent space

Paul Clark: 01:01:30

Just leasing space.

Ralph May: 01:01:30

The data centers that they built out because Grox six.

Corey Ham: 01:01:34

Because circular financing, though. Because these like, again, though, but you know that the company who they're paying a billion dollars to owns a 30% stake or something in Anthropic. Right? They have. Like, Exactly.

Corey Ham: 01:01:44

This is all circular financing.

John Strand: 01:01:46

So you're saying, Corey, there's a big club, and we aren't in it. Is that what you're

Corey Ham: 01:01:51

saying? Yeah. That's what I'm saying. Carly. I can tell you, according to AI token prices, I am costing Anthropic thousands of dollars every month.

Corey Ham: 01:02:01

Yeah. Same. I mean, I look at that usage, I'm like, if I was paying for these tokens, I would be a bear poor man.

John Strand: 01:02:08

Hey now. Hey now. I'm starting to

Corey Ham: 01:02:09

get nervous.

Faan Rossouw: 01:02:10

Do you know what I'm saying? That that make you feel sometimes like it's gonna run out, so I have to, like, what can I create next? What can I create next? What?

Paul Clark: 01:02:17

It every night. No.

Faan Rossouw: 01:02:19

That they ask questions. Anxiety.

Corey Ham: 01:02:21

Yes. I agree. It's like a addiction, honestly. Agree. Okay.

Corey Ham: 01:02:24

Faan Rossouw: 01:02:24

Definitely.

Corey Ham: 01:02:25

Couple cup two final articles before we close the show and and give Paul and Faan a chance to plug their stuff one more time. So first of all is that Microsoft is designing a new, basically, Open Claw, but for Microsoft products, which sounds like the worst pitch I did not have my on my bingo card. But basically, they they've leaked or someone leaked the planning documents, and it specifically says that one of their intentions is to get people addicted to it. And so this is a real thing. You know, here's the news article, four zero four media.

Corey Ham: 01:02:59

Basically, this is a thing. AI is addicting. I have personally noticed this in my life. Like, I have gotten to the point where I've had to add AI to my wind down to be like, I don't do AI a couple hours before bed because otherwise, I'll be up all night being like, what if the agent does this? What if the agent does that?

Corey Ham: 01:03:16

What what if it

John Strand: 01:03:17

screws up?

Bronwen Aker: 01:03:17

If you get into a conversation with one and it sucks you in because it's such a sycophant, oh, yeah.

Corey Ham: 01:03:22

Oh, yeah. No. I I the amount of time I've spent waiting for a freaking thinking to return or something anywhere. But, yeah, the other article, you know, obviously, Microsoft intentionally designing them. There was an one more thing, which was that Amazon had to take down their internal AI token leaderboard because it was just costing them a huge pile of money in tokens because people were just basically faking it.

Corey Ham: 01:03:49

People were basically

Faan Rossouw: 01:03:50

What's a leaderboard? Like, token spend.

Corey Ham: 01:03:52

Yes. Token spend. Internal this is the thing. We've seen it at Meta. Like, there was an article a a month ago that Meta's token spend was, like, a billion dollars a month or whatever, some stupid number.

Corey Ham: 01:04:04

But, yeah, basically, Amazon had to

Faan Rossouw: 01:04:06

shut whip.

Corey Ham: 01:04:06

Spend more. Oh, that's that's exactly right. So, basically, Amazon shut down theirs. This is obviously an insider has leaked all this information to four zero four media. But, basically, they shut it down, and the feedback that they were giving in managerial reviews was basically, you're not using enough tokens.

Corey Ham: 01:04:24

And they had the internal leaderboard. Right. And so people started gaming the system, of course, and just wasting tokens. So it's just AI wasting tokens back and forth, and then Amazon having to pay the bill of however many hundreds of thousands of dollars people use just to waste tokens.

Ralph May: 01:04:42

I'm not a company that used to lose a lot of money.

John Strand: 01:04:44

I I keep saying it, and I wanna close the show with this. I think the TV show Silicon Valley ended way too soon.

Corey Ham: 01:04:51

Oh, it's Yeah.

Faan Rossouw: 01:04:52

Because they're crazy.

Corey Ham: 01:04:53

It's very true.

John Strand: 01:04:54

They need to revive that.

Bronwen Aker: 01:04:56

We're living Yep.

Corey Ham: 01:04:58

So let's do Yeah. Let's do some plugs. First of all, here's what you're gonna do. You're gonna go get your SDR. You're gonna dust it off.

Corey Ham: 01:05:04

You're gonna That's right. Plug it into your computer, and you're gonna come to Paul's webcast on June 10, which is only two days from now. You got time. You can install drivers by then. And there's

Ralph May: 01:05:14

a book,

John Strand: 01:05:15

Paul. If they wanna be ready for the webcast

Paul Clark: 01:05:17

And there's a book. No. Starts practical SDR. It's got the robot and everything.

Corey Ham: 01:05:21

That's awesome.

Paul Clark: 01:05:23

The the other thing that we don't have the web page up for is that there's gonna be a workshop on the July 24, a four hour workshop. And I made a joke earlier about letting Claude run your SDR Just a couple days ago, I literally had a bit of a harness able to pull down some cellular communications, and Claude was actually actively analyzing, iterating, demodulating. So it's getting getting getting the basis for all this stuff figured out. It's gonna be a thing soon.

Corey Ham: 01:05:53

That's awesome. Mhmm. Bye. And then two two days later, on June 12, Faan has his workshop Nice. Building your own AI security agent.

Corey Ham: 01:06:01

I think I'm gonna register for this one because I think AI is about the harness. The models will change. The you know, like, everything else will change, but the harness has to be good for AI to ever even begin to succeed.

Faan Rossouw: 01:06:16

Yeah. And, I mean, when it comes to the model, like, you can choose the model, and open weight models, you can fine tune, but the ROI on that is moot. Your power is actually in the harness. And above that, that's actually where almost all research indicates that an mediocre model with a great harness will outperform a great model with a mediocre harness. Right?

Faan Rossouw: 01:06:37

So that's really your chance to kinda mold and shape it. So my workshop here and the eight hour course that I'm doing at the Threat Hunting Summit is really it's it's architecturally, I've based it on a threat hunting blueprint. So it's skills based and behavioral based, but I'm teaching you a specific system that you have to, like, shoehorn. I'm not selling you a tool or anything like that. I'm teaching you kind of what I consider to be the eight foundational systems for harness engineering applied to defensive security.

Faan Rossouw: 01:07:09

So Amazing. I'm extremely excited to teach this. I hope to see as many of you there as possible for sure.

John Strand: 01:07:15

We'll be there.

Corey Ham: 01:07:17

Alright. Anyone else? Wade, you got some threat hunting summits coming up, I guess, something?

Wade Wells: 01:07:21

Yeah. I'm I'm teaching my CTI one zero one course, but I'm probably just gonna go take Faan's course, to

John Strand: 01:07:26

tell you

Wade Wells: 01:07:27

the truth. There's not enough blue team AI courses out there, I feel like.

Corey Ham: 01:07:31

Yeah. I'm debating it even though I'm not a blue teamer just because I so many customers have asked me, like, you guys keep breaking all of our stuff with AI. What do we do? And I've been to, like, I don't know. Wait for mythos blue to come out?

Corey Ham: 01:07:43

I I don't know.

Wade Wells: 01:07:44

So I I have the talk

John Strand: 01:07:45

I cookies.

Wade Wells: 01:07:47

The talk the talk I did for the sock summit, I have a second half of the talk where it's like the dark side.

John Strand: 01:07:54

Hey, guys. I've got a meeting. I'm gonna jump out. Thank you so much, you guys.

Corey Ham: 01:07:57

But Bye, John.

John Strand: 01:07:58

I gotta go.

Paul Clark: 01:07:59

Later. See you, John.

Wade Wells: 01:07:59

Yeah. But yeah. Anyways, take Faan's course. I'm I'm going to.

Faan Rossouw: 01:08:05

Yeah. I also wanna say, you know, even if you're in red seeming, you know, learning about skills, learning about tools, MCP, learning about knowledge graph and rag and graph rag and all these things, like, okay. The example I'm gonna use, that's all applied to defensive security, but the meta is the same. You can apply it to anything. You can apply it to nonsecurity fields too.

Faan Rossouw: 01:08:27

Right? It's just that the kind of leading example that I'm using is all about building a front end. So from telemetry to make writing the final report and even a SIP report and even a SIP after that, which is a self evaluation. The system looking at how it can kind of improve itself and then using evals to quantify whether it did objectively improve itself or not, really.

Corey Ham: 01:08:52

So That's amazing.

Faan Rossouw: 01:08:53

The whole a to z.

Corey Ham: 01:08:55

That's awesome. Alright. Any other final comments before we close? Anything else to plug?

Bronwen Aker: 01:09:03

I'll be giving a webcast on contextual prompting later this month. I forgot what date it is. It's a twenty something.

Corey Ham: 01:09:14

Nice. Yeah. Prompting is still still important. There it is.

Bronwen Aker: 01:09:23

Yep. That's the one. In 20 Content stack.

Corey Ham: 01:09:26

Nice thumb. Alrighty.

Paul Clark: 01:09:28

We're gonna

Bronwen Aker: 01:09:29

go we're gonna go deeper.

Corey Ham: 01:09:31

We're gonna go deeper. Bye, y'all. Alright.