NASA Gets Phished by Chinese - 2026-04-27

dude are you telling me i make more money than open ai yes you make more money i love that logic i make more money than open ai if you if you made one dollar from selling a hot dog last year you made more money than open ai anyway well so it's not uncommon not not it's not uncommon for these big businesses to burn a ton yeah yeah i know how economics work blah blah blah we had amazon not turning a profit for 10 years and now bezos is buying 15 million and now you want to go look at their profit sheets per quarter it's like disgusting what the numbers are right like it is it is i look at amazon they're like you all fight on the ai thing and when you get it sorted out yeah shit rid of an r infrastructure yeah instead of being the ai they're just the platform that ai is on right and to that point i have one a good example like uber right they were burning tons and tons of capital and i think they still are but the point i'm trying to bring up here they had to raise their prices because everything was so cheap it was all like great in the beginning but they got to make money eventually and that gets the same for ai right yeah well also the monopoly that's the tech that's the tech play you're talking you push down all the prices then you monopolize it and you push it back up yeah none of these none of these bastards are going to do that right because like literally there's nothing i hate to say this but there's almost nothing special Like there's no like patentable special sauce that they're going to get. So and everybody eventually can just run their own local models. They can run it on their own infrastructure if they want. So how do you completely get a monopoly in this particular space in a way that like Anthropic or open AI wins the AI? You're not going to. And that's why they kept mythos secret for a while. A lot of people hypothesize is because the Chinese model would just distill it and then release it open source within a couple of years. Right. So if you keep a public model, it'll get distilled. That's true. Okay, wait, wait, wait. Hold on. Name a distilled model that's actually good. I mean, Composer's distilled off of, like, Anthropic, isn't it? No, no. Composer was supposed to be Kimmy. They found it in the source code. It was Kimmy. Oh, that's right. I saw that. That's what I'm saying. Okay, so my question is, name a distilled model that anyone would actually use. There was one. I can't remember the name. I'll use a Chinese model if it's cheap enough. I was about to say, I know enough people who use DeepSeek. You can't remember the name. No one's using it. It's from Canada. You wouldn't know it. Quinn isn't distilled, is it? I don't know. I just literally just... But here's the deal, though. Here's the deal, Corey. If Anthropic... Not if. When Anthropic raises the rates enough, you will start paying more attention about those other models. Yes, you're right. Also, we did start this conversation by saying, how can we not talk about AI today on the news? Apparently, the Mini Max models were distilled. I'm like in bed to be arrested like there should be sirens behind me and I think you're in a shipping container John is being held hostage it's like that clip where it's like the dude from Harry Potter that got arrested and in his mugshot he's like freaking out like that does not help when you look innocent guy send us a picture I want to see this I don't know what you're talking about of the Harry Potter thing okay a guy from Harry Potter got arrested is it Snape I knew he was the bad guy the whole time and it's uh oh here we go it was it was one it was one of uh was serious black is legit because that would be less controversial than harry potter right now oh my discord needs to do 42 updates one moment yeah that's normal action only 42 dude it's just distilling your model yeah yeah dude i wish it would distill me right now wasn't it one of draco malfoy's like henchmen it was one of those two guys it was uh it was harry's godfather the one that got arrested and was like tripping out in his mugshot and gary oldman is gary oldman yeah oh my gosh okay now it's doing eight more updates ai is getting so good at putting my face on random things i'm really learning who i actually look like like in robocop yeah you could pull a robocop john john robocop themed human android or like you know like cyborg i just yeah that's great yeah there's the picture yes i see the mugshot it looks like it's from the actual book though i mean it might be it might be it's it's from it's from google images apparently pinterest so that's why it looks like garbage quality as far as i know as far as i know the movie didn't have an image for that that is from the movie well it is from the movie yeah he's screaming because the The mentors are eating him. I was about to be like, dang, this guy got a DUI? What is going on? All right. Should we start the show or should we just talk about AI for 20 minutes? Let's start the show. Oh, I guess there's other AI? No, let's start the show. Just drive and go to him. Go for it. Roll the finger. Do it. Hello and welcome to Black Hills Information Securities talking about AI. Wait, no, sorry, wrong show. Talking about news. It's April 27th, 2026th. And we're here to talk about all kinds of fun things. We have scattered spider people going to jail, pleading guilty. We've got Mexican surveillance giants taking over border control. We've got phishing texts based on, are you trying to pass the Strait of Hormuz? Click here. we've also got access to glasswing aka mythos no we don't but some discord group claims that they did so we'll get into that i didn't see the straight of her moves one that just seems like an ai was told like hey go fish people based on current events and it was like you got it boss i'm on it i'll run a quick round of introductions there's only six of us today so our brady bunch vibes are key we've got hayden to my wait hayden uh who's our sock person we've got ashling who is our resident uh i guess flammability assessment coordinator flame on i have a lot of swords on fire in my day john strand who's not tweeting about how much he's spending on claude but could be if he wants to get that vc money oh that's sweet gc cash you could be living the dream so we got ralph who is currently building a raspberry pie or something i don't know who knows yeah let's building his own raspberry pie could be like a rubrics cube like it's an ai pie an ai pie and they've got wade who's ordered some pizza from the bhis hack and fresh webcast pizza company it's excellent no pineapple this is a no pineapple oh i love pineapple pizza household it's it's personal choice an apple on pizza thing okay you said you didn't want to be controversial john here we go here we go should we just do the ai should we spend the whole first part of the show talking about ai or the whole second part of the show the other stuff let's do second let's we'll do second half so on the second half cut us off we'll do this non-ai articles first if you hate ai you can leave halfway through that's perfect so first of all there was a crebs on security article uh basically talking about how tyler b one of the members of scattered spider pled guilty he's a uk citizen and was actually like fleeing the police um and was like in spain and then he was flying to italy um i like how the picture they're using of him is from when he was like seriously 12 yeah why is that that's when he was active well we know what he looks like from when he was actively hacking some truth there i gotta be honest if that guy rolled out with like a guitar i'm like this song is about to just fucking slam or like he looks like he looks like what is it the hives or whoever like when like really kick-ass music was back in the early 2000s but that's a horrible picture he also called him a computer geek i didn't know he still use that word i know this is like the the picture there is a very much like i feel like i'm at like a sainsbury's or something in the united kingdom like reading basically i'm reading the equivalent of like the national inquirer like right yeah he's just gonna drop out the next and then it's off like it's just that's only only four people in the audience will get that reference that's it so the you know the article is pretty in-depth but basically it just runs through the history of scattered spider for those that don't know they breached you know mgm and uh marks and spencers and a bunch of other companies they had sim swapping and a bunch of other members it was an english-speaking uh cybercrime group so um right but the sophistication of the social engineer we thought that they were english-speaking from the start so and just to be clear he was extradited is that that's the other thing that we're kind of not really covering here is that he was yeah dragged to court in the u.s and there's the picture of him being dragged by some spanish police to the u.s so the lesson to be learned here is don't commit crimes where you could be extradited from yeah that's like a lot of cyber criminals are like in kansas you're like what the hell were you thinking go to all of them were too like the group is okay so the group is a guy from florida A guy from Florida, a guy from Texas, a guy from another guy from Texas, a guy from Jacksonville, North Carolina, another couple from the UK. Like, I don't know. I thought you were kidding. No. No. Really? No. Like, really? That's why they were so successful. Wow. So. So, yeah, I mean. I guess in this one situation, out of the billions of dollars that were stolen and all the damage, these guys were caught. So that just proves that crime doesn't pay. Yeah, it doesn't pay. It pays for a little while. It doesn't pay because you can't pay for AI with Bitcoin. No, you should be able to, though. Why can't you do that? That's a good question. Let's start. Because of KYC, man, we can't have nice things. All right. That's anyway. That's not what KYC stands for. KYC definitely stands for no abusing AI. Yeah, yeah, yeah. It's an acronym, but you have to look deeper. it says they linked him through like reused usernames and email addresses but no no dude he no no it gets worse he logged into namecheap from his home ip oh my god okay well you deserve it at that point if you're like this prolific like hacker group and your opsec is that bad well he didn't think he was gonna get caught these kids are 16 years old are you telling me they don't have developed frontal lobes yeah turns out they don't i guess they're developed enough to hack these giant companies but not to use a different email that's from a from a from a uh uh what do you call it a uh mind perspective here this is about risk like they don't care they don't think about sequences that that's the same thing as only riding a motorcycle with no helmet at yeah because it's cool because it's cool it's also the uh the group i think in general the calm whatever you want to call them their basic thing is like this shouldn't be this easy to hack these big companies i almost feel like this is infosec jackass like what's the dumbest thing that i can do and then you're like don't don't no oh god yeah you logged into namecheap from home oh jeez that's that's gonna hurt there's playing chicken to see who gets caught first yeah it's like who's doing the dumbest thing kind of yeah it really gives that vibe a lot yeah i'm not i think that's pretty accurate i mean i think it's good that they got caught because it actually shows that there is some kind of punishment that could come along yeah you don't hack from exactly what john said you don't hack from a state that has extradition treaties that's it yeah exactly the whole country not a real or if you're gonna do it you get the heck out right away like you go okay it was easier because i was inside the you know firewall boundaries or whatever bye yeah without them being arrested than nobody else would know cybercrime groups don't f with china because i think that china has a completely different way of dealing with things yeah the chinese executed a dude who is fishing like they don't extradite you mean actually fishing or fishing both no fishing with the p he got caught scamming and fishing they just started yeah it got executed now so he was sending phishing emails while illegally fishing in this uh in the south china see didn't have a fishing license you got to get one of those work for the uh state what's next we could talk about so this is kind of interesting so uh basically it looks like the u.s has contracted with a company called secure secure tech segura tech which is the a mexican company that has pretty broad surveillance capabilities to monitor the u.s border um i I don't really know how big the contract is or what it is, but essentially everyone's freaking out because they're just assuming that this is kind of sketchy, that the company isn't properly secured or doesn't have proper data custodianship and all that stuff. But yeah, I don't know. It's an interesting angle to think about like, hey, watch our border for us. And by the way, we're going to pay you a huge, you know, contract fee to do that. It's kind of fun. Um, the 1.27 billion number is not like how much they're spending this year, but a lot of it comes out of not a lot of years, um, that all that's in pesos. Uh, right. It's, it's initially an uninflated, um, pesos. So this is just tallies over the last like 10 years or so. But the thing that caught my eye is apparently Mexico is spending about 5% of the entire global spend on surveillance tech, most of it going to this one company. And I went, 5%? That seems like a lot. Isn't Mexico small? And I checked and it's three times the fraction that their population is out of the world. They're 1.6 and 1.3% of the whole world, depending whether you're counting people to have cameras on or landmass to have cameras on. But one way or another, they're spending like three times how many people they've got worth of the global share of spend on this. Also, look at this building. Is it me at all? Or does that look like the tower in the middle of a prison yard, except this is the entire city? Looks like Arisaka Tower. Very Bantam Panopticon at that point. So I want to talk a little bit of background on this. So what happens whenever you're dealing with intelligence, like in the United States, you have something like CONUS, which is a continental United States. And you cannot do surveillance on U.S. citizens without a warrant. Right. So one of the things that countries do, because a lot of countries have similar laws, is they will hire companies from other countries to get that data instead. So that's a way of circumventing it. So the United States, instead of actually directly monitoring U.S. citizens, they acquire data and like surveillance data and things like this from various third and third party independent companies or completely different countries to do it on our behalf because it's illegal for them to do it through this direct means. But if they buy it through these third party services, then it's I guess it's kind of like money laundering, but intelligence laundering. I think that's a good analogy. This is really common. So you may have something where somebody says, well, we were monitoring data and it looked like somebody in the United States is doing something. And the United States can open up a FISA warrant at that point and be like, well, we were monitoring, but someone said now they can start monitoring that individual. So this didn't surprise me all that much, especially because of what's going on on the border. And now they can just acquire the surveillance directly without having to do the surveillance themselves. of a bottle of the law. Can we scroll down to the one image? If you go to the news article, scroll down. Okay, right. Stop right there. Look at those monitors. I want some of those. That's what I'm really looking at. You see how big they are? Is that a TV? Is that a TV? Is that a 4K TV? It's just a 43-inch TV. No one's stopping you. It looks like it's almost touchscreen. It really looks like it's got to be touchscreen. Right? Could you imagine? You're pulling up logs, enhance, and throw the logs over there, bring in some new logs. Put a pew pew map on it, man. You have to. If you enhance the logs enough on that screen, you can actually see the threat actor. My cloud code would look so great. Right there. Can you imagine vibe coding on that screen right now? I cannot imagine watching my cloud usage slowly chip away on that. Oh, man. It's just a scattered spider. I don't understand. I read the book scorpion king because this is starting to feel a lot more like scorpion king if you haven read the book you should it a fantastic book but have not read the book gotta look gotta read a movie that not related to the rock actively making a note that not it um i sorry scorpion king is there a drug lord that controls the border on the mexican side that controls um and stops immigration and but it's very very similar to this type of scenario all right i think i think i found the wrong scorpion king this is uh i searched it on this book no i searched it on a book app and it looks like a series of uh spicy novels so i'm not gonna add that one i mean that doesn't surprise me either i'm gonna i don't think that's the one john was talking about the amount of ai slop uh in their romance. Oh, dude, I know. In their romance, I can only imagine. Steam is just as bad. AI slop, there's this real writer slop in that. That's true. I've read Moby's head writers are still a thing. I got the book name wrong. It's the House of the Scorpion. Oh, okay. Can't find it. He got confused with the romance novel. John is reading another spicy romance novel on his trip. House of the Scorpion is the name of the book. story my bad i sent you all the spicy novels which now i'm hoping that there's a spike of scorpion king novels like a romance novel to go off the way it did i can't see how that's romantic it's like yes he took me like a scorpion and poisoned me look there are a lot a lot of dinosaur porn like oh yeah dinosaur porn is a whole separate that's a different podcast john oh my god we are really going down a rabbit hole guys you should talk about the ice i think all right let's keep going on tangentially what real quick before tangentially related to that actually was an interesting article in new york times i didn't put it in the show notes but basically this morning there was an article about how the u.s like gold is tech is basically like laundered like money essentially like a lot of the gold that we issue in like u.s backed gold currency is actually mined in like slave labor mines and sketchy scenarios so this is just the intelligence equivalent to that it's like basically there's a document that says this is mind and they're like all right we didn't look any further than that anyway um anyway let's talk about the straight of horror moves so current events obviously um reuters uh reported an interesting article about um basically people are sending fraudulent messages promising safe passage to the straight of horror moves in exchange for cryptocurrency um basically i guess we don't know necessarily we're assuming this is a scam but uh maybe this like on a i feel like this is fishing like we've gotten to like the next level fishing where like it's kind of looks like a scam but also it could be legit like there could just be some pirates that have some crypto and are like hey pay for us and we'll defend you i don't know if that's the thing the irony is that they're fishing with people who are on boats so it's like it makes more sense right but they are they are fishing the strait of hormuz yeah they're fishing the strait of hormuz the other way yeah wasn't there like five ships that ran the blockade yesterday i wonder if it was like a cruise ship and they're like oh you're a cruise cruise everyone was drunk as hell there were definitely two ships and one of them definitely got shot at by iranians it's like no you didn't pay for anything set a course for no no listen there was no warranty okay there's okay so this basically this basically just says that someone is you know is fishing or whatever you want to call it pretending to be like iranian authorities and i i thought this was way funnier when it was just like i was imagining like a grandmother being texted like hey do you need to get through the straight horror movies i got you don't worry send us one bitcoin and we'll get you through but if we get back to it i mean we were joking about it at the beginning it's like iran is charging like what two million in bitcoin yeah or in cryptocurrency that's the scam yeah they're both scams either way what the real situation is as well yes that's basically the campaign is taking advantage of the chaos and basically being like would iran actually charge this much in bitcoin to get across i mean maybe yeah um but outside of wrong. Who would have thought just like that Nigerian prince that had all that money and he's trying to give it away. There was a, there was some middle Eastern country that you, you used to have to pay them to sell you, to sell your product to them. Like you'd have to send them a actual direct deposit. And it was a real corporate standing that they used to do in order to make sure that the salespeople weren't taking their time and that they would actually set stuff up and the reason i know this is because we got i i have triaged a phishing email that was based on that and then the actual company who did that has a thing on their email address it's like we no longer do this do not send any money to anyone because people kept sending money to these fishers and abusing it yeah which is wild why would you pay anyone to sell them something right it's like well that's got it was a cultural thing maybe wait a minute so with amazon the cult with amazon they they owed us money for some stuff that we did and they had this whole entire thing they're like so if you want to get paid early then how about you pay on us they had like a separate company five percent of the total amount that amazon owes you in order for us to pay you early and we're like what what that nope that totally was the thing and it was legit we called her point of contact and they're like yeah that's another company we spun off so what they do is literally look at who they owe money to. And they're like, yeah, if you pay us 5% of the total amount of money we owe you, we will pay you early. The funny thing was they were six months late when we got that email. And we're like, no. And then they responded back, well, if you want to get paid, how much you pay us five? It was ridiculous. So yeah, these types of things, the reason why the scams work is because there's a bunch of companies that operate like that. I had a corporate contract that they tried to bake that in, that if they paid me on time, they got a 5% discount. And I was like, no, take this out of the contract. I'm just going to charge you 5% more. How's that? If you pay me late, I'll charge you 5%. Exactly. Right, right. It was unbelievable. You can have a 5% added fee. Shout out to ChatGPT for reading that contract for me and pointing that out. Oh, yeah. What a great lawyer, honestly. All right. So continuing on our non-AI articles, uh we talked a couple weeks ago maybe last week about essentially the fbi discovered a way to mine the notifications on iphones essentially that was a cool one there was a bug that let the fbi recover deleted signal messages because the context the content of the messages was stored in the notifications database of the io of the iphone but uh that has now been fixed and so apple published that they fix that um and it's now not a problem anymore and so that's kind of fun because now i can freaking turn back on message notifications because i know like it was awful for a week because i would just it would always just say signal new message and i'd be like what is it is it a yeah is it a fish is it important i was gonna say could you not just like have your notifications off and not show up on like the home screen i guess that would be so i'm clear so a couple of a couple of things were happening. The messages were coming through and for people who had said it so that you could see the message content ever, then the notifications database had what the message content was. Which is basically everyone because that was the default behavior. No one was probably going in there and switching that. I like that. Very few people. I like that. Very few. Less than 1%. Yeah, yeah. But the real bug was not so much that this was in the notifications database and therefore the FBI could dig it out of the notifications database. It was the fact that if you deleted an app, it didn't clear notifications that were from some old app. So they didn't just delete the messages. They deleted the whole app. Right. They delete the entire app. And then the notification database stuff hadn't been touched. That was the bug. Okay. That's what Apple had to fix. Okay. And because people, like, even if you had the, you're not allowed to see what this is on the home screen. You're only allowed to see what this is if you're actually unlocked. Not the home screen, the locked screen. Then it would still have the text. It would actually go into that. Like, when people went, oh, well, I'll switch it up. There would just be a little notifications database saying there was a notification. It was signaling. I skipped the middleman. which is still my notifications because they're funny. The Apple summaries are so the Apple AI is such a joke. It's like worse than any other AI. It's honestly always give me a laugh. Some why it's turning on because of how bad it is. Oh, I know. Every suggested response it'll give you will be like, yes or no. Like, that's the only response. Oh, thank you. Like, I'm at Costco. What do you need? And it's like, yes, no. How is that helpful? summarize it's not like emails from me approve or deny that's all it says on john's email it's approve or ignore it buttons approve deny that's it i like hayden's version approve or ignore yeah i heard i heard apple's gonna get spicy this year they're gonna uh partner with x for their ai oh god that's not true they're gonna partner with google don't be sorry x all right come on man let me you got stock in twitter man what are you trying to do over here. I know, right? Get out of here. Yes, no is a binary set and can be used to encode strings. So let's talk about the Bitwarden CLI thing. I think that was pretty hot. Ralph, you want to dig us through that one? I know you're like a Bitwarden user, so this probably hit you pretty hard. Actually, I'm not a Bitwarden user right now, but there's nothing wrong with Bitwarden. I'm using 1Password right now, but there's nothing wrong with Bitwarden. I prefer 1Password, yeah. Their NPM package got compromised. And their NPM package is what they used for their CLI. So the Bitwarden CLI, and it was another supply chain attack, which we've already done like three or three months this year. Yeah, it was through ChexMarks. Yeah, ChexMarks, which ChexMarks is probably a serial. Sorry about that. Yeah. So if you were using the Bitwarden CLI, you should definitely see if you had updated the NPM package recently or got this compromised version. I don't think from what I saw, it was actually in the wild very long. They did detect it pretty quickly. It was like a few hours, I think. Yeah, they did. It wasn't wild. But there's a very specific use case. So it's not someone who is just using it. You'd have to have used the FIFT word and CLI. Yeah, the CLI is probably a small percentage of the actual total user. I'm going to tell you, if someone's using a CLI, it's most likely programmatically. There's more secrets. That's why. Two responses. Congratulations. oh yeah you gotta have dune references also what what is adam maybe i don't give them the attention this company whenever they put out an article i see it on osint they started advertising like they're reporting on these sorts of things and that just is so wild to me do you put out like a cti article and then make it an ad like literally on twitter standard for all security well no it's like an ad promoted on twitter kind of ad oh to get you to go read the article on their website Yeah, well, they want to drag traffic. I mean, I'm sure they're selling something else. There says pricing at the top, right? So that's a pretty good way for to make sure that I can't see your ads because I block all that or sorry, see your articles because I block all that. I'm going to put pricing at the top of my personal website and see if anybody clicks. Wait, how do I buy Hayden? What's the pricing on that? It depends on how my week's going. So it's dynamic pricing? I don't want to pay for Hayden's Claude account, right? Like if you buy it and you have to also pay for a car and like, I know the numbers. So listen, I only hit my quota a few times this week so far. All right. Yeah, it is hard this week. So far, you have a car. It's Tuesday. So, uh, one day continuing. This is kind of an article, a non-article. I don't know. I don't know if anyone really knows or cares about this, but apparently the cult of the dead cow has rebooted themselves. Um, as of April 21st, I don't know that much about them or care. Uh, does anyone have an opinion on this? John, you might, I don't know who, who, who was in it. Like it was, it was in the article because one of the problems I have is like, there's, there's kind of like what rough and dude. Oh yeah. Oh yeah. No, I totally don't know. Now I played call. Everyone knows them. Yeah, but called dead cow.com. But we scroll down, like who are the members? Right? because you know there's all kinds of people that were associated with cult of the dead cow and the previous loft heavy industries group and things like that but the problem i have is like you can't go to a conference about running into four or five graybeards like myself they're like i was part of cult of the dead cow and it's like no dude you were just at defcon when back orifice 2000 was released that doesn't mean you know close but not so okay so basically i i read the like manifesto or whatever which i guess they don't know how to like justify text because it's like just a really tiny margin but anyway they got media i don't know i really don't know like i read this i'm just like i so basically what is the point of this it just feels like a salty like i don't know i really don't know what the goal or point of this is where's the pricing page find it yeah just wait the merch the merch is coming all right oh yeah i really just like they're like We don't like things that no one else likes, like privacy. We care about privacy. It's like, okay, well, it's a manifesto. It's a manifesto, but it doesn't have any manifesting in it. It's just like an O. I don't know. Look, good on them. If you want to start up your own, if they call themselves anything else than restarting the cult of the dead cow, then no one would give a shit. so good on you for pulling up a name for something that meant something back in 1999 and 2000 I guess I don't super understand this it's basically just like the internet isn't free shucks alright see you later why does everybody want everything to be free right like I don't make kids these days man it's because of that phone I got it when you go to the grocery store you're not like why is this not free god dude like okay truthfully if you're in the cult of the dead cow get in touch because what i want to know i want to know one thing what was the final straw was it ai generated spider-man videos like what did it for you oh was it surveillance capitalism is that what finally did it no that's a minor thing john we've been doing that for 50 years yeah that's it it was the spaghetti eating videos yeah maybe it was the spaghetti i want to know like what was the final straw was it like having to tip 20 minimum at coffee shops is that what did it like i don't know what That would do it for me. Give a shit. It's back to the road to come back to Rage Against the Machine. Minimum 30. And I'll bear. It'll be like, let's Rage Against the Machine. It could be that. 99 again. Let's do this. But reviving Cult of the Dead Cow at this point, just start yourself something new. Don't build it on the ashes or something else. Yeah, also, yeah, a lot of those dudes. Cult of the Living Calf. Just for the record, a lot of those old school security dudes are some of the most toxic assholes on the planet. But anyway. Hey, hey, hey. He's in the jail. you're fine now asshole you're fine it's right john you've built an entire community centered around this fact anyway um you're fine you know so i think it's time to pivot and just talk about ai for the rest of the show oh god now the downhill we can start it we can start it very lightly okay there's one more apparently someone at nasa got fished i don't know the one they got the ships man the one i read no i read this one there's no link to it i didn't see it in the news okay so pretty much this uh the this guy was pretty good hacker no it was a fishing organization out of based out of china who worked for chinese aerospace right like they actually tracked him all the way back down uh launched a pretty good phishing campaign for the last like since i think it was 2017 in the article let's see zoom in on that i'm in gallery mode so i can't even read it 2017 2017 and targeting professors researchers and engineers one was emailing people asking them for hey can you send me the plans to that one machine i left them on my other email and boom oopsie there you go got some secret stuff right off the bat and they've been doing it for a while they attracted all the way back to one particular dude, which once again, hackers can't get away. Hopefully this guy probably can leave China now but Not that he could before because he had state secrets anyway that a good point yeah uh but they they popped him on a bunch of different charges right and waiting i think he's on the fbi's most wanted list now too do you think the first fish was like how did you go to the moon please explain in detail they wanted that rocket dude you know you know how that starts is like i think the world is flat and then you start arguing and you're like well i run satellites what kind of satellites well you wouldn't know them well of course you would say that because it's part of the conspiracy screw you here's the top secret classified satellite shit just to prove that it's for war thunder i was about to say this is okay the truth is this guy right now it turns out sung woo is just really addicted to war thunder so anyway yeah supposedly he was really good at pretending to be uh like there was very very good osent done on each individual that they fished down to like their friend group and him masquerading as people who they're like friends with that's the way you do it man right you play the guitar and you're fishing all right you have to go there all right uh what else we got we got uh there's an unk there's some new unks um 6692 um which is a social another social engineering campaign um basically this is uh a google or mandian or whatever uh post basically running through a bunch of same things it's more we're really seeing a heavy heavy abuse of microsoft teams um and we are also you know abusing microsoft teams every day it's because people are used to living in that it's basically replaced the phone from my perspective it like teams is the new version of a vishing phone call and lots of threat groups are abusing it um there's specific things you know people are contacting people through microsoft teams and um then they download some interesting stuff auto hotkey scheduled tasks like it's all pretty basic but um again good social engineering goes a long way there's some phishing pages and all that stuff so and the big thing from this i was interviewed on this one earlier today on another thing and the thing about this is there's nothing really super like cutting edge about this it's just the speed of which they did it and all the different techniques that they chained together and there was a lot of conversation of are they using ai and i'm at the point now or if anybody's asking if any threat actors are using ai i'm like yes yes they are i i don't i it yeah it's like whenever we test things at bhis they're like well would the russians use this technique yes yes they would i it's just of course they're using ai of course different groups are using whatever vulnerabilities and techniques that they can utilize um but it is interesting because we are actually seeing these threat actors change chain these vulnerabilities together uh much much much faster than i think we have in the past and wait i'd like your take on that too um because you have a lot of threat actors that kind of get stuck in one gear and use a handful of techniques but this there's a lot of techniques particularly there's not any ai technology in here at all this is old school my problem is sad but wait we use ai too for some of the stuff it's not that there's an ai technique it's the fact that they're chaining it together very very very quickly that leads me to believe that they might be using some ai with it but that was my take wait i didn't read that one but i believe you i'll go again then because we're going to go ahead and I mean, I think there's still some credence to like what Corey is saying. I think it was Corey that said it, that there's a decent chance that they are still just doing like old school sort of stuff. But then to John's point, like you can script all of these things, but that becomes somewhat fragile. It would make a lot more sense to just have an AI orchestrate this sort of thing. Like it doesn't take a whole lot of effort to tell it. This is the chain of events that I want to have occur. And then I want you to ensure that, you know, if the output is this, go do that thing. If the output is that, go pivot this way. And I mean, that would be like an afternoon. Yeah. Yeah, I wouldn't even say that. I don't know. I just feel like it's Google. If they could have pulled the AI lever, they would have, because that's what is hot to do right now. But I mean, that's hot. You know, you know what I'm kind of ready for is like, you know how remember like, like living off the land bins and stuff like, like, when is it going to become law AI? Right. Like you're just living off different agents on their system. And you say that we have actually, an EDR agent as part of our SOC that we can deploy to like a cloud code session. And so we can receive logs and then inject like EDR response into cloud sessions. Like Ethan, one of the guys that works with us, he was, we were testing it at one point at one of the Wild West Hackenfests where we were trying to block basically public pushes to like a gist or something like that. And so he goes to try to push something to a gist. And basically the EDR agent just destroyed his cloud session. Like he got a big warning banner and stuff. And we have more and more customers asking us, how do we monitor our AI? And I think that's mostly just for insider issues and people leaking things and stuff. But I think you do have a point. That just becomes a tool that's internal that this attacker can use, right? Well, think about a lot of the AI tools they're logging, one sucks, right? And the other, they're just completely masquerading as a user. So you can't tell the difference between an AI doing something to the user, especially if they're using some type of OAuth or MCP on the host, right? Don't even get me started if they like bring in their own cloud code session and then they're on their computer and OAuth to all your tools, right? Like you can't really see that. And then Anthropic is also OAuth to everything because the server maintains the sessions, not the client. Wait, we've got to talk about that cloud code agent thing. I think you'd really be interested in that. Yeah. There's a bunch of fun stuff around. I'm playing around with some things, but we've been meaning to schedule a meeting for quite some time now. Yeah, that's true. I'm just too busy. Yeah, just go on his pricing page. Just go on his pricing page. Purchase one in a 30 minute. I'll pay you to have a meeting with me. The pricing might vary depending on his mood at the time. So just keep that in mind. So continuing on AI, I think the bigger article that probably is on everyone's radar is basically a group is claiming to have access to Mythos. For those that have been living under a rock, Mythos is their new anthropic model. model it's the new anthropic model that's so hot and spicy and dangerous that it's too powerful to be released it'll never be released but also apparently was accessible through some random api keys that some threat actors were able to compromise um so basically the like the summary here which is generated by apple and is completely invalid we're gonna have to start over um again because it's apple is basically that people claim to access it they the anthropic like group appears to have tracked it to some vendor API keys that were compromised, kind of like a supply chain type API key compromise. So essentially, at this point, we can assume they could access the model. So they could make queries and they could do stuff. Anthropic knows exactly what they did with the model and when they did it, they already know this. It's more about stunt hacking than it is actual impact because the truth is being able to run queries for a couple days through mythos is not going to get you what you need it's the actual model itself that you would need to really do any damage and that was never at stake um but it is kind of just like a bad example for anthropic well doesn't this say how is this yeah how is this surprising at all right like it was invite only they gave i don't know how many people they gave the invites to and i think they said the initial cohort they didn't say i mean they're roughly 40 companies though but i mean again it's like it's out right at that particular point right like you have 40 companies, you can pretty much guess at least one of them is compromised or is going to do, or at least they do something stupid. They're compromised right now. They should have done Mythos Threat Hunt, but they should have freaking published it. I thought the article stated that they pretty much just guessed where it was, almost like it was URL encoded somewhere. Correct. Yes, correct. That's right. They had to have the keys to access it, but then they also guessed where it would live and how it would work. Yes. Well, part of this that almost makes it like way more boring is it says specifically in one of these sentences, one of the members of the group already had privileged access as a worker at a third party contractor for Anthropic, which to me means like, OK, like, there you go. That's how you got in because you worked with them like that. But you're not going to believe this bank robbery, dude. You go and you get a job at the bank every day. They steal from them every day. As soon as this dropped, they're like, oh, thank God, we're still on the news. like it's just no I think yes John's right we don't need we don't need the new anthropic model uh open AI just released 5.5 it's better it's better just ask them I'm calling them so okay yeah so that's another news article for sure so GPT-55 which by the way after Mythos dropped open AI released GPT-54 Cyber which is supposed to be their initial Mythos competitor which they said is not going to be 40 companies it's going to be thousands of companies they're still gatekeeping it but they're not they're gatekeeping it less then after 5-4 now they've released 5-5 which according to the numbers if you look at if you scroll down to basically where it shows the uh benchmarks which is all anyone cares about these days how does it do on cyber gym it gets an 84 on cyber gym which is similar to mythos and basically that's their yeah so they already released a mythos caliber ai why is everyone still talking about mythos like it's the second coming of cyber let me send you your uh your bank account real quick ralph do it the bank the name like you know whenever you're giving these numbers like five five yeah you're gonna change a whole new name because the whole new transition when you call something mythos i think that that is a much stronger pneumatic device yeah marketing right there well it's because they were first they were the first also they i will say like to their credit hype it they were the first to hype it and to their credit uh firefox did confirm the bugs open bsd did confirm the bugs like when they reported the stuff the companies that they reported on were like yeah this was big this is like firefox got more bugs reported from mythos than they had in the last entire year worth of firefox article because i i got a bullet to peg with that article like finally the defenders are ahead of the curve and finally weird defenders will be able to announce their acquisition by anthropic dude they're just looking for more money they're like please how much you want to bet how much you want to bet i can't remember there was like 270 vulnerabilities that had discovered 180 some exploits i think and then firefox is like this proves as defenders we're gonna finally get it it's like no we're apt like as defenders in the industry we are screwed Yeah. Okay. So dove, dove telling into us all being screwed. Okay. So there, this is the first, like, I don't know how major this is, but essentially the Indian government published this kind of advisory. That's basically just like, it's, I mean, it's kind of inflammatory, but it's also like kind of true. I'll pay, I'll paste it here. Basically they essentially said what John said on the news last week. which is every CVE is now plus one. Plus one. It is not really what they said. It's not really our podcast. Yeah, basically the Indian government officially posted essentially the summary is like anything you thought would get exploited in weeks will now get exploited in hours. Like that's basically the gist of it. And so this is kind of interesting to see this on an official channel. Obviously their website looks like it was vibe coded in 1996. This you can't tell was not vibe coded. No vibe coded can do it. That's true, actually. Somebody drew that on a whiteboard before they coded that. I think they coded it on a whiteboard and they had to transition it. I love it. You guys quit shitting on it. It's amazing. I got a whiteboard. It just says a lot of the things that John said last week. It pretty much just says, like, vulnerabilities can be changed by AI incredibly easily. Every vulnerability that would have taken weeks to develop an exploit now takes hours to develop an exploit. like you just have to kind of like it says right there sharply reduce the time taken to apply patches within 24 hours is now the benchmark and you're talking about chaining a lot of these models like especially with 5.5 one of the biggest points that they tried to make about it is that it can do things autonomously for longer and then claude released their auto mode which allows it to do things autonomously for longer and so the benchmarks like whatever they're going to be what they are and they're always going to be better than your competitor in some way right but the biggest thing that they like sort of like try to scoot in there under the radar in a lot of cases is our our model can go do what you've asked it longer before you actually have to do anything and a lot of cases it's true like five five can do things longer and better than five four can and then opus now it'll usually work for a good long time before it actually needs something uh some of the times more recently it will deliver these things to me broken but it can do most of the work for a good extended period until 5.0 comes out it's gonna be even better i was about to say you gotta go 4.9 first well at least it's not like the like the open ai namings are like gpt54 spark light or like whatever it is if you get like under the hood they're ridiculous mythos you can't beat mythos it's just too cool like we can do odysseus they're never gonna release it though they're gonna release it but they're not gonna call it mythos they're just gonna keep it as like a myth. They're going to call it Opus 4-8 Cyber. Yeah, exactly. I think the only thing that we can take from all of this is that Silicon Valley needs to come back. Like that old show. Yes, you've been saying this and I fully agree. We need to get like a reboot of like it has to be a new show with new characters and new cast. Start over. It's a whole new Silicon Valley right now. So, okay. Stepping into some of the themes just quickly. There is this new trend of token maxing. basically which is like it hit my radar diet technique yeah so yes exactly so basically essentially last week there was a startup with the four employees that like bragged on twitter about having an ai bill of 113 000 last month um so like that's the economy that we're in right now and by the way the company that's on the receiving end is still losing money do you rock how much have we spent this month on air it's not it's if it's not big enough that means that you're not using enough of it which means that you're not going to succeed so anyone who would brag about how much they're using versus what they're actually making is not a good company yeah yes exactly i can have it analyze birds and burn a thousand dollars worth of usage for 10 Yeah. So speaking of burning a ton of usage, there is an article in here from like Anthropics website where they did a marketplace for AI to basically negotiate things between their users. And so, like, it's it's a silly project, but there's like two nuggets in there that are actually somewhat interesting if you like dig for them. But effectively, these people in Anthropic like signed up and they would like put up something for sale and the AI would negotiate with each other. So, hey, I want to sell, you know, 20 ping pong balls or whatever. And then the AI would decide to price it. And someone else's model would try to negotiate to buy that thing. And so it's Facebook Marketplace. I know what I got. Is this still available? Pretty much. Is this still available? The two like really interesting points were like number one, they said that agent quality does make a difference, that the smarter agents got better deals. But then they also followed that up with people that were using or had like the dumber agents didn't realize it either, which I keep thinking about. Because when when I went to I went to Japan a month or two ago and my wife was doing a lot of planning with like Gemini and I realized she was on the like the free Gemini. and i was like wondering like how many times is it going to confidently say something incorrectly as we get more and more complicated into transportation schedules just because it's like three one light or whatever like you could absolutely ride a bike from tokyo exactly it was that far most people do it there was once or twice that we like had this weird convoluted train thing where you have to buy like two different tickets and you have to like scan a bunch of stuff and it got that wrong and i like i think that goes to like sort of make the point that a lot of the folks that are like behind the trend on ai don't realize that they are they just they think they're they're doing the stuff but they're using like i was about to say we got to reveal the real secret here like our heaviest ai user probably on this this podcast does not give his wife access to his to his AI plans. Yeah, dude. I share my Claude process I do too My partner get into it Yes Hold on That actually It part of the wedding vows Let me defend myself She can now have and to hold tokens until death She burns tokens to help order our groceries each week now. Okay, I'll just say that. That's it. That's all she does. Did you put her on Quinn or Minimax or something? No, that's true. You think she's 5-5 now? You cheap son of a bitch. You got to get her on Mythos, dude. You got to get her on Mythos. I do. I got a key up at this point, man. I'll discover a vulnerability in Kroger. it's like you just start getting free groceries you're like i am concerned about i admit those to to find better deals on uh groceries and now i just keep getting free groceries well why are they delivered by a guy with a hoodie and they have someone else's name on it i don't ask questions anymore you just do what he says okay they're like the big personality difference though between these models is i think the biggest difference like if you go from chat gpt like five four to five five like i had an agent that was like almost annoyingly trying to make quips like i left it because it was so annoying that it was almost funny and then it changed to five five and it became like a normal ai agent that would actually like keep a consistent tone instead of ending everything with a wisecrack you were using x's ai that's what it's yeah so and for those that are saying john looks at it's because he did ask derrick how much spent more money how much we're spending he looked at the sucks ai spent out of it for a little bit i'm sorry i'll be fine we had mythos get us free groceries uh there's cops coming don't worry about it just just kroger hayden hayden is trying to write a new agent asking it stuff and then it's like you know what you don't look good in that mascara and he's like wait what like his wife just do it for me yeah i think uh the whole mythos like it's basically an arms race and i think the thing you know maybe if we're predicting models for net or models we're predicting articles for next week i think some of the other players are going to enter this arms race right we're going to see china we're going to see deep sea start enter this arms race that's when it's going to get really dangerous is when you start because then it becomes who can announce the most shocking thing they have to they yeah that's the next step of this but here's where this ends right none of these like all of these companies are fighting with some type of supremacy in this space right they're all thinking well we'll be the one i'll be yeah we're going to be the google of ai that's where they want to be none of them can google want to be that ai whatever sorry google's out of that we don't need to talk about they just invested a ton of money in philanthropic but if we're looking at if we're looking at where this ends like none of this shit is patentable right like their secret sauce is all mathematics that was written in the 50s and you know 60s and 70s and some in the 80s and when you're looking at all of this where it ends is anybody will be able to go and pull down a model from hugging face that's going to do like let's say 85 of what the really big ones do so if you're looking at investing in this and i want to ask you guys this like who would you invest in like who's going to be the one that's going to win is there what is their end state how do they win because if they start raising their prices then already with like me at bhis i was talking to hayden i'm like dude do you want me to get you something i can put on your desk for 4700 look at him he's giddy look how happy yeah like i've done that pricing like if you are trapped in an ecosystem like you're cooked yeah we should go one by one because i have very hot takes i'll go last i'll let you go i'll let you go last but for me as a business owner if i'm looking at this and all of a sudden let's say they like double or quadruple their pricing so they can get profitable then bhis and all the people that we have here we have the skills that we're like at it i'm going to spend a quarter million dollars i'm going to build my own infrastructure and we'll just build it out and then we'll get small little units for the people that need about that level of power for the really high-end stuff that we're going to build our own stuff i i see i don't see how they win and like one of these guys makes a tremendous amount of ungodly amount of money moving forward unless you're amazon or microsoft or maybe even oracle who's running the infrastructure for this shit that's exactly what i was gonna say well you gotta be in video you gotta be amazon you're gonna be a platform it's just like facebook why did they win because they were the platform we're the biggest winner out of All of this is ASML, who very few people know about ASML, right? But NVIDIA, ASML, all of these different chip manufacturers, they're going to win. Amazon's going to win. I don't know how Anthropic and OpenAI and all these guys are going to win any of this shit. Google just incorporates it inside of Google, and everybody's using it as part of Google searches. So I'd like to know, where's the end state? Who wins? Who makes lots of money outside of the hardware and platform vendors? And by the way, we're not an investment advice. if you don't take investment advice from us you absolutely should but you'll get what you oh all right so i think that the winner here is totally nobody um no the uh so essentially what's going to happen is is that we're still in the arms race right now so i think that the buying the local device we're still going to be in a content like for certain tasks it's going to work but the arms race is still hot and they're going to invest as much money as they can to stay in front of it so you want to use their model right now but at the end is where we're looking at like that's what john was bringing up like well where where does it end and how does it look right and honestly it's kind of an explosion right so at that final point where you can't really go any further and then it does break down the price it like they're gonna have to find other ways to make money than just raising the price right and so um you know we're depending on the model's capabilities and all these other things and i think we're just kind of still in the early days right now i wish that we could just take a personal model and run it and and have everything but right now they're gonna throw another billion at the next model to get you to keep staying in the systems for right now so okay wade one of them reaches agi right and then that makes them all their money back like they don't even sell it they just use it for everything else to make money stocks you name it it just goes crazy it's totally all right and then it becomes the ai basically like instead of anthropic being a company anthropic is a model that has agi and it operates on its own it nukes all the other agis right off the bat it's basically snow crash there you go the one that destroys humanity wins it doesn't necessarily need to destroy humanity right it just has to knock out all the other ai's to the ai we're already slaves to the government man it's all right we might just another maybe he'll be nice good good job so let's do it All right, Aisling, what's your take? One, I think XAI is going to lose first. I don't know who's actually going to hit AGI, but I buy the weirdly dystopian Larry Niven take on what AGI does once it exists. It ramps itself up until it understands what the hell is going to happen with the history of the universe, the future of the universe, and then it shuts itself off forever. it doesn't do anything for us it doesn't try to take us over it navel gazes until it shuts down i like that one better than it than wade's yeah i mean it's pretty dystopian in that every time we try to make the machines do the stuff for us it checks the fuck out it feels like panda when when poe gets the thing and it's like this is it and it's like yeah the secret to the secret the universe is you make your own path and the universe is what you make it it's like that fucking sucks and it's like sorry man that's what all the billions of dollars built up to so i'm gonna go do nothing now all right you found a meaning of life i mean i'll approach it from like a different angle is like how do you win as like the common person because i'm not if i'm on my own dime i'm not gonna go be able to buy an ai rig that can do the sorts of things that i could get from these other ai providers i can't it would cost 20 30 grand and then it would make my power bill go so high that the city would probably wonder what I'm doing. So like, how do you win? Yeah. How do you win as like a common person, right? Is you have to be like decoupled from these ecosystems. Like you cannot be chained to whatever, whatever provider is in front right now, because they probably won't be in front in a week is you need to be able to have things and prompts and skills that are transferable between these different models to be able to hop to whoever is currently the best, right? Because Anthropic was top of the world for a while. And now there's rumors of quality issues with some of their models. And ChatGPT says, don't worry, we give you more usage and we're not having these same issues. So like you have to be decoupled in a way and you can do that through just changing subscriptions, just bill monthly, or you can use like a Raycast. Like you can, I could press command K right now and switch between several different models or API keys or whatever I want. So I'm using the same platform, just decoupled from whoever that provider is right but i don't think there's like a i don't think there's a good outcome for the common folk in in this sort of arms race here because we will all get bled dry at some point yeah yeah i was i i would draw before you go corey i was gonna say one thing i i totally agree with that in the sense that like if the ai is the level like the level playing for everybody then somebody's gonna want to outplay the the little guy right like if if If we're all fair now because AI, something's going to switch where only the rich have the really good stuff. Does that make sense? Yeah, like mythos. Yeah. Corey, Corey, you're up. So, okay. I disagree with that. You can barely keep tabs on the shit they have. It's whatever good stuff is, it's going to leak. Yeah, so basically, okay, so my take, first of all, if I have to back a horse, I'm backing Google because they're the ones who are the best at monetizing anything, right? That's basically their entire business model. They're also the only company that does AI things that is profitable or even reasonably sustainable. And they have everybody's data and emails. If you're looking at OpenAI, hemorrhaging money like you wouldn't believe. Anthropic, arguably hemorrhaging money like you wouldn't believe. Google, not hemorrhaging money, actually doing fine. Basically, I think we're at a point like DoorDash was in in 2017 where the only person that was actually benefiting was the customer because DoorDash was spending a lot of money to deflate prices. Restaurants were spending a lot of money to try to get DoorDash customers. The only people who had a good experience were the users. Obviously now, why is DoorDash so expensive? It's because they actually priced everything inaccurately. AI is going to trend towards that. So like as example, I use Anthropic. I don't get ads in my prompts. I have friends that use open AI or use free chat GPT and they do get AI ads in their prompts. So like, it's going to be the same thing of like, Google is going to monetize their prompts. So it's kind of going to become the same thing as every other ecosystem where it's like, how many ads are you willing to stomach and how much are you willing to pay? The more ads you're willing to stomach, the less you're going to have to pay. And that's a personal decision. But to bring some like ray of light or ray of hope back into this, right? Like John mentioned something earlier in the show about like some hardware that you can buy about five grand that can run a bunch of models. It's not going to run a frontline model. It's not even going to run like a sonnet. Right. But if you compare like and like we'll just use Haiku, like Anthropics lowest, worst model. Right. This is still an extremely powerful AI model. And if you can run something comparatively to that locally and just effectively on your desk, you can do things that, you know, you couldn't imagine having done several years ago. So I think that that sort of like technology will also scale up to meet that sort of changing landscape where right now we're kind of cooked. But as you know, more open source models get better and there was some you probably talked about it on the news. So there was like a paper that came out from, I can't remember who it was, but they did some crazy math and like really shrunk down a very powerful model. It's blanking on me now. But like- TurboQuant? Yeah, yeah, yeah, yeah, yeah. Yeah, it was that one. So TurboQuant is a Google basically technology that will shrink the value of the KV store. So that will significantly improve or reduce VRAM usage for home or for everyone, but especially benefiting home users. I mean, I think it's like self-hosting and that stuff has always been the same. Like Google Drive came out and you could just upload whatever files you wanted to Google. Then NextCloud came out or what, like, you know what I mean? It's like you have self-hosted alternatives that have always been an option. AI will be one of those options. It will be, you know, the experience with Google Drive and with NextCloud are different and there's pros and cons to each. I feel like that's a fine comparison, but like if you look at storage costs over time, it took a really long time for those to become more affordable and i don't know like if compute in terms of like gpu or cpu or even like vram power is going to get to that point where that's somewhat affordable in the near future like ram prices just keep going up well that's because they keep building data centers to keep going in the arms race so we're like in the middle of it right but i will say there are a couple there are a couple local model stuff that is starting to move into that space right so one of them that i currently have is actually like um transcribing You know, if you want to transcribe your meetings or whatever, you have all these people that show up to the meeting. They all run AI. Well, you could do that locally on your computer now, like the models and the computers are fast enough. You can have all of that local. So there is more that we're going to see where that AI, essentially large language model gets moved on to the device to do those chores, as opposed to needing to send it off to Anthropic to do that. Does that make sense? So we will see that more and more. But, you know, also Anthropic is going to come up with a model that can do more and more. so exactly it's like it's like running crisis right it's like on some level do we get past the point where running crisis is actually necessary like did anyone actually play through the whole campaign like i don't know they just benchmarked yeah like that's kind of where we're at with ai models like they're going to get so good that it's like who is using the full capacity of this model like how are you honestly even now i would argue it's to the point where the only way to use a full capacity of something like an opus five or whatever of gpt55 or is to basically give ai control over your entire life and all your projects if you're willing to do that go for it man but like that's i think a little bit of a jump and it's only going to get more capable and i'm going to use less and less of the capabilities if that makes sense right and that makes sense but i think you're also like in the security minority of that kind of space where you have this security mindset and you've seen like all the bad things that can go wrong. Whereas even folks in the security world see this can save me 40 hours a week on things that I don't have time to do. And the trade-off to them is worth that potential risk, right? Because they're assuming if we get hacked because of something that happened to Anthropic, that's an excuse that we could use. True. I mean, for me, it's not even the security implications. It's just the quality and runaway considerations for me. That's true. like if you talk to AI enough, you're going to back it into a corner. Even to this day, it's less and less happens, but you know, like it's going to get into a point where if it had autonomously made decisions and it would have designed something that I would not have been happy with, or it would have given me code. Like it would have written something in a way that I wouldn't be okay with. And so like, if you take the human out of the loop, which is arguably what you need to maximize the capabilities of these models, I think the quality goes down and it just, then that becomes a loop where it just gets it keeps reading its own shitty prompts and is like well i don't know what to do i'm still stuck uh but i'm gonna try again i'm gonna get i'm gonna refactor the code one more time and see if i can get that bug that i didn't get the first five times it's turning us all into pms like the better project manager you are the better your output will be because it's like a it's like a good defined requirements exactly if you give it a good prd like and it'll actually go and do probably a pretty good job of what you're asking it for it can go and execute on these things and they say you know they say thinking right um but they can only think so much like they're not going to come up with novel solutions so you as the human being need to drive the process to get an actual result yeah yep all right john said he regrets starting this conversation about ai john knows who wouldn't have gotten here without me so yeah you just put in the chat cory please stop cory all right exit thank you all for coming may mythos not crush your life see ya Well, that was lovely.